From 731b1152822c3a6ad217a66b9dd91d002b5d4d1c Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Tue, 6 Jun 2023 11:21:59 +0200
Subject: [PATCH 001/148] abac cleaned, squashed

---
 .../vedit/controller/BaseEditController.java  |  66 +-
 .../vedit/controller/OperationController.java |  48 +-
 .../vitro/webapp/auth/RootUserSetup.java      | 203 +++++
 .../auth/attributes/AbstractAttribute.java    |  70 ++
 .../auth/attributes/AccessObjectType.java     |  14 +
 .../auth/attributes/AccessOperation.java      |  12 +
 .../webapp/auth/attributes/Attribute.java     |  24 +
 .../auth/attributes/AttributeFactory.java     |  69 ++
 .../auth/attributes/AttributeGroup.java       |   6 +
 .../webapp/auth/attributes/AttributeType.java |  14 +
 .../auth/attributes/AttributeValueTester.java | 105 +++
 .../attributes/DataPropertyUriAttribute.java  |  39 +
 .../ObjectPropertyUriAttribute.java           |  39 +
 .../auth/attributes/ObjectTypeAttribute.java  |  33 +
 .../auth/attributes/ObjectUriAttribute.java   |  34 +
 .../auth/attributes/OperationAttribute.java   |  33 +
 .../auth/attributes/OperationGroup.java       |   7 +
 .../auth/attributes/ProximityChecker.java     |  63 ++
 .../auth/attributes/QueryResultsMapCache.java |  45 ++
 .../StatementObjectUriAttribute.java          |  34 +
 .../StatementPredicateUriAttribute.java       |  34 +
 .../StatementSubjectUriAttribute.java         |  34 +
 .../auth/attributes/SubjectRoleAttribute.java |  34 +
 .../auth/attributes/SubjectTypeAttribute.java |  35 +
 .../webapp/auth/attributes/TestType.java      |  10 +
 .../ActiveIdentifierBundleFactories.java      |  98 +--
 .../auth/identifier/common/HasPermission.java |  72 --
 ...a => IdentifierPermissionSetProvider.java} |  20 +-
 .../auth/identifier/common/IsBlacklisted.java | 147 +---
 .../factory/BaseIdentifierBundleFactory.java  |  11 +-
 .../BaseUserBasedIdentifierBundleFactory.java |   5 -
 .../factory/HasPermissionFactory.java         |  90 ---
 .../factory/HasPermissionSetFactory.java      |  16 +-
 .../HasProfileOrIsBlacklistedFactory.java     |   8 +-
 .../factory/HasProxyEditingRightsFactory.java |   6 -
 .../identifier/factory/IsRootUserFactory.java |   6 -
 .../identifier/factory/IsUserFactory.java     |   6 -
 .../webapp/auth/objects/AccessObject.java     | 109 +++
 .../webapp/auth/objects/AccessObjectImpl.java |  62 ++
 .../auth/objects/AccessObjectStatement.java   |  56 ++
 .../objects/DataPropertyAccessObject.java     |  16 +
 .../DataPropertyStatementAccessObject.java    |  41 ++
 .../objects/ObjectPropertyAccessObject.java   |  16 +
 .../ObjectPropertyStatementAccessObject.java  |  32 +
 .../webapp/auth/objects/RootAccessObject.java |  16 +
 .../auth/permissions/BrokenPermission.java    |  26 -
 .../permissions/DisplayByRolePermission.java  | 127 ----
 .../permissions/EditByRolePermission.java     | 105 ---
 .../webapp/auth/permissions/Permission.java   |  76 --
 .../auth/permissions/PermissionRegistry.java  | 216 ------
 .../permissions/PermissionSetsSmokeTest.java  |  16 -
 .../permissions/PublishByRolePermission.java  | 125 ----
 .../auth/permissions/SimplePermission.java    | 221 ++----
 .../auth/policy/BaseSelfEditingPolicy.java    |  61 --
 .../auth/policy/BasicPolicyDecision.java      |  20 +-
 .../auth/policy/CompositPolicyDecision.java   |  23 -
 .../DisplayRestrictedDataToSelfPolicy.java    | 179 -----
 .../webapp/auth/policy/DynamicPolicy.java     |  80 ++
 .../auth/policy/EntityPolicyController.java   |  79 ++
 .../webapp/auth/policy/PermissionsPolicy.java |  56 --
 .../vitro/webapp/auth/policy/Policies.java    |  18 +
 .../auth/policy/PolicyDecisionLogger.java     |  14 +-
 .../auth/policy/PolicyDecisionPoint.java      |  43 ++
 .../webapp/auth/policy/PolicyHelper.java      | 160 ++--
 .../vitro/webapp/auth/policy/PolicyList.java  |  66 --
 .../webapp/auth/policy/PolicyLoader.java      | 641 ++++++++++++++++
 .../vitro/webapp/auth/policy/PolicyStore.java |  91 +++
 .../webapp/auth/policy/RequestPolicyList.java |  71 --
 .../RestrictHomeMenuItemEditingPolicy.java    |  70 --
 .../webapp/auth/policy/RootUserPolicy.java    | 233 ------
 .../webapp/auth/policy/SelfEditingPolicy.java | 161 ----
 .../webapp/auth/policy/ServletPolicyList.java | 122 ---
 .../policy/bean/PropertyRestrictionBean.java  | 207 ------
 .../bean/PropertyRestrictionBeanImpl.java     | 247 -------
 .../bean/PropertyRestrictionLevels.java       |  68 --
 .../bean/PropertyRestrictionListener.java     |  35 +-
 .../policy/bean/RoleRestrictedProperty.java   |  23 -
 ...Authorization.java => DecisionResult.java} |   2 +-
 .../ifaces/{PolicyIface.java => Policy.java}  |  14 +-
 .../auth/policy/ifaces/PolicyDecision.java    |   2 +-
 .../policy/setup/CommonPolicyFamilySetup.java |  31 +-
 .../AbstractRelationshipPolicy.java           |  63 --
 .../RelationshipChecker.java                  | 205 ------
 .../AllowedAuthorizationRequest.java          |  30 +
 .../auth/requestedAction/AuthHelper.java      |  61 ++
 .../requestedAction/AuthorizationRequest.java | 172 ++---
 .../ForbiddenAuthorizationRequest.java        |  36 +
 .../auth/requestedAction/RequestedAction.java |  41 --
 .../SimpleAuthorizationRequest.java           |  47 ++
 .../SimpleRequestedAction.java                |  48 --
 .../requestedAction/admin/AddNewUser.java     |  11 -
 .../requestedAction/admin/LoadOntology.java   |  19 -
 .../admin/RebuildTextIndex.java               |  10 -
 .../requestedAction/admin/RemoveUser.java     |  19 -
 .../requestedAction/admin/ServerStatus.java   |  11 -
 .../admin/UpdateTextIndex.java                |  10 -
 .../requestedAction/admin/UploadFile.java     |  18 -
 .../display/DisplayDataProperty.java          |  24 -
 .../display/DisplayDataPropertyStatement.java |  29 -
 .../display/DisplayObjectProperty.java        |  25 -
 .../DisplayObjectPropertyStatement.java       |  39 -
 .../ifaces/AdminRequestedAction.java          |   8 -
 .../ifaces/OntoRequestedAction.java           |   8 -
 .../ifaces/RequiresActions.java               |  36 -
 .../ifaces/SingleParameterAction.java         |  25 -
 .../ontology/CreateOwlClass.java              |  11 -
 .../ontology/DefineDataProperty.java          |  11 -
 .../ontology/DefineObjectProperty.java        |  11 -
 .../ontology/RemoveOwlClass.java              |  11 -
 .../AbstractDataPropertyStatementAction.java  |  72 --
 ...AbstractObjectPropertyStatementAction.java |  55 --
 .../AbstractPropertyStatementAction.java      |  34 -
 .../propstmt/AddDataPropertyStatement.java    |  24 -
 .../propstmt/AddObjectPropertyStatement.java  |  19 -
 .../propstmt/DropDataPropertyStatement.java   |  25 -
 .../propstmt/DropObjectPropertyStatement.java |  19 -
 .../propstmt/EditDataPropertyStatement.java   |  23 -
 .../propstmt/EditObjectPropertyStatement.java |  18 -
 .../publish/PublishDataProperty.java          |  24 -
 .../publish/PublishDataPropertyStatement.java |  26 -
 .../publish/PublishObjectProperty.java        |  24 -
 .../PublishObjectPropertyStatement.java       |  40 -
 .../resource/AbstractResourceAction.java      |  33 -
 .../requestedAction/resource/AddResource.java |  11 -
 .../resource/DropResource.java                |  11 -
 .../usepages/ManageRootAccount.java           |  12 -
 .../usepages/UsePagesRequestedAction.java     |   8 -
 .../vitro/webapp/auth/rules/AccessRule.java   | 156 ++++
 .../webapp/auth/rules/AccessRuleFactory.java  |  30 +
 .../webapp/auth/rules/AccessRuleStore.java    | 694 ++++++++++++++++++
 .../webapp/auth/rules/SimpleAccessRule.java   |  10 +
 .../vitro/webapp/beans/BaseResourceBean.java  | 139 ----
 .../vitro/webapp/beans/DataProperty.java      |   4 +-
 .../vitro/webapp/beans/FauxProperty.java      |   5 +-
 .../vitro/webapp/beans/ObjectProperty.java    |   7 +-
 .../vitro/webapp/beans/ResourceBean.java      |  20 -
 .../beans/SelfEditingConfiguration.java       |  34 +-
 .../config/ConfigurationProperties.java       | 100 +--
 .../config/ConfigurationPropertiesSetup.java  |   2 +-
 .../IndividualListRdfController.java          |  11 +-
 .../controller/SparqlQueryBuilderServlet.java |   2 +-
 .../webapp/controller/VitroHttpServlet.java   |   5 +-
 .../accounts/admin/UserAccountsDeleter.java   |   5 +-
 .../accounts/admin/UserAccountsEditPage.java  |   5 +-
 .../accounts/admin/UserAccountsListPage.java  |   5 +-
 .../ajax/ManageProxiesAjaxController.java     |   6 +-
 .../user/UserAccountsUserController.java      |   5 +-
 .../controller/admin/ShowAuthController.java  |  28 +-
 .../admin/ShowSourcesController.java          |   3 +-
 .../controller/ajax/VitroAjaxController.java  |   4 +-
 .../controller/api/VitroApiServlet.java       |   2 +-
 .../authenticate/AdminLoginController.java    |   3 +-
 .../authenticate/Authenticator.java           |   6 +-
 .../authenticate/BasicAuthenticator.java      |  34 +-
 .../authenticate/LoginRedirector.java         |  18 +-
 .../authenticate/RestrictedAuthenticator.java |   7 +-
 .../dumprestore/DumpRestoreController.java    |   4 +-
 .../edit/DatapropEditController.java          |  29 +-
 .../edit/DatapropRetryController.java         |  21 +-
 .../controller/edit/EntityEditController.java |  13 -
 .../edit/EntityRetryController.java           |   5 -
 .../edit/FauxPropertyRetryController.java     |  19 +-
 .../edit/NamespacePrefixRetryController.java  |   2 +-
 .../edit/PropertyEditController.java          |  46 +-
 .../edit/PropertyRetryController.java         |   8 +-
 .../controller/edit/VclassEditController.java |  32 +-
 .../edit/VclassRetryController.java           |   8 +-
 .../edit/utils/RoleLevelOptionsSetup.java     | 100 ---
 .../freemarker/FileUploadController.java      |  21 +-
 .../freemarker/FreemarkerHttpServlet.java     |  10 +-
 .../freemarker/ImageUploadController.java     |  28 +-
 .../ListVClassWebappsController.java          |   1 -
 .../controller/freemarker/PageController.java |  44 +-
 .../NotAuthorizedResponseValues.java          |   7 +-
 .../individual/IndividualRdfAssembler.java    |  21 +-
 .../controller/jena/JenaExportController.java |   7 +-
 .../webapp/controller/json/JsonServlet.java   |  60 +-
 .../mannlib/vitro/webapp/dao/PageDao.java     |   2 +-
 .../mannlib/vitro/webapp/dao/PropertyDao.java |   5 -
 .../vitro/webapp/dao/VitroVocabulary.java     |  14 +-
 .../filtering/DataPropertyDaoFiltering.java   |   2 +-
 .../dao/filtering/DataPropertyFiltering.java  |  46 --
 .../dao/filtering/IndividualFiltering.java    |  65 +-
 .../filtering/ObjectPropertyFiltering.java    |  45 --
 .../filters/FilterByDisplayPermission.java    | 100 +++
 .../filters/FilterByRoleLevelPermission.java  | 149 ----
 .../HideFromDisplayByPolicyFilter.java        |  50 +-
 .../filtering/filters/VitroFilterUtils.java   |   3 +-
 .../webapp/dao/jena/DataPropertyDaoJena.java  |  90 ---
 .../webapp/dao/jena/FauxPropertyDaoJena.java  |  28 -
 .../vitro/webapp/dao/jena/JenaBaseDao.java    |  15 -
 .../vitro/webapp/dao/jena/JenaBaseDaoCon.java |   4 -
 .../vitro/webapp/dao/jena/JenaModelUtils.java |   6 -
 .../dao/jena/ObjectPropertyDaoJena.java       |  97 +--
 .../vitro/webapp/dao/jena/PageDaoJena.java    |   8 +-
 .../vitro/webapp/dao/jena/VClassDaoJena.java  |  39 -
 .../vitro/webapp/dao/jena/VClassJena.java     | 112 +--
 .../ManageLabelsForIndividualGenerator.java   |  19 +-
 .../EditRequestDispatchController.java        |  56 +-
 .../webapp/migration/auth/AuthMigrator.java   | 269 +++++++
 .../vitro/webapp/modelaccess/ModelAccess.java |  34 +-
 .../impl/ContextModelAccessImpl.java          |   7 +-
 .../impl/RequestModelAccessImpl.java          |   5 +-
 .../search/controller/IndexController.java    |   3 +-
 .../web/jsptags/ConfirmAuthorization.java     |  16 +-
 .../BaseIndividualTemplateModel.java          |  19 +-
 .../DataPropertyStatementTemplateModel.java   |  50 +-
 .../individual/DataPropertyTemplateModel.java |  28 +-
 .../individual/FauxDataPropertyWrapper.java   |   5 +
 .../individual/FauxObjectPropertyWrapper.java |  50 +-
 .../individual/FauxPropertyWrapper.java       |   2 +
 .../NameStatementTemplateModel.java           |   9 +-
 .../ObjectPropertyStatementTemplateModel.java |  22 +-
 .../ObjectPropertyTemplateModel.java          |  21 +-
 .../PropertyGroupTemplateModel.java           |  53 +-
 .../individual/PropertyTemplateModel.java     |  15 +-
 ...UncollatedObjectPropertyTemplateModel.java |   7 +-
 .../factory/HasPermissionFactoryTest.java     | 277 -------
 .../factory/IsRootUserFactoryTest.java        |   2 +-
 .../identifier/factory/IsUserFactoryTest.java |   2 +-
 .../webapp/auth/policy/BasicPolicyTest.java   |  82 +++
 .../policy/EntityPolicyControllerTest.java    |  40 +
 .../webapp/auth/policy/EntityPolicyTests.java | 112 +++
 .../HomeMenuItemsRestrictionPolicyTest.java   |  40 +
 .../NonModifiableStatementsPolicyTest.java    |  73 ++
 ...PolicyHelper_AuthorizationRequestTest.java | 130 ++--
 .../auth/policy/PolicyHelper_ModelsTest.java  |  33 +-
 .../policy/PolicyHelper_StatementsTest.java   |  49 +-
 .../webapp/auth/policy/PolicyStoreTest.java   |  66 ++
 .../vitro/webapp/auth/policy/PolicyTest.java  | 144 ++++
 .../webapp/auth/policy/ProximityTest.java     |  52 ++
 .../auth/policy/RootUserPolicyTest.java       |  21 +
 .../auth/policy/SelfEditingPolicyTest.java    | 393 ----------
 .../auth/policy/SelfEditingPolicy_2_Test.java | 297 --------
 .../policy/SimplePermissionPolicyTest.java    | 123 ++++
 .../bean/PropertyRestrictionBeanImplTest.java | 511 -------------
 .../AuthorizationRequestTest.java             |  45 +-
 .../auth/rules/AccessRuleStoreTest.java       | 104 +++
 .../controller/edit/AuthenticateTest.java     |  22 +-
 .../IndividualRdfAssemblerTest.java           |  55 +-
 .../IndividualFilteringByStatementTest.java   |   2 +-
 .../dao/jena/DataPropertyDaoJenaTest.java     |   3 -
 .../dao/jena/ObjectPropertyDaoJenaTest.java   |   3 -
 .../vitro/webapp/dao/jena/VClassDaoTest.java  |   3 -
 .../vitro/webapp/dao/jena/VClassJenaTest.java |  87 +--
 .../bean/PropertyRestrictionBeanStub.java     | 122 ---
 .../vitro/webapp/beans/IndividualStub.java    |  55 --
 .../config/ConfigurationPropertiesStub.java   |   2 +-
 .../modelaccess/ModelAccessFactoryStub.java   |   2 +
 .../webapp/auth/rules/proximity_test_data.n3  |   4 +
 .../auth/rules/proximity_test_policy.n3       |  30 +
 .../webapp/auth/rules/test_policy_broken1.n3  |  29 +
 .../webapp/auth/rules/test_policy_broken2.n3  |  29 +
 .../webapp/auth/rules/test_policy_broken3.n3  |  30 +
 .../webapp/auth/rules/test_policy_broken4.n3  |  30 +
 .../webapp/auth/rules/test_policy_broken5.n3  |  42 ++
 .../auth/rules/test_policy_broken_set.n3      |  52 ++
 .../webapp/auth/rules/test_policy_key.n3      |  29 +
 .../webapp/auth/rules/test_policy_valid.n3    |  24 +
 .../auth/rules/test_policy_valid_set.n3       |  60 ++
 .../rdf/auth/everytime/attribute_types.n3     |  54 ++
 .../rdf/auth/everytime/attributes.n3          | 119 +++
 .../resources/rdf/auth/everytime/decisions.n3 |  15 +
 .../rdf/auth/everytime/object_types.n3        |  30 +
 .../resources/rdf/auth/everytime/ontology.n3  | 138 ++++
 .../rdf/auth/everytime/operation_groups.n3    |  18 +
 .../rdf/auth/everytime/operations.n3          |  31 +
 .../rdf/auth/everytime/permission_config.n3   | 144 +---
 .../everytime/policy_admin_display_class.n3   |  41 ++
 .../policy_admin_display_data_property.n3     |  53 ++
 .../policy_admin_display_object_property.n3   |  53 ++
 .../everytime/policy_admin_publish_class.n3   |  41 ++
 .../policy_admin_publish_data_property.n3     |  53 ++
 .../policy_admin_publish_object_property.n3   |  53 ++
 .../policy_admin_simple_permissions.n3        |  37 +
 .../everytime/policy_admin_update_class.n3    |  41 ++
 .../policy_admin_update_data_property.n3      |  53 ++
 .../policy_admin_update_object_property.n3    |  53 ++
 .../everytime/policy_curator_display_class.n3 |  41 ++
 .../policy_curator_display_data_property.n3   |  53 ++
 .../policy_curator_display_object_property.n3 |  53 ++
 .../everytime/policy_curator_publish_class.n3 |  41 ++
 .../policy_curator_publish_data_property.n3   |  53 ++
 .../policy_curator_publish_object_property.n3 |  53 ++
 .../policy_curator_simple_permissions.n3      |  37 +
 .../everytime/policy_curator_update_class.n3  |  41 ++
 .../policy_curator_update_data_property.n3    |  53 ++
 .../policy_curator_update_object_property.n3  |  53 ++
 .../everytime/policy_editor_display_class.n3  |  41 ++
 .../policy_editor_display_data_property.n3    |  53 ++
 .../policy_editor_display_object_property.n3  |  53 ++
 .../everytime/policy_editor_publish_class.n3  |  41 ++
 .../policy_editor_publish_data_property.n3    |  53 ++
 .../policy_editor_publish_object_property.n3  |  53 ++
 .../policy_editor_simple_permissions.n3       |  37 +
 .../everytime/policy_editor_update_class.n3   |  41 ++
 .../policy_editor_update_data_property.n3     |  53 ++
 .../policy_editor_update_object_property.n3   |  53 ++
 .../everytime/policy_menu_items_editing.n3    |  41 ++
 .../policy_not_modifiable_statements.n3       | 104 +++
 .../everytime/policy_public_display_class.n3  |  41 ++
 .../policy_public_display_data_property.n3    |  53 ++
 .../policy_public_display_object_property.n3  |  53 ++
 .../policy_public_simple_permissions.n3       |  37 +
 .../everytime/policy_public_update_class.n3   |  41 ++
 .../policy_public_update_data_property.n3     |  53 ++
 .../policy_public_update_object_property.n3   |  53 ++
 .../rdf/auth/everytime/policy_root_user.n3    |  20 +
 .../policy_self_editor_display_class.n3       |  41 ++
 ...olicy_self_editor_display_data_property.n3 |  53 ++
 ...icy_self_editor_display_object_property.n3 |  53 ++
 .../policy_self_editor_publish_class.n3       |  41 ++
 ...olicy_self_editor_publish_data_property.n3 |  53 ++
 ...icy_self_editor_publish_object_property.n3 |  53 ++
 .../policy_self_editor_simple_permissions.n3  |  37 +
 .../policy_self_editor_update_class.n3        |  41 ++
 ...policy_self_editor_update_data_property.n3 |  53 ++
 ...licy_self_editor_update_object_property.n3 |  53 ++
 .../rdf/auth/everytime/subject_types.n3       |  12 +
 .../rdf/auth/everytime/test_types.n3          |  27 +
 .../rdf/auth/everytime/test_values.n3         |  78 ++
 ...policy_admin_simple_permissions_dataset.n3 |  60 ++
 ...licy_curator_simple_permissions_dataset.n3 |  39 +
 ...olicy_editor_simple_permissions_dataset.n3 |  33 +
 ...olicy_not_modifiable_statements_dataset.n3 |  27 +
 ...olicy_public_simple_permissions_dataset.n3 |  16 +
 ..._self_editor_simple_permissions_dataset.n3 |  25 +
 .../WEB-INF/resources/startup_listeners.txt   |  10 +-
 .../edit/specific/dataprop_retry.jsp          |  66 +-
 .../edit/specific/fauxProperty_retry.jsp      |  65 +-
 .../edit/specific/property_retry.jsp          |  66 +-
 .../templates/edit/specific/vclass_retry.jsp  |  68 +-
 .../freemarker/lib/lib-properties.ftl         |   3 -
 333 files changed, 9392 insertions(+), 8061 deletions(-)
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/RootUserSetup.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeGroup.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/DataPropertyUriAttribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectPropertyUriAttribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectUriAttribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationGroup.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/HasPermission.java
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/{HasPermissionSet.java => IdentifierPermissionSetProvider.java} (69%)
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionFactory.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/RootAccessObject.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/BrokenPermission.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/DisplayByRolePermission.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/Permission.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/PublishByRolePermission.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/CompositPolicyDecision.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataToSelfPolicy.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PermissionsPolicy.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyList.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RequestPolicyList.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RestrictHomeMenuItemEditingPolicy.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ServletPolicyList.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBean.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBeanImpl.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionLevels.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/RoleRestrictedProperty.java
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/{Authorization.java => DecisionResult.java} (89%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/{PolicyIface.java => Policy.java} (55%)
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/RelationshipChecker.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AllowedAuthorizationRequest.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthHelper.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ForbiddenAuthorizationRequest.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/RequestedAction.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleRequestedAction.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/AddNewUser.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/LoadOntology.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/RebuildTextIndex.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/RemoveUser.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/ServerStatus.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/UpdateTextIndex.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/UploadFile.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayDataProperty.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayDataPropertyStatement.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectProperty.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectPropertyStatement.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/AdminRequestedAction.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/OntoRequestedAction.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequiresActions.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/SingleParameterAction.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/CreateOwlClass.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/DefineDataProperty.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/DefineObjectProperty.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/RemoveOwlClass.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishDataProperty.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishDataPropertyStatement.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishObjectProperty.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishObjectPropertyStatement.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/resource/AbstractResourceAction.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/resource/AddResource.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/resource/DropResource.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/ManageRootAccount.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UsePagesRequestedAction.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStore.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/SimpleAccessRule.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/utils/RoleLevelOptionsSetup.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/FilterByDisplayPermission.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/FilterByRoleLevelPermission.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
 delete mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionFactoryTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStoreTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
 delete mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java
 delete mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
 delete mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBeanImplTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStoreTest.java
 delete mode 100644 api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBeanStub.java
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_data.n3
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/attribute_types.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/attributes.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/decisions.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/object_types.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/ontology.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/operation_groups.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/operations.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_display_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_display_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_display_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_publish_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_publish_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_publish_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_simple_permissions.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_update_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_update_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_display_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_display_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_display_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_publish_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_publish_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_publish_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_simple_permissions.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_update_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_update_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_update_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_display_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_display_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_display_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_publish_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_publish_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_publish_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_simple_permissions.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_update_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_update_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_update_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_menu_items_editing.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_not_modifiable_statements.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_public_display_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_public_display_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_public_display_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_public_simple_permissions.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_public_update_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_public_update_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_public_update_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_root_user.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_simple_permissions.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_class.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/subject_types.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/test_types.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/test_values.n3
 create mode 100644 home/src/main/resources/rdf/auth/firsttime/policy_admin_simple_permissions_dataset.n3
 create mode 100644 home/src/main/resources/rdf/auth/firsttime/policy_curator_simple_permissions_dataset.n3
 create mode 100644 home/src/main/resources/rdf/auth/firsttime/policy_editor_simple_permissions_dataset.n3
 create mode 100644 home/src/main/resources/rdf/auth/firsttime/policy_not_modifiable_statements_dataset.n3
 create mode 100644 home/src/main/resources/rdf/auth/firsttime/policy_public_simple_permissions_dataset.n3
 create mode 100644 home/src/main/resources/rdf/auth/firsttime/policy_self_editor_simple_permissions_dataset.n3

diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
index 65ecd722dc..e0164ca6de 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
@@ -9,19 +9,21 @@
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Calendar;
-import java.util.Collections;
 import java.util.Comparator;
 import java.util.Enumeration;
 import java.util.HashMap;
-import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
-import java.util.ListIterator;
 import java.util.Map;
 import java.util.Random;
 
 import javax.servlet.http.HttpServletRequest;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
+import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -190,7 +192,7 @@ public int compare(String str1, String str2) {
    }
 
     protected WebappDaoFactory getWebappDaoFactory() {
-    	return ModelAccess.on(getServletContext()).getWebappDaoFactory(ASSERTIONS_ONLY);
+    	return ModelAccess.getInstance().getWebappDaoFactory(ASSERTIONS_ONLY);
     }
 
     protected WebappDaoFactory getWebappDaoFactory(String userURI) {
@@ -201,4 +203,60 @@ public String getDefaultLandingPage(HttpServletRequest request) {
     	return(request.getContextPath() + DEFAULT_LANDING_PAGE);
     }
 
+    protected static void addAccessAttributes(HttpServletRequest req, String entityURI, AccessObjectType aot) {
+        // Add the permissionsEntityURI (if we are creating a new property, this will be empty)
+        req.setAttribute("_permissionsEntityURI", entityURI);
+
+        // Get the available permission sets
+        List<PermissionSet> permissionSets = buildListOfSelectableRoles(ModelAccess.on(req).getWebappDaoFactory());
+        List<String> roleUris = new ArrayList<>();
+        for (PermissionSet permissionSet : permissionSets) {
+            roleUris.add(permissionSet.getUri());
+        }  
+        req.setAttribute("roles", permissionSets);
+        // If the namespace is empty (e.e. we are creating a new record)
+        for (OperationGroup og : OperationGroup.values()){
+            String groupName = og.toString().toLowerCase().split("_")[0];
+            final String attributeName = groupName + "Roles";
+            if (StringUtils.isEmpty(entityURI)) {
+                // predefined values
+                req.setAttribute(attributeName, roleUris);
+            } else {
+                // Get the permission sets that are granted permission for this entity
+                req.setAttribute(attributeName, EntityPolicyController.getGrantedRoles(entityURI, og, aot, roleUris));
+            }
+        }
+        
+    }
+
+    /**
+     * Create a list of all known PermissionSets.
+     */
+    protected static List<PermissionSet> buildListOfSelectableRoles(WebappDaoFactory wadf) {
+        List<PermissionSet> permissionSets = new ArrayList<>();
+
+        // Get the non-public PermissionSets.
+        for (PermissionSet ps: wadf.getUserAccountsDao().getAllPermissionSets()) {
+            if (!ps.isForPublic()) {
+                permissionSets.add(ps);
+            }
+        }
+
+        // Sort the non-public PermissionSets
+        permissionSets.sort(new Comparator<PermissionSet>() {
+            @Override
+            public int compare(PermissionSet ps1, PermissionSet ps2) {
+                return ps1.getUri().compareTo(ps2.getUri());
+            }
+        });
+
+        // Add the public PermissionSets.
+        for (PermissionSet ps: wadf.getUserAccountsDao().getAllPermissionSets()) {
+            if (ps.isForPublic()) {
+                permissionSets.add(ps);
+            }
+        }
+        
+        return permissionSets;
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
index f925dfe362..674cace588 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
@@ -5,8 +5,11 @@
 import java.io.IOException;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Enumeration;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -15,6 +18,17 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
+import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRuleStore;
+import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
+import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.EnumUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -123,6 +137,39 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
             	return;
             }
 
+            // If contains restrictions
+            if (request.getParameter("_permissions") != null) {
+                // Get the namespace that we are editing
+                String entityUri = request.getParameter("_permissionsEntityURI");
+                if (StringUtils.isEmpty(entityUri)) {
+                    // If we don't have a namespace set, we are creating a new entity so use that namespace
+                    if (!StringUtils.isEmpty(request.getParameter("Namespace")) && !StringUtils.isEmpty(request.getParameter("LocalName"))) {
+                        entityUri = "" + request.getParameter("Namespace") + request.getParameter("LocalName");    
+                    }
+                }
+                String entityType = request.getParameter("_permissionsEntityType");
+                List<PermissionSet> permissionSets = buildListOfSelectableRoles(ModelAccess.on(request).getWebappDaoFactory());
+                List<String> roleUris = new ArrayList<>();
+                for (PermissionSet permissionSet : permissionSets) {
+                    roleUris.add(permissionSet.getUri());
+                }  
+                // Get the granted permissions from the request object
+                for (OperationGroup og : OperationGroup.values()) {
+                    String operationGroupName = og.toString().toLowerCase().split("_")[0];
+                    String[] selectedRoles = request.getParameterValues(operationGroupName + "Roles");
+                    if(StringUtils.isBlank(entityUri)) {
+                        log.error("EntityUri is blank");
+                    } else if (StringUtils.isBlank(entityType) || !EnumUtils.isValidEnum(AccessObjectType.class, entityType)) {
+                        log.error("EntityType is not valid " + entityType);
+                    } else {
+                        if (selectedRoles == null) {
+                            selectedRoles = new String[0];
+                        }
+                        EntityPolicyController.updateEntityPolicy(entityUri, AccessObjectType.valueOf(entityType), og, Arrays.asList(selectedRoles), roleUris);
+                    }
+                }
+            }
+
             /* put request parameters and attributes into epo where the listeners can see */
             epo.setRequestParameterMap(request.getParameterMap());
 
@@ -508,5 +555,4 @@ private boolean performEdit(EditProcessObject epo, Object newObj, String action)
         return SUCCESS;
 
     }
-
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/RootUserSetup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/RootUserSetup.java
new file mode 100644
index 0000000000..05005c8f56
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/RootUserSetup.java
@@ -0,0 +1,203 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth;
+
+import java.util.TreeSet;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
+import edu.cornell.mannlib.vitro.webapp.beans.UserAccount.Status;
+import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
+import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
+import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
+import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
+
+/**
+ *
+ * On setup, check to see that the specified root user exists. If not, create
+ * it. If we can't create it, abort.
+ *
+ * If any other root users exist, warn about them.
+ */
+public class RootUserSetup implements ServletContextListener {
+	private static final Log log = LogFactory.getLog(RootUserSetup.class);
+
+	private static final String PROPERTY_ROOT_USER_EMAIL = "rootUser.emailAddress";
+	/*
+	 * UQAM Add-Feature For parameterization of rootUser
+	 */
+	private static final String PROPERTY_ROOT_USER_PASSWORD = "rootUser.password";
+	private static final String PROPERTY_ROOT_USER_PASSWORD_CHANGE_REQUIRED = "rootUser.passwordChangeRequired";
+
+	private static final String ROOT_USER_INITIAL_PASSWORD = "rootPassword";
+	private static final String ROOT_USER_INITIAL_PASSWORD_CHANGE_REQUIRED = "true";
+
+	// ----------------------------------------------------------------------
+	// Setup class
+	// ----------------------------------------------------------------------
+
+	private ServletContext ctx;
+	private StartupStatus ss;
+	private UserAccountsDao uaDao;
+	private ConfigurationProperties cp;
+	private String configuredRootUser;
+	private boolean configuredRootUserExists;
+	private TreeSet<String> otherRootUsers;
+
+	@Override
+	public void contextInitialized(ServletContextEvent sce) {
+		ctx = sce.getServletContext();
+		ss = StartupStatus.getBean(ctx);
+		cp = ConfigurationProperties.getBean(ctx);
+
+		try {
+			uaDao = ModelAccess.on(ctx).getWebappDaoFactory()
+					.getUserAccountsDao();
+			configuredRootUser = getRootEmailFromConfig();
+
+			otherRootUsers = getEmailsOfAllRootUsers();
+			configuredRootUserExists = otherRootUsers
+					.remove(configuredRootUser);
+
+			if (configuredRootUserExists) {
+				if (otherRootUsers.isEmpty()) {
+					informThatRootUserExists();
+				} else {
+					complainAboutMultipleRootUsers();
+				}
+			} else {
+				createRootUser();
+				if (!otherRootUsers.isEmpty()) {
+					complainAboutWrongRootUsers();
+				}
+			}
+		} catch (Exception e) {
+			ss.fatal(this, "Failed to set up the RootUserPolicy", e);
+		}
+	}
+
+	private String getRootEmailFromConfig() {
+		String email = ConfigurationProperties.getBean(ctx).getProperty(
+				PROPERTY_ROOT_USER_EMAIL);
+		if (email == null) {
+			throw new IllegalStateException(
+					"runtime.properties must contain a value for '"
+							+ PROPERTY_ROOT_USER_EMAIL + "'");
+		} else {
+			return email;
+		}
+	}
+
+	private TreeSet<String> getEmailsOfAllRootUsers() {
+		TreeSet<String> rootUsers = new TreeSet<String>();
+		for (UserAccount ua : uaDao.getAllUserAccounts()) {
+			if (ua.isRootUser()) {
+				rootUsers.add(ua.getEmailAddress());
+			}
+		}
+		return rootUsers;
+	}
+
+	/**
+	 * TODO The first and last name should be left blank, so the user will
+	 * be forced to edit them. However, that's not in place yet.
+	 */
+	private void createRootUser() {
+		if (!Authenticator.isValidEmailAddress(configuredRootUser)) {
+			throw new IllegalStateException("Value for '"
+					+ PROPERTY_ROOT_USER_EMAIL
+					+ "' is not a valid email address: '"
+					+ configuredRootUser + "'");
+		}
+
+		if (null != uaDao.getUserAccountByEmail(configuredRootUser)) {
+			throw new IllegalStateException("Can't create root user - "
+					+ "an account already exists with email address '"
+					+ configuredRootUser + "'");
+		}
+
+		UserAccount ua = new UserAccount();
+		ua.setEmailAddress(configuredRootUser);
+		ua.setFirstName("root");
+		ua.setLastName("user");
+		// UQAM Add-Feature using getRootPasswordFromConfig()
+		ua.setArgon2Password(Authenticator.applyArgon2iEncoding(
+				getRootPasswordFromConfig()));
+		ua.setMd5Password("");
+		// UQAM Add-Feature using getRootPasswdChangeRequiredFromConfig()
+		ua.setPasswordChangeRequired(getRootPasswdChangeRequiredFromConfig().booleanValue());
+		ua.setStatus(Status.ACTIVE);
+		ua.setRootUser(true);
+
+		uaDao.insertUserAccount(ua);
+
+		StartupStatus.getBean(ctx).info(this,
+				"Created root user '" + configuredRootUser + "'");
+	}
+
+	private void informThatRootUserExists() {
+		ss.info(this, "Root user is " + configuredRootUser);
+	}
+
+	private void complainAboutMultipleRootUsers() {
+		for (String other : otherRootUsers) {
+			ss.warning(this, "runtime.properties specifies '"
+					+ configuredRootUser + "' as the value for '"
+					+ PROPERTY_ROOT_USER_EMAIL
+					+ "', but the system also contains this root user: "
+					+ other);
+		}
+		ss.warning(this, "For security, "
+				+ "it is best to delete unneeded root user accounts.");
+	}
+
+	private void complainAboutWrongRootUsers() {
+		for (String other : otherRootUsers) {
+			ss.warning(this, "runtime.properties specifies '"
+					+ configuredRootUser + "' as the value for '"
+					+ PROPERTY_ROOT_USER_EMAIL
+					+ "', but the system contains this root user instead: "
+					+ other);
+		}
+		ss.warning(this, "Creating root user '" + configuredRootUser + "'");
+		ss.warning(this, "For security, "
+				+ "it is best to delete unneeded root user accounts.");
+	}
+	/*
+	 * UQAM Add-Feature
+	 * Add for getting rootUser.password property value from runtime.properties
+	 */
+	private String getRootPasswordFromConfig() {
+		String passwd = ConfigurationProperties.getBean(ctx).getProperty(
+				PROPERTY_ROOT_USER_PASSWORD);
+		if (passwd == null) {
+			passwd = ROOT_USER_INITIAL_PASSWORD;
+		}
+		return passwd;
+	}
+
+	/*
+	 * UQAM Add-Feature
+	 * Add for getting rootUser.passwordChangeRequired  property value  from runtime.properties
+	 */
+	private Boolean getRootPasswdChangeRequiredFromConfig() {
+		String passwdCR = ConfigurationProperties.getBean(ctx).getProperty(
+				PROPERTY_ROOT_USER_PASSWORD_CHANGE_REQUIRED);
+		if (passwdCR == null) {
+			passwdCR = ROOT_USER_INITIAL_PASSWORD_CHANGE_REQUIRED;
+		}
+		return new Boolean(passwdCR);
+	}
+	@Override
+	public void contextDestroyed(ServletContextEvent sce) {
+		// Nothing to destroy
+	}
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
new file mode 100644
index 0000000000..2a4c2be105
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
@@ -0,0 +1,70 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.commons.lang3.builder.EqualsBuilder;
+import org.apache.commons.lang3.builder.HashCodeBuilder;
+
+public abstract class AbstractAttribute implements Attribute {
+    
+    private Set<String> values = new HashSet<>();
+    private String uri;
+    private TestType testType = TestType.EQUALS;
+
+    public AbstractAttribute(String uri, String value) {
+        super();
+        this.uri = uri;
+        values.add(value);
+    }
+    
+    public String getUri() {
+        return uri;
+    }
+
+    public void setUri(String uri) {
+        this.uri = uri;
+    }
+    
+    public TestType getTestType() {
+        return testType;
+    }
+    
+    public void setTestType(TestType testType) {
+        this.testType = testType;
+    }
+    
+    @Override
+    public void addValue(String value) {
+        values.add(value);
+    }
+    
+    @Override
+    public Set<String> getValues() {
+        return values;
+    }
+
+    @Override
+    public boolean equals(Object object) {
+        if (!(object instanceof AbstractAttribute)) {
+            return false;
+        }
+        if (object == this) {
+            return true;
+        }
+        AbstractAttribute compared = (AbstractAttribute) object;
+    
+        return new EqualsBuilder()
+                .append(getUri(), compared.getUri())
+                .append(getValues(), compared.getValues())
+                .isEquals();
+    }
+
+    @Override
+    public int hashCode() {
+        return new HashCodeBuilder(15, 101)
+                .append(getUri())
+                .append(getValues())
+                .toHashCode();
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
new file mode 100644
index 0000000000..7d45bc5fa3
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
@@ -0,0 +1,14 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+public enum AccessObjectType {
+    ANY,
+    CLASS,
+    NAMED_OBJECT,
+    FAUX_PROPERTY,
+    DATA_PROPERTY,
+    OBJECT_PROPERTY,
+    DATA_PROPERTY_STATEMENT,
+    OBJECT_PROPERTY_STATEMENT,
+    ENTITY_URI, 
+    ROOT_USER, 
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
new file mode 100644
index 0000000000..8945ebd05b
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
@@ -0,0 +1,12 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+public enum AccessOperation {
+    ANY,
+    EXECUTE,
+    PUBLISH,
+    UPDATE,
+    DISPLAY,
+    ADD,
+    DROP,
+    EDIT
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
new file mode 100644
index 0000000000..4f0e08db3d
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
@@ -0,0 +1,24 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import java.util.Set;
+
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public interface Attribute {
+
+    public void setUri(String uri);
+    
+    public String getUri();
+
+    public boolean match(AuthorizationRequest ar);
+    
+    public AttributeType getAttributeType();
+    
+    public TestType getTestType();
+    
+    Set<String> getValues();
+
+    public void addValue(String value);
+
+    public void setTestType(TestType valueOf);
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
new file mode 100644
index 0000000000..4c780947f0
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
@@ -0,0 +1,69 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.jena.query.QuerySolution;
+
+import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRuleStore;
+
+public class AttributeFactory {
+
+    public static Attribute createAttribute(QuerySolution qs) {
+        String typeId = qs.getLiteral(AccessRuleStore.TYPE_ID).getString();
+        String attributeUri = qs.getResource(AccessRuleStore.ATTRIBUTE).getURI();
+        AttributeType type = AttributeType.valueOf(typeId);
+        String testId = qs.getLiteral("testId").getString();
+        String value = getValue(qs);
+
+        Attribute at = null;
+        switch (type) {
+        case SUBJECT_ROLE_URI:
+            at = new SubjectRoleAttribute(attributeUri, value);
+            break;
+        case OPERATION:
+            at = new OperationAttribute(attributeUri, value);
+            break;
+        case OBJECT_URI:
+            at = new ObjectUriAttribute(attributeUri, value);
+            break;
+        case OBJECT_TYPE:
+            at = new ObjectTypeAttribute(attributeUri, value);
+            break;
+        case SUBJECT_TYPE:
+            at = new SubjectTypeAttribute(attributeUri, value);
+            break;
+        case STATEMENT_PREDICATE_URI:
+            at = new StatementPredicateUriAttribute(attributeUri, value);
+            break;
+        case STATEMENT_SUBJECT_URI:
+            at = new StatementSubjectUriAttribute(attributeUri, value);
+            break;
+        case STATEMENT_OBJECT_URI:
+            at = new StatementObjectUriAttribute(attributeUri, value);
+            break;
+        default :
+            at = null;
+        }    
+        at.setTestType(TestType.valueOf(testId));
+        return at;
+    }
+
+    private static String getValue(QuerySolution qs) {
+        if (!qs.contains(AccessRuleStore.LITERAL_VALUE) ||
+            !qs.get(AccessRuleStore.LITERAL_VALUE).isLiteral()) {
+            String value = qs.getResource(AccessRuleStore.ATTR_VALUE).getURI();
+            return value;
+        } else {
+            String value = qs.getLiteral(AccessRuleStore.LITERAL_VALUE).toString();
+            return value;    
+        }
+    }
+ 
+    public static void extendAttribute(Attribute attribute, QuerySolution qs) throws Exception {
+        String testId = qs.getLiteral("testId").getString();
+        if (TestType.ONE_OF.toString().equals(testId) ||
+            TestType.NOT_ONE_OF.toString().equals(testId)) {
+            attribute.addValue(getValue(qs));
+            return;
+        }
+        throw new Exception();
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeGroup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeGroup.java
new file mode 100644
index 0000000000..b7cade970a
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeGroup.java
@@ -0,0 +1,6 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+public enum AttributeGroup {
+    OBJECT_MATCH ,
+    EXPENSIVE_COMPUTATION
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java
new file mode 100644
index 0000000000..7b6bb4ecab
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java
@@ -0,0 +1,14 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+public enum AttributeType {
+    OPERATION,
+    SUBJECT_ROLE_URI,
+    OBJECT_URI,
+    OBJECT_TYPE,
+    STATEMENT_OBJECT_URI,
+    STATEMENT_PREDICATE_URI,
+    STATEMENT_SUBJECT_URI,
+    OBJECT_PROPERTY_URI,
+    DATA_PROPERTY_URI,
+    SUBJECT_TYPE 
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
new file mode 100644
index 0000000000..ce65904160
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
@@ -0,0 +1,105 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.rdf.model.Model;
+
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public class AttributeValueTester {
+    private static final Log log = LogFactory.getLog(AttributeValueTester.class);
+
+    static boolean test(Attribute attr, AuthorizationRequest ar, String... values) {
+        TestType testType = attr.getTestType();
+        switch (testType) {
+        case EQUALS:
+            return equals(attr, values);
+        case NOT_EQUALS:
+            return !equals(attr, values);
+        case ONE_OF:
+            return contains(attr, values);
+        case NOT_ONE_OF:
+            return !contains(attr, values);
+        case STARTS_WITH:
+            return startsWith(attr, values);
+        case SPARQL_SELECT_QUERY_CONTAINS:
+            return sparqlQueryContains(attr, ar, values);
+        default: 
+            return false;
+        }
+    }
+
+    private static boolean sparqlQueryContains(Attribute attr, AuthorizationRequest ar, String[] inputValues) {
+        Set<String> values = attr.getValues();
+        final int valuesSize = values.size();
+        if(valuesSize != 1) {
+            log.error("SparqlQueryContins value != 1");
+            return false;
+        }
+        String queryTemplate = values.iterator().next();
+        if (StringUtils.isBlank(queryTemplate)) {
+            log.error("SparqlQueryContins template is empty");
+            return false;
+        }
+        AccessObject ao = ar.getAccessObject();
+        Model m = ao.getStatementOntModel();
+        if (m == null) {
+            log.error("SparqlQueryContains model is not provided");
+            return false;
+        }
+        List<String> personUris = ar.getEditorUris();
+        if (personUris.isEmpty()) {
+            log.debug("SparqlQueryContins person uri is empty");
+            return false;
+        }
+        List<String> resourceUris = Arrays.asList(ao.getResourceUris());
+        return ProximityChecker.isAanyRelated(m, resourceUris, personUris, queryTemplate);
+    }
+
+    private static boolean contains(Attribute attr, String... inputValues) {
+        final Set<String> values = attr.getValues();
+        for (String inputValue : inputValues) {
+            if(values.contains(inputValue)){
+                return true;
+            }
+        }
+        return false;
+    }
+
+    private static boolean equals(Attribute attr, String... inputValues) {
+        Set<String> values = attr.getValues();
+        final int valuesSize = values.size();
+        if(valuesSize != 1) {
+            return false;
+        }
+        String value = values.iterator().next();
+        for (String inputValue : inputValues) {
+            if(value.equals(inputValue)){
+                return true;
+            }
+        }
+        return false;
+    }
+    
+    private static boolean startsWith(Attribute attr, String... inputValues) {
+        Set<String> values = attr.getValues();
+        final int valuesSize = values.size();
+        if(valuesSize != 1) {
+            return false;
+        }
+        String value = values.iterator().next();
+        for (String inputValue : inputValues) {
+            if(inputValue != null && inputValue.startsWith(value)){
+                return true;
+            }
+        }
+        return false;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/DataPropertyUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/DataPropertyUriAttribute.java
new file mode 100644
index 0000000000..8e56ec8dbe
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/DataPropertyUriAttribute.java
@@ -0,0 +1,39 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
+
+public class DataPropertyUriAttribute extends AbstractAttribute {
+
+    private static final Log log = LogFactory.getLog(DataPropertyUriAttribute.class);
+
+    public DataPropertyUriAttribute(String uri, String objectUri) {
+        super(uri, objectUri);
+    }
+
+    @Override
+    public boolean match(AuthorizationRequest ar) {
+        AccessObject ao = ar.getAccessObject();
+        DataProperty dataProperty = ao.getDataProperty();
+        String inputValue = dataProperty.getURI();
+        if (dataProperty != null) {
+            inputValue = dataProperty.getURI();
+        }
+        if (AttributeValueTester.test(this, ar, inputValue)) {
+            log.debug("Attribute value(s) match requested statement data property uri '" + inputValue + "'");
+            return true;
+        }
+        log.debug("Attribute value(s) don't match requested statement data property uri '" + inputValue + "'");
+        return false;
+    }
+
+    @Override
+    public AttributeType getAttributeType() {
+        return AttributeType.OBJECT_PROPERTY_URI;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectPropertyUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectPropertyUriAttribute.java
new file mode 100644
index 0000000000..14a746667c
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectPropertyUriAttribute.java
@@ -0,0 +1,39 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
+
+public class ObjectPropertyUriAttribute extends AbstractAttribute {
+
+    private static final Log log = LogFactory.getLog(ObjectPropertyUriAttribute.class);
+
+    public ObjectPropertyUriAttribute(String uri, String objectUri) {
+        super(uri, objectUri);
+    }
+
+    @Override
+    public boolean match(AuthorizationRequest ar) {
+        AccessObject ao = ar.getAccessObject();
+        ObjectProperty objectProperty = ao.getObjectProperty();
+        String inputValue = objectProperty.getURI();
+        if (objectProperty != null) {
+            inputValue = objectProperty.getURI();
+        }
+        if (AttributeValueTester.test(this, ar, inputValue)) {
+            log.debug("Attribute value match requested statement object property uri '" + inputValue + "'");
+            return true;
+        }
+        log.debug("Attribute value don't match requested statement object property uri '" + inputValue + "'");
+        return false;
+    }
+
+    @Override
+    public AttributeType getAttributeType() {
+        return AttributeType.OBJECT_PROPERTY_URI;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java
new file mode 100644
index 0000000000..343583bad5
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java
@@ -0,0 +1,33 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public class ObjectTypeAttribute extends AbstractAttribute {
+
+    private static final Log log = LogFactory.getLog(ObjectTypeAttribute.class);
+
+    public ObjectTypeAttribute(String uri, String roleValue) {
+        super(uri, roleValue);
+    }
+
+    @Override
+    public boolean match(AuthorizationRequest ar) {
+         AccessObject ao = ar.getAccessObject();
+        final String inputValue = ao.getType().toString();
+        if (AttributeValueTester.test(this, ar, inputValue)) {
+            log.debug("Attribute match requested object type '" + inputValue + "'");
+            return true;
+        }
+        log.debug("Attribute don't match requested object type '" + inputValue + "'");
+        return false;
+    }
+
+    @Override
+    public AttributeType getAttributeType() {
+        return AttributeType.SUBJECT_TYPE;
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectUriAttribute.java
new file mode 100644
index 0000000000..53a3934969
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectUriAttribute.java
@@ -0,0 +1,34 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public class ObjectUriAttribute extends AbstractAttribute {
+
+    private static final Log log = LogFactory.getLog(ObjectUriAttribute.class);
+
+    public ObjectUriAttribute(String uri, String objectUri) {
+        super(uri, objectUri);
+    }
+
+    @Override
+    public boolean match(AuthorizationRequest ar) {
+        AccessObject ao = ar.getAccessObject();
+        final String inputValue = ao.getUri();
+        if (AttributeValueTester.test(this, ar, inputValue)) {
+            log.debug("Attribute match requested '" + inputValue + "'");
+            return true;
+        }
+        log.debug("Attribute don't match requested '" + inputValue + "'");
+        return false;
+    }
+
+    @Override
+    public AttributeType getAttributeType() {
+        return AttributeType.OBJECT_URI;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
new file mode 100644
index 0000000000..8a459b5e5e
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
@@ -0,0 +1,33 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public class OperationAttribute extends AbstractAttribute {
+
+    private static final Log log = LogFactory.getLog(OperationAttribute.class);
+
+    public OperationAttribute(String uri, String roleValue) {
+        super(uri, roleValue);
+    }
+
+    @Override
+    public boolean match(AuthorizationRequest ar) {
+        AccessOperation aop = ar.getAccessOperation();
+        final String inputValue = aop.toString();
+        if (AttributeValueTester.test(this, ar, inputValue)) {
+            log.debug("Attribute match requested operation '" + inputValue + "'");
+            return true;
+        }
+        log.debug("Attribute don't match requested operation '" + inputValue + "'");
+        return false;
+    }
+
+    @Override
+    public AttributeType getAttributeType() {
+        return AttributeType.OPERATION;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationGroup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationGroup.java
new file mode 100644
index 0000000000..8ace7753eb
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationGroup.java
@@ -0,0 +1,7 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+public enum OperationGroup {
+    DISPLAY_GROUP,
+    UPDATE_GROUP,
+    PUBLISH_GROUP
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
new file mode 100644
index 0000000000..4e7e20e566
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
@@ -0,0 +1,63 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.query.ParameterizedSparqlString;
+import org.apache.jena.query.Query;
+import org.apache.jena.query.QueryExecution;
+import org.apache.jena.query.QueryExecutionFactory;
+import org.apache.jena.query.QueryFactory;
+import org.apache.jena.query.QuerySolution;
+import org.apache.jena.query.ResultSet;
+import org.apache.jena.rdf.model.Model;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+public class ProximityChecker {
+	private static final Log log = LogFactory.getLog(ProximityChecker.class);
+
+    public static boolean isAanyRelated(Model ontModel, List<String> resourceUris, List<String> personUris, String query) {
+        for (String personUri : personUris) {
+            List<String> connectedResourceUris = getRelatedUris(ontModel, personUri, query);
+            for (String connectedResourceUri : connectedResourceUris) {
+                if (resourceUris.contains(connectedResourceUri)) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+    private static List<String> getRelatedUris(Model model, String personUri, String queryTemplate) {
+    	HashMap<String, List<String>> queryMap = QueryResultsMapCache.get();
+        String queryMapKey = createQueryMapKey(personUri, queryTemplate);
+        if (queryMap.containsKey(queryMapKey)) {
+            return queryMap.get(queryMapKey);
+        }
+
+        List<String> resourceUris = new ArrayList<>();
+        ParameterizedSparqlString pss = new ParameterizedSparqlString();
+        pss.setCommandText(queryTemplate);
+        pss.setIri("personUri", personUri);
+        Query query = QueryFactory.create(pss.toString());
+        QueryExecution queryExecution = QueryExecutionFactory.create(query, model);
+        try {
+            ResultSet resultSet = queryExecution.execSelect();
+            while (resultSet.hasNext()) {
+                QuerySolution qs = resultSet.nextSolution();
+                resourceUris.add(qs.getResource("resourceUri").getURI());
+            }
+        } finally {
+            queryExecution.close();
+        }
+        queryMap.put(queryMapKey, resourceUris);
+        QueryResultsMapCache.update(queryMap);
+        return resourceUris;
+    }
+    private static String createQueryMapKey(String personUri, String queryTemplate) {
+        return queryTemplate + "." + personUri;
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java
new file mode 100644
index 0000000000..0bc9515780
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java
@@ -0,0 +1,45 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class QueryResultsMapCache implements AutoCloseable {
+	private static final Log log = LogFactory.getLog(QueryResultsMapCache.class);
+
+    private static ThreadLocal<HashMap<String, List<String>>> threadLocal = new ThreadLocal<HashMap<String, List<String>>>();
+
+    public QueryResultsMapCache() {
+		threadLocal.set(new HashMap<String, List<String>>());
+		log.debug("Query results map cache initialized");
+	}
+    
+    @Override
+	public void close() throws IOException {
+		threadLocal.remove();
+		log.debug("QueryResultsMapCache is closed");
+	}
+
+	public static HashMap<String, List<String>> get() {
+		HashMap<String, List<String>> queryResultsMap = threadLocal.get();
+    	if (queryResultsMap == null) {
+    		queryResultsMap = new HashMap<String, List<String>>();
+    		log.debug("Use a non-cached query results map");
+    	} else {
+    		log.debug("Use cached query results map");
+    	}
+		return queryResultsMap;
+	}
+
+	public static void update(HashMap<String, List<String>> queryResultsMap) {
+		if (threadLocal.get() != null ) {
+			threadLocal.set(queryResultsMap);
+    		log.debug("Query results map cache has been updated");
+		} else {
+			log.debug("Query results map cache has not been updated as it wasn't initialized");	
+		}
+	}
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
new file mode 100644
index 0000000000..aa8fbf6177
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
@@ -0,0 +1,34 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public class StatementObjectUriAttribute extends AbstractAttribute {
+
+    private static final Log log = LogFactory.getLog(StatementObjectUriAttribute.class);
+
+    public StatementObjectUriAttribute(String uri, String objectUri) {
+        super(uri, objectUri);
+    }
+
+    @Override
+    public boolean match(AuthorizationRequest ar) {
+        AccessObject ao = ar.getAccessObject();
+        final String inputValue = ao.getStatementObject();
+        if (AttributeValueTester.test(this, ar, inputValue)) {
+            log.debug("Attribute value match requested statement object uri '" + inputValue + "'");
+            return true;
+        }
+        log.debug("Attribute value don't match requested statement object uri '" + inputValue + "'");
+        return false;
+    }
+
+    @Override
+    public AttributeType getAttributeType() {
+        return AttributeType.STATEMENT_OBJECT_URI;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
new file mode 100644
index 0000000000..da8eaf55bb
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
@@ -0,0 +1,34 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public class StatementPredicateUriAttribute extends AbstractAttribute {
+
+    private static final Log log = LogFactory.getLog(StatementPredicateUriAttribute.class);
+
+    public StatementPredicateUriAttribute(String uri, String objectUri) {
+        super(uri, objectUri);
+    }
+
+    @Override
+    public boolean match(AuthorizationRequest ar) {
+        AccessObject ao = ar.getAccessObject();
+        final String inputValue = ao.getStatementPredicateUri();
+        if (AttributeValueTester.test(this, ar, inputValue)) {
+            log.debug("Attribute value match requested statement predicate uri '" + inputValue + "'");
+            return true;
+        }
+        log.debug("Attribute value don't match requested statement predicate uri '" + inputValue + "'");
+        return false;
+    }
+
+    @Override
+    public AttributeType getAttributeType() {
+        return AttributeType.STATEMENT_PREDICATE_URI;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
new file mode 100644
index 0000000000..696681e9f3
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
@@ -0,0 +1,34 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public class StatementSubjectUriAttribute extends AbstractAttribute {
+
+    private static final Log log = LogFactory.getLog(StatementSubjectUriAttribute.class);
+
+    public StatementSubjectUriAttribute(String uri, String objectUri) {
+        super(uri, objectUri);
+    }
+
+    @Override
+    public boolean match(AuthorizationRequest ar) {
+        AccessObject ao = ar.getAccessObject();
+        final String inputValue = ao.getStatementSubject();
+        if (AttributeValueTester.test(this, ar, inputValue)) {
+            log.debug("Attribute value match requested statement subject uri '" + inputValue + "'");
+            return true;
+        }
+        log.debug("Attribute value don't match requested statement subject uri '" + inputValue + "'");
+        return false;
+    }
+
+    @Override
+    public AttributeType getAttributeType() {
+        return AttributeType.STATEMENT_SUBJECT_URI;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java
new file mode 100644
index 0000000000..c1ec86332a
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java
@@ -0,0 +1,34 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public class SubjectRoleAttribute extends AbstractAttribute {
+
+    private static final Log log = LogFactory.getLog(SubjectRoleAttribute.class);
+
+    public SubjectRoleAttribute(String uri, String roleValue) {
+        super(uri, roleValue);
+    }
+
+    @Override
+    public boolean match(AuthorizationRequest ar) {
+        final List<String> inputValues = ar.getRoleUris();
+        if (AttributeValueTester.test(this,  ar, inputValues.toArray(new String[0]))) {
+            log.debug("Attribute match requested '" + inputValues + "'");
+            return true;
+        }
+        log.debug("Attribute don't match requested '" + inputValues + "'");
+        return false;
+    }
+
+    @Override
+    public AttributeType getAttributeType() {
+        return AttributeType.SUBJECT_ROLE_URI;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
new file mode 100644
index 0000000000..26edd027dd
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
@@ -0,0 +1,35 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsRootUser;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public class SubjectTypeAttribute extends AbstractAttribute {
+
+    private static final Log log = LogFactory.getLog(SubjectTypeAttribute.class);
+
+    public SubjectTypeAttribute(String uri, String subjectTypeValue) {
+        super(uri, subjectTypeValue);
+    }
+
+    @Override
+    public boolean match(AuthorizationRequest ar) {
+        IdentifierBundle ac_subject = ar.getIds();
+        String inputValue = IsRootUser.isRootUser(ac_subject) ? "ROOT_USER" : "";
+        if (AttributeValueTester.test(this, ar, inputValue)) {
+            log.debug("Attribute subject type match requested object type '");
+            return true;
+        } else {
+            log.debug("Attribute subject type don't match requested object type '");
+            return false;
+        }    
+    }
+
+    @Override
+    public AttributeType getAttributeType() {
+        return AttributeType.OBJECT_TYPE;
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java
new file mode 100644
index 0000000000..4f8dcae11f
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java
@@ -0,0 +1,10 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+public enum TestType {
+    EQUALS,
+    NOT_EQUALS,
+    ONE_OF,
+    NOT_ONE_OF,
+    STARTS_WITH, 
+    SPARQL_SELECT_QUERY_CONTAINS
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/ActiveIdentifierBundleFactories.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/ActiveIdentifierBundleFactories.java
index 1c88ee07cc..85ee992303 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/ActiveIdentifierBundleFactories.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/ActiveIdentifierBundleFactories.java
@@ -5,8 +5,6 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.servlet.ServletContext;
-import javax.servlet.ServletContextEvent;
 import javax.servlet.http.HttpServletRequest;
 
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
@@ -15,9 +13,19 @@
  * Keep a list of the active IdentifierBundleFactories in the context.
  */
 public class ActiveIdentifierBundleFactories {
-	private static final String ATTRIBUTE_ACTIVE_FACTORIES = ActiveIdentifierBundleFactories.class
-			.getName();
-
+    
+    private static ActiveIdentifierBundleFactories INSTANCE = new ActiveIdentifierBundleFactories();
+    
+    private final List<IdentifierBundleFactory> factories = new ArrayList<IdentifierBundleFactory>();
+
+    private ActiveIdentifierBundleFactories() {
+        INSTANCE = this;
+    }
+    
+    public static ActiveIdentifierBundleFactories getInstance() {
+        return INSTANCE;
+    }
+    
 	// ----------------------------------------------------------------------
 	// static methods
 	// ----------------------------------------------------------------------
@@ -25,40 +33,20 @@ public class ActiveIdentifierBundleFactories {
 	/**
 	 * Add a new IdentifierBundleFactory to the list.
 	 */
-	public static void addFactory(ServletContextEvent sce,
-			IdentifierBundleFactory factory) {
-		if (sce == null) {
-			throw new NullPointerException("sce may not be null.");
-		}
-		if (factory == null) {
-			throw new NullPointerException("factory may not be null.");
-		}
-
-		addFactory(sce.getServletContext(), factory);
-	}
-
-	/**
-	 * Add a new IdentifierBundleFactory to the list.
-	 */
-	public static void addFactory(ServletContext ctx,
-			IdentifierBundleFactory factory) {
-		if (ctx == null) {
-			throw new NullPointerException("ctx may not be null.");
-		}
+	public static void addFactory(IdentifierBundleFactory factory) {
 		if (factory == null) {
 			throw new NullPointerException("factory may not be null.");
 		}
-
-		getActiveFactories(ctx).addFactory(factory);
+		INSTANCE.factories.add(factory);
 	}
 
 	/**
 	 * Just for diagnostics. Don't expose the factories themselves, only their
 	 * names.
 	 */
-	public static List<String> getFactoryNames(ServletContext ctx) {
+	public static List<String> getFactoryNames() {
 		List<String> names = new ArrayList<String>();
-		ActiveIdentifierBundleFactories actFact = getActiveFactories(ctx);
+		ActiveIdentifierBundleFactories actFact = ActiveIdentifierBundleFactories.getInstance();
 		for (IdentifierBundleFactory factory : actFact.factories) {
 			names.add(factory.toString());
 		}
@@ -74,66 +62,20 @@ public static List<String> getFactoryNames(ServletContext ctx) {
 	 * request.
 	 */
 	static IdentifierBundle getIdentifierBundle(HttpServletRequest request) {
-		return getActiveFactories(request).getBundleForRequest(request);
+		return ActiveIdentifierBundleFactories.getInstance().getBundleForRequest(request);
 	}
 
 	/**
 	 * Get the Identifiers that would be created if this user were to log in.
 	 */
-	public static IdentifierBundle getUserIdentifierBundle(
-			HttpServletRequest request, UserAccount userAccount) {
-		return getActiveFactories(request).getBundleForUser(userAccount);
-	}
-
-	/**
-	 * Get the singleton instance from the servlet context. If there isn't one,
-	 * create one. This never returns null.
-	 */
-	private static ActiveIdentifierBundleFactories getActiveFactories(
-			HttpServletRequest req) {
-		if (req == null) {
-			throw new NullPointerException("req may not be null.");
-		}
-
-		return getActiveFactories(req.getSession().getServletContext());
-	}
-
-	/**
-	 * Get the singleton instance from the servlet context. If there isn't one,
-	 * create one. This never returns null.
-	 */
-	private static ActiveIdentifierBundleFactories getActiveFactories(
-			ServletContext ctx) {
-		if (ctx == null) {
-			throw new NullPointerException("ctx may not be null.");
-		}
-
-		Object obj = ctx.getAttribute(ATTRIBUTE_ACTIVE_FACTORIES);
-		if (obj == null) {
-			obj = new ActiveIdentifierBundleFactories();
-			ctx.setAttribute(ATTRIBUTE_ACTIVE_FACTORIES, obj);
-		}
-
-		if (!(obj instanceof ActiveIdentifierBundleFactories)) {
-			throw new IllegalStateException("Expected to find an instance of "
-					+ ActiveIdentifierBundleFactories.class.getName()
-					+ " in the context, but found an instance of "
-					+ obj.getClass().getName() + " instead.");
-		}
-
-		return (ActiveIdentifierBundleFactories) obj;
+	public static IdentifierBundle getUserIdentifierBundle(UserAccount userAccount) {
+		return ActiveIdentifierBundleFactories.getInstance().getBundleForUser(userAccount);
 	}
 
 	// ----------------------------------------------------------------------
 	// the instance
 	// ----------------------------------------------------------------------
 
-	private final List<IdentifierBundleFactory> factories = new ArrayList<IdentifierBundleFactory>();
-
-	private void addFactory(IdentifierBundleFactory factory) {
-		factories.add(factory);
-	}
-
 	/**
 	 * Run through the active factories and get all Identifiers for this
 	 * request.
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/HasPermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/HasPermission.java
deleted file mode 100644
index 3aa9aeff12..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/HasPermission.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.identifier.common;
-
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
-
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.Permission;
-
-/**
- * The current user has this Permission, through one or more PermissionSets.
- */
-public class HasPermission extends AbstractCommonIdentifier implements
-		Identifier, Comparable<HasPermission> {
-	public static Collection<HasPermission> getIdentifiers(IdentifierBundle ids) {
-		return getIdentifiersForClass(ids, HasPermission.class);
-	}
-
-	public static Collection<Permission> getPermissions(IdentifierBundle ids) {
-		Set<Permission> set = new HashSet<Permission>();
-		for (HasPermission id : getIdentifiers(ids)) {
-			set.add(id.getPermission());
-		}
-		return set;
-	}
-
-	private final Permission permission; // never null
-
-	public HasPermission(Permission permission) {
-		if (permission == null) {
-			throw new NullPointerException("permission may not be null.");
-		}
-		this.permission = permission;
-	}
-
-	public Permission getPermission() {
-		return permission;
-	}
-
-	@Override
-	public String toString() {
-		return "HasPermission[" + permission + "]";
-	}
-
-	@Override
-	public int hashCode() {
-		return permission.hashCode();
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (obj == this) {
-			return true;
-		}
-		if (obj == null) {
-			return false;
-		}
-		if (!(obj instanceof HasPermission)) {
-			return false;
-		}
-		HasPermission that = (HasPermission) obj;
-		return this.permission.equals(that.permission);
-	}
-
-	@Override
-	public int compareTo(HasPermission that) {
-		return this.permission.compareTo(that.permission);
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/HasPermissionSet.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IdentifierPermissionSetProvider.java
similarity index 69%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/HasPermissionSet.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IdentifierPermissionSetProvider.java
index cf94e1437c..c537ece27e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/HasPermissionSet.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IdentifierPermissionSetProvider.java
@@ -13,15 +13,15 @@
 /**
  * The current user has this Permission, through one or more PermissionSets.
  */
-public class HasPermissionSet extends AbstractCommonIdentifier implements
-		Identifier, Comparable<HasPermissionSet> {
-	public static Collection<HasPermissionSet> getIdentifiers(IdentifierBundle ids) {
-		return getIdentifiersForClass(ids, HasPermissionSet.class);
+public class IdentifierPermissionSetProvider extends AbstractCommonIdentifier implements
+		Identifier, Comparable<IdentifierPermissionSetProvider> {
+	public static Collection<IdentifierPermissionSetProvider> getIdentifiers(IdentifierBundle ids) {
+		return getIdentifiersForClass(ids, IdentifierPermissionSetProvider.class);
 	}
 
 	public static Collection<PermissionSet> getPermissionSets(IdentifierBundle ids) {
 		Set<PermissionSet> set = new HashSet<>();
-		for (HasPermissionSet id : getIdentifiers(ids)) {
+		for (IdentifierPermissionSetProvider id : getIdentifiers(ids)) {
 			set.add(id.getPermissionSet());
 		}
 		return set;
@@ -29,7 +29,7 @@ public static Collection<PermissionSet> getPermissionSets(IdentifierBundle ids)
 
 	public static Collection<String> getPermissionSetUris(IdentifierBundle ids) {
 		Set<String> set = new HashSet<>();
-		for (HasPermissionSet id : getIdentifiers(ids)) {
+		for (IdentifierPermissionSetProvider id : getIdentifiers(ids)) {
 			set.add(id.getPermissionSet().getUri());
 		}
 		return set;
@@ -37,7 +37,7 @@ public static Collection<String> getPermissionSetUris(IdentifierBundle ids) {
 
 	private final PermissionSet permissionSet; // never null
 
-	public HasPermissionSet(PermissionSet permissionSet) {
+	public IdentifierPermissionSetProvider(PermissionSet permissionSet) {
 		if (permissionSet == null) {
 			throw new NullPointerException("permissionSet may not be null.");
 		}
@@ -66,15 +66,15 @@ public boolean equals(Object obj) {
 		if (obj == null) {
 			return false;
 		}
-		if (!(obj instanceof HasPermissionSet)) {
+		if (!(obj instanceof IdentifierPermissionSetProvider)) {
 			return false;
 		}
-		HasPermissionSet that = (HasPermissionSet) obj;
+		IdentifierPermissionSetProvider that = (IdentifierPermissionSetProvider) obj;
 		return this.permissionSet.getUri().equals(that.permissionSet.getUri());
 	}
 
 	@Override
-	public int compareTo(HasPermissionSet that) {
+	public int compareTo(IdentifierPermissionSetProvider that) {
 		return this.permissionSet.getUri().compareTo(
 				that.permissionSet.getUri());
 	}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IsBlacklisted.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IsBlacklisted.java
index 36275f37bb..dd9a5b411e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IsBlacklisted.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IsBlacklisted.java
@@ -2,42 +2,20 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.identifier.common;
 
-import java.io.File;
-import java.io.FileFilter;
-import java.io.FileInputStream;
-import java.io.IOException;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
 
-import javax.servlet.ServletContext;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.apache.jena.ontology.OntModel;
-import org.apache.jena.query.Query;
-import org.apache.jena.query.QueryExecution;
-import org.apache.jena.query.QueryExecutionFactory;
-import org.apache.jena.query.QueryFactory;
-import org.apache.jena.query.QuerySolution;
-import org.apache.jena.query.ResultSet;
-import org.apache.jena.rdf.model.RDFNode;
-
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
 
 /**
  * The current user is blacklisted for this reason.
  */
 public class IsBlacklisted extends AbstractCommonIdentifier implements
 		Identifier {
-	private static final Log log = LogFactory.getLog(IsBlacklisted.class);
 
-	private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist";
 	private static final String NOT_BLACKLISTED = null;
 
 	// ----------------------------------------------------------------------
@@ -48,16 +26,12 @@ public class IsBlacklisted extends AbstractCommonIdentifier implements
 	 * If this individual is blacklisted, return an appropriate Identifier.
 	 * Otherwise, return null.
 	 */
-	public static IsBlacklisted getInstance(Individual individual,
-			ServletContext context) {
+	public static IsBlacklisted getInstance(Individual individual) {
 		if (individual == null) {
 			throw new NullPointerException("individual may not be null.");
 		}
-		if (context == null) {
-			throw new NullPointerException("context may not be null.");
-		}
 
-		String reasonForBlacklisting = checkForBlacklisted(individual, context);
+		String reasonForBlacklisting = NOT_BLACKLISTED;
 		IsBlacklisted id = new IsBlacklisted(individual.getURI(),
 				reasonForBlacklisting);
 		if (id.isBlacklisted()) {
@@ -67,123 +41,6 @@ public static IsBlacklisted getInstance(Individual individual,
 		}
 	}
 
-	/**
-	 * Runs through .sparql files in the BLACKLIST_SPARQL_DIR.
-	 *
-	 * The first that returns one or more rows will be cause the user to be
-	 * blacklisted.
-	 *
-	 * The first variable from the first solution set will be returned.
-	 */
-	private static String checkForBlacklisted(Individual ind,
-			ServletContext context) {
-		String realPath = context.getRealPath(BLACKLIST_SPARQL_DIR);
-		File blacklistDir = new File(realPath);
-		if (!blacklistDir.isDirectory() || !blacklistDir.canRead()) {
-			log.debug("cannot read blacklist directory " + realPath);
-			return NOT_BLACKLISTED;
-		}
-
-		log.debug("checking directlry " + realPath
-				+ " for blacklisting sparql query files");
-		File[] files = blacklistDir.listFiles(new FileFilter() {
-			@Override
-			public boolean accept(File pathname) {
-				return pathname.getName().endsWith(".sparql");
-			}
-		});
-
-		String reasonForBlacklist = NOT_BLACKLISTED;
-		for (File file : files) {
-			try {
-				reasonForBlacklist = runSparqlFileForBlacklist(file, ind,
-						context);
-				if (reasonForBlacklist != NOT_BLACKLISTED)
-					break;
-			} catch (RuntimeException ex) {
-				log.error(
-						"Could not run blacklist check query for file "
-								+ file.getAbsolutePath() + File.separatorChar
-								+ file.getName(), ex);
-			}
-		}
-		return reasonForBlacklist;
-	}
-
-	/**
-	 * Runs the SPARQL query in the file with the uri of the individual
-	 * substituted in.
-	 *
-	 * The URI of ind will be substituted into the query where ever the token
-	 * "?individualURI" is found.
-	 *
-	 * If there are any solution sets, then the URI of the variable named
-	 * "cause" will be returned. Make sure that it is a resource with a URI.
-	 * Otherwise null will be returned.
-	 */
-	private static String runSparqlFileForBlacklist(File file, Individual ind,
-			ServletContext context) {
-		if (!file.canRead()) {
-			log.debug("cannot read blacklisting SPARQL file " + file.getName());
-			return NOT_BLACKLISTED;
-		}
-
-		String queryString = null;
-		FileInputStream fis = null;
-		try {
-			fis = new FileInputStream(file);
-			byte b[] = new byte[fis.available()];
-			fis.read(b);
-			queryString = new String(b);
-		} catch (IOException ioe) {
-			log.debug(ioe);
-			return NOT_BLACKLISTED;
-		} finally {
-			if (fis != null) {
-				try {
-					fis.close();
-				} catch (IOException e) {
-					log.warn("could not close file", e);
-				}
-			}
-		}
-
-		if (StringUtils.isEmpty(queryString)) {
-			log.debug(file.getName() + " is empty");
-			return NOT_BLACKLISTED;
-		}
-
-		OntModel model = ModelAccess.on(context).getOntModel();
-
-		queryString = queryString.replaceAll("\\?individualURI",
-				"<" + ind.getURI() + ">");
-		log.debug(queryString);
-
-		Query query = QueryFactory.create(queryString);
-		QueryExecution qexec = QueryExecutionFactory.create(query, model);
-		try {
-			ResultSet results = qexec.execSelect();
-			while (results.hasNext()) {
-				QuerySolution solution = results.nextSolution();
-				if (solution.contains("cause")) {
-					RDFNode node = solution.get("cause");
-					if (node.isResource()) {
-						return node.asResource().getURI();
-					} else if (node.isLiteral()) {
-						return node.asLiteral().getString();
-					}
-				} else {
-					log.error("Query solution must contain a variable "
-							+ "\"cause\" of type Resource or Literal.");
-					return NOT_BLACKLISTED;
-				}
-			}
-		} finally {
-			qexec.close();
-		}
-		return NOT_BLACKLISTED;
-	}
-
 	public static Collection<IsBlacklisted> getIdentifiers(IdentifierBundle ids) {
 		return getIdentifiersForClass(ids, IsBlacklisted.class);
 	}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/BaseIdentifierBundleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/BaseIdentifierBundleFactory.java
index 75bd8c119a..be0909d1ce 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/BaseIdentifierBundleFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/BaseIdentifierBundleFactory.java
@@ -2,8 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
 
-import javax.servlet.ServletContext;
-
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundleFactory;
 import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
@@ -15,17 +13,12 @@
  */
 public abstract class BaseIdentifierBundleFactory implements
 		IdentifierBundleFactory {
-	protected final ServletContext ctx;
 	protected final WebappDaoFactory wdf;
 	protected final UserAccountsDao uaDao;
 	protected final IndividualDao indDao;
 
-	public BaseIdentifierBundleFactory(ServletContext ctx) {
-		if (ctx == null) {
-			throw new NullPointerException("ctx may not be null.");
-		}
-		this.ctx = ctx;
-		this.wdf = ModelAccess.on(ctx).getWebappDaoFactory();
+	public BaseIdentifierBundleFactory() {
+		this.wdf = ModelAccess.getInstance().getWebappDaoFactory();
 		this.uaDao = wdf.getUserAccountsDao();
 		this.indDao = wdf.getIndividualDao();
 	}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/BaseUserBasedIdentifierBundleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/BaseUserBasedIdentifierBundleFactory.java
index 93aa965036..3aed5afec7 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/BaseUserBasedIdentifierBundleFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/BaseUserBasedIdentifierBundleFactory.java
@@ -2,7 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
 
-import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
 
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
@@ -16,10 +15,6 @@
 public abstract class BaseUserBasedIdentifierBundleFactory extends
 		BaseIdentifierBundleFactory implements UserBasedIdentifierBundleFactory {
 
-	public BaseUserBasedIdentifierBundleFactory(ServletContext ctx) {
-		super(ctx);
-	}
-
 	@Override
 	public final IdentifierBundle getIdentifierBundle(HttpServletRequest request) {
 		return getIdentifierBundleForUser(LoginStatusBean
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionFactory.java
deleted file mode 100644
index 44d0689d46..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionFactory.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import javax.servlet.ServletContext;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasPermission;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.Permission;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionRegistry;
-import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
-import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
-
-/**
- * Figure out what Permissions the user is entitled to have.
- */
-public class HasPermissionFactory extends BaseUserBasedIdentifierBundleFactory {
-	private static final Log log = LogFactory
-			.getLog(HasPermissionFactory.class);
-
-	public HasPermissionFactory(ServletContext ctx) {
-		super(ctx);
-	}
-
-	@Override
-	public IdentifierBundle getIdentifierBundleForUser(UserAccount user) {
-		if (user == null) {
-			return createPublicPermissions();
-		} else {
-			return createUserPermissions(user);
-		}
-	}
-
-	private IdentifierBundle createPublicPermissions() {
-		Set<String> permissionUris = new HashSet<String>();
-		for (PermissionSet ps : uaDao.getAllPermissionSets()) {
-			if (ps.isForPublic()) {
-				permissionUris.addAll(ps.getPermissionUris());
-			}
-		}
-		log.debug("Permission URIs: " + permissionUris);
-
-		return new ArrayIdentifierBundle(
-				getIdentifiersFromPermissions(getPermissionsForUris(permissionUris)));
-	}
-
-	private IdentifierBundle createUserPermissions(UserAccount user) {
-		Set<String> permissionUris = new HashSet<String>();
-		for (String psUri : user.getPermissionSetUris()) {
-			PermissionSet ps = uaDao.getPermissionSetByUri(psUri);
-			if (ps != null) {
-				permissionUris.addAll(ps.getPermissionUris());
-			}
-		}
-		log.debug("user permission sets: " + user.getPermissionSetUris());
-		log.debug("Permission URIs: " + permissionUris);
-
-		return new ArrayIdentifierBundle(
-				getIdentifiersFromPermissions(getPermissionsForUris(permissionUris)));
-	}
-
-	private Collection<Permission> getPermissionsForUris(
-			Collection<String> permissionUris) {
-		List<Permission> permissions = new ArrayList<Permission>();
-		PermissionRegistry registry = PermissionRegistry.getRegistry(ctx);
-		for (String uri : permissionUris) {
-			permissions.add(registry.getPermission(uri));
-		}
-		return permissions;
-	}
-
-	private List<HasPermission> getIdentifiersFromPermissions(
-			Collection<Permission> permissions) {
-		List<HasPermission> ids = new ArrayList<HasPermission>();
-		for (Permission permission : permissions) {
-			ids.add(new HasPermission(permission));
-		}
-		return ids;
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionSetFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionSetFactory.java
index e132251cff..fbcd90783f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionSetFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionSetFactory.java
@@ -2,28 +2,20 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
 
-import javax.servlet.ServletContext;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasPermissionSet;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IdentifierPermissionSetProvider;
 import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 
 /**
  * Figure out what PermissionSets the user is entitled to have.
  */
-public class HasPermissionSetFactory extends
-		BaseUserBasedIdentifierBundleFactory {
-	private static final Log log = LogFactory
-			.getLog(HasPermissionFactory.class);
-
-	public HasPermissionSetFactory(ServletContext ctx) {
-		super(ctx);
-	}
+public class HasPermissionSetFactory extends BaseUserBasedIdentifierBundleFactory {
+	private static final Log log = LogFactory.getLog(HasPermissionSetFactory.class);
 
 	@Override
 	public IdentifierBundle getIdentifierBundleForUser(UserAccount user) {
@@ -32,7 +24,7 @@ public IdentifierBundle getIdentifierBundleForUser(UserAccount user) {
 			for (String psUri : user.getPermissionSetUris()) {
 				PermissionSet ps = uaDao.getPermissionSetByUri(psUri);
 				if (ps != null) {
-					ids.add(new HasPermissionSet(ps));
+					ids.add(new IdentifierPermissionSetProvider(ps));
 				}
 			}
 		}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileOrIsBlacklistedFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileOrIsBlacklistedFactory.java
index 674c795627..3801839312 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileOrIsBlacklistedFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileOrIsBlacklistedFactory.java
@@ -28,17 +28,13 @@ public class HasProfileOrIsBlacklistedFactory extends
 	private static final Log log = LogFactory
 			.getLog(HasProfileOrIsBlacklistedFactory.class);
 
-	public HasProfileOrIsBlacklistedFactory(ServletContext ctx) {
-		super(ctx);
-	}
-
 	@Override
 	public IdentifierBundle getIdentifierBundleForUser(UserAccount user) {
 		ArrayIdentifierBundle ids = new ArrayIdentifierBundle();
 
 		for (Individual ind : getAssociatedIndividuals(user)) {
 			// If they are blacklisted, this factory will return an identifier
-			Identifier id = IsBlacklisted.getInstance(ind, ctx);
+			Identifier id = IsBlacklisted.getInstance(ind);
 			if (id != null) {
 				ids.add(id);
 			} else {
@@ -60,7 +56,7 @@ private Collection<Individual> getAssociatedIndividuals(UserAccount user) {
 			return individuals;
 		}
 
-		SelfEditingConfiguration sec = SelfEditingConfiguration.getBean(ctx);
+		SelfEditingConfiguration sec = SelfEditingConfiguration.getInstance();
 		individuals.addAll(sec.getAssociatedIndividuals(indDao, user));
 
 		return individuals;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProxyEditingRightsFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProxyEditingRightsFactory.java
index c126bcb91e..718f9cbb64 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProxyEditingRightsFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProxyEditingRightsFactory.java
@@ -2,8 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
 
-import javax.servlet.ServletContext;
-
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasProxyEditingRights;
@@ -15,10 +13,6 @@
 public class HasProxyEditingRightsFactory extends
 		BaseUserBasedIdentifierBundleFactory {
 
-	public HasProxyEditingRightsFactory(ServletContext ctx) {
-		super(ctx);
-	}
-
 	@Override
 	public IdentifierBundle getIdentifierBundleForUser(UserAccount user) {
 		ArrayIdentifierBundle ids = new ArrayIdentifierBundle();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsRootUserFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsRootUserFactory.java
index 9767b2f2ea..fa8df2fe74 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsRootUserFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsRootUserFactory.java
@@ -2,8 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
 
-import javax.servlet.ServletContext;
-
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsRootUser;
@@ -14,10 +12,6 @@
  */
 public class IsRootUserFactory extends BaseUserBasedIdentifierBundleFactory {
 
-	public IsRootUserFactory(ServletContext ctx) {
-		super(ctx);
-	}
-
 	@Override
 	public IdentifierBundle getIdentifierBundleForUser(UserAccount user) {
 		if ((user != null) && user.isRootUser()) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsUserFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsUserFactory.java
index d1d60ea9e5..67b935a1dd 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsUserFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsUserFactory.java
@@ -2,8 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
 
-import javax.servlet.ServletContext;
-
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsUser;
@@ -14,10 +12,6 @@
  */
 public class IsUserFactory extends BaseUserBasedIdentifierBundleFactory {
 
-	public IsUserFactory(ServletContext ctx) {
-		super(ctx);
-	}
-
 	@Override
 	public IdentifierBundle getIdentifierBundleForUser(UserAccount user) {
 		if (user == null) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
new file mode 100644
index 0000000000..57077a54fa
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
@@ -0,0 +1,109 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.objects;
+
+import org.apache.jena.rdf.model.Model;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
+import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
+import edu.cornell.mannlib.vitro.webapp.beans.Property;
+
+public abstract class AccessObject {
+
+    public static String SOME_URI = "?SOME_URI";
+    public static Property SOME_PREDICATE = new Property(SOME_URI);
+    public static String SOME_LITERAL = "?SOME_LITERAL";
+    
+    private AccessObjectStatement statement;
+    private DataProperty dataProperty;
+    private ObjectProperty objectProperty;
+    
+    public ObjectProperty getObjectProperty() {
+        return objectProperty;
+    }
+
+    public void setObjectProperty(ObjectProperty objectProperty) {
+        this.objectProperty = objectProperty;
+    }
+
+    public String getUri() {
+        return null;
+    }
+    
+    public AccessObjectType getType() {
+        return AccessObjectType.ANY;
+    };
+    
+    public AccessObjectStatement getStatement() {
+        return statement;
+    };
+    
+    protected void initializeStatement() {
+        if (statement == null) {
+            statement = new AccessObjectStatement();
+        }
+    }
+
+    public void setStatementOntModel(Model ontModel) {
+        initializeStatement();
+        getStatement().setModel(ontModel);
+    }
+
+    public Model getStatementOntModel() {
+        initializeStatement();
+        return getStatement().getModel();
+    }
+    
+    public void setStatementSubject(String subject) {
+        initializeStatement();
+        getStatement().setSubject(subject);
+    }
+
+    public String getStatementSubject() {
+        initializeStatement();
+        return getStatement().getSubject();
+    }
+    
+    public void setStatementPredicate(Property predicate) {
+        initializeStatement();
+        getStatement().setPredicate(predicate);
+    }
+    
+    private Property getPredicate() {
+        initializeStatement();
+        return getStatement().getPredicate();
+    }
+
+    public String getStatementPredicateUri() {
+        if (statement == null || statement.getPredicate() == null) {
+            return null;
+        }
+        Property predicate = getPredicate();
+        return predicate.getURI();
+    }
+    
+    public void setStatementObject(String objectUri) {
+        initializeStatement();
+        this.getStatement().setObject(objectUri);
+    }
+
+    public String getStatementObject() {
+        initializeStatement();
+        return getStatement().getObject();
+    }
+    
+    public DataProperty getDataProperty() {
+        return dataProperty;
+    }
+
+    public void setDataProperty(DataProperty dataProperty) {
+        this.dataProperty = dataProperty;
+    }
+    
+    public String[] getResourceUris() {
+        initializeStatement();
+        return getStatement().getResourceUris(getType());
+    }
+    
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java
new file mode 100644
index 0000000000..a4e1bb84d8
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java
@@ -0,0 +1,62 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.objects;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+
+/**
+ * A RequestedAction that can be recognized by a SimplePermission.
+ */
+public class AccessObjectImpl extends AccessObject {
+	private final String uri;
+	private AccessObjectType type;
+
+    public AccessObjectImpl() {
+        this.uri = "";
+        this.type = AccessObjectType.NAMED_OBJECT;
+    }
+	
+	public AccessObjectImpl(String uri, AccessObjectType type) {
+		this.uri = uri;
+		this.type = type;
+	}
+	
+    public AccessObjectImpl(String uri) {
+        this.uri = uri;
+        this.type = AccessObjectType.NAMED_OBJECT;
+    }
+
+	@Override
+	public String getUri() {
+		return uri;
+	}
+
+	@Override
+	public int hashCode() {
+		return uri.hashCode();
+	}
+
+	@Override
+	public boolean equals(Object o) {
+		if (o instanceof AccessObjectImpl) {
+			AccessObjectImpl that = (AccessObjectImpl) o;
+			return equivalent(this.uri, that.uri);
+		}
+		return false;
+	}
+
+	private boolean equivalent(Object o1, Object o2) {
+		return (o1 == null) ? (o2 == null) : o1.equals(o2);
+	}
+
+	@Override
+	public String toString() {
+		return "SimpleRequestedAction['" + uri + "']";
+	}
+
+    @Override
+    public AccessObjectType getType() {
+        return type;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java
new file mode 100644
index 0000000000..f9c15a5bb3
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java
@@ -0,0 +1,56 @@
+package edu.cornell.mannlib.vitro.webapp.auth.objects;
+
+import org.apache.jena.rdf.model.Model;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.beans.Property;
+
+public class AccessObjectStatement {
+
+    private Model model = null;
+    private String subject = null;
+    private Property predicate = null;
+    private String object = null;
+
+    public Model getModel() {
+        return model;
+    }
+
+    public void setModel(Model model) {
+        this.model = model;
+    }
+
+    public String getSubject() {
+        return subject;
+    }
+
+    public void setSubject(String subject) {
+        this.subject = subject;
+    }
+
+    public Property getPredicate() {
+        return predicate;
+    }
+
+    public void setPredicate(Property predicate) {
+        this.predicate = predicate;
+    }
+
+    public String getObject() {
+        return object;
+    }
+
+    public void setObject(String object) {
+        this.object = object;
+    }
+
+
+    public String[] getResourceUris(AccessObjectType type) {
+        if (AccessObjectType.DATA_PROPERTY_STATEMENT.equals(type)) {
+            return new String[] { getSubject() };
+        } else if (AccessObjectType.OBJECT_PROPERTY_STATEMENT.equals(type)) {
+            return new String[] { getSubject(), getObject() };
+        }
+        return new String[0];
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
new file mode 100644
index 0000000000..680e033750
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
@@ -0,0 +1,16 @@
+package edu.cornell.mannlib.vitro.webapp.auth.objects;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
+
+public class DataPropertyAccessObject extends AccessObject {
+
+    public DataPropertyAccessObject(DataProperty dataProperty) {
+        setDataProperty(dataProperty);
+    }
+
+    @Override
+    public AccessObjectType getType() {
+        return AccessObjectType.DATA_PROPERTY;
+    }
+}
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java
new file mode 100644
index 0000000000..b41271b4af
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java
@@ -0,0 +1,41 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.objects;
+
+import org.apache.jena.ontology.OntModel;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
+import edu.cornell.mannlib.vitro.webapp.beans.Property;
+
+/**
+ * A base class for requested actions that involve adding, editing, or dropping
+ * data property statements from a model.
+ */
+public class DataPropertyStatementAccessObject extends AccessObject {
+
+    public DataPropertyStatementAccessObject(OntModel ontModel, String subjectUri, String predicateUri, String dataValue) {
+        setStatementOntModel(ontModel);
+        setStatementSubject(subjectUri);
+        setStatementPredicate(new Property(predicateUri));
+        setStatementObject(dataValue);
+
+    }
+
+    public DataPropertyStatementAccessObject(OntModel ontModel, DataPropertyStatement dps) {
+        setStatementOntModel(ontModel);
+        setStatementSubject((dps.getIndividual() == null) ? dps.getIndividualURI() : dps.getIndividual().getURI());
+        setStatementPredicate(new Property(dps.getDatapropURI()));
+        setStatementObject(dps.getData());
+    }
+
+    @Override
+    public String toString() {
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + getStatementPredicateUri() + ">";
+    }
+
+    @Override
+    public AccessObjectType getType() {
+        return AccessObjectType.DATA_PROPERTY_STATEMENT;
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
new file mode 100644
index 0000000000..68115cf2f3
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
@@ -0,0 +1,16 @@
+package edu.cornell.mannlib.vitro.webapp.auth.objects;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
+
+public class ObjectPropertyAccessObject extends AccessObject {
+
+    public ObjectPropertyAccessObject(ObjectProperty objectProperty) {
+        setObjectProperty(objectProperty);
+    }
+
+    @Override
+    public AccessObjectType getType() {
+        return AccessObjectType.OBJECT_PROPERTY;
+    }
+}
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java
new file mode 100644
index 0000000000..aed71b9533
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java
@@ -0,0 +1,32 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.objects;
+
+import org.apache.jena.rdf.model.Model;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.beans.Property;
+
+/**
+ * A base class for requested access objects that involve adding, editing, or deleting
+ * object property statements from a model.
+ */
+public class ObjectPropertyStatementAccessObject extends AccessObject {
+
+	public ObjectPropertyStatementAccessObject(Model ontModel, String subjectUri, Property predicate, String objectUri) {
+	    setStatementOntModel(ontModel);
+        setStatementSubject(subjectUri);
+        setStatementPredicate(predicate);
+        setStatementObject(objectUri);
+	}
+
+    @Override
+    public AccessObjectType getType() {
+        return AccessObjectType.OBJECT_PROPERTY_STATEMENT;
+    }
+
+    @Override
+    public String toString() {
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + getStatementPredicateUri() + ">";
+    }
+}
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/RootAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/RootAccessObject.java
new file mode 100644
index 0000000000..e45ce6a45a
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/RootAccessObject.java
@@ -0,0 +1,16 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.objects;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+
+/**
+ * Should we allow the user to edit or delete the root account?
+ */
+public class RootAccessObject extends AccessObjectImpl {
+    
+    @Override
+    public AccessObjectType getType() {
+        return AccessObjectType.ROOT_USER;
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/BrokenPermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/BrokenPermission.java
deleted file mode 100644
index e28d8a3b73..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/BrokenPermission.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.permissions;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-
-/**
- * This is what the PermissionRegistry hands out if you ask for a Permission
- * that it doesn't know about. Nothing is authorized by this Permission.
- */
-public class BrokenPermission extends Permission {
-	public BrokenPermission(String uri) {
-		super(uri);
-	}
-
-	@Override
-	public boolean isAuthorized(RequestedAction whatToAuth) {
-		return false;
-	}
-
-	@Override
-	public String toString() {
-		return "BrokenPermission[" + uri + "]";
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/DisplayByRolePermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/DisplayByRolePermission.java
deleted file mode 100644
index 99cab19d38..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/DisplayByRolePermission.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.permissions;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBean;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayDataProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * Is the user authorized to display properties that are marked as restricted to
- * a certain "Role Level"?
- */
-public class DisplayByRolePermission extends Permission {
-	private static final Log log = LogFactory
-			.getLog(DisplayByRolePermission.class);
-
-	public static final String NAMESPACE = "java:"
-			+ DisplayByRolePermission.class.getName() + "#";
-
-	private final String roleName;
-	private final RoleLevel roleLevel;
-
-	public DisplayByRolePermission(String roleName, RoleLevel roleLevel) {
-		super(NAMESPACE + roleName);
-
-		if (roleName == null) {
-			throw new NullPointerException("role may not be null.");
-		}
-		if (roleLevel == null) {
-			throw new NullPointerException("roleLevel may not be null.");
-		}
-
-		this.roleName = roleName;
-		this.roleLevel = roleLevel;
-	}
-
-	@Override
-	public boolean isAuthorized(RequestedAction whatToAuth) {
-		boolean result;
-
-		if (whatToAuth instanceof DisplayDataProperty) {
-			result = isAuthorized((DisplayDataProperty) whatToAuth);
-		} else if (whatToAuth instanceof DisplayObjectProperty) {
-			result = isAuthorized((DisplayObjectProperty) whatToAuth);
-		} else if (whatToAuth instanceof DisplayDataPropertyStatement) {
-			result = isAuthorized((DisplayDataPropertyStatement) whatToAuth);
-		} else if (whatToAuth instanceof DisplayObjectPropertyStatement) {
-			result = isAuthorized((DisplayObjectPropertyStatement) whatToAuth);
-		} else {
-			result = false;
-		}
-
-		if (result) {
-			log.debug(this + " authorizes " + whatToAuth);
-		} else {
-			log.debug(this + " does not authorize " + whatToAuth);
-		}
-
-		return result;
-	}
-
-	/**
-	 * The user may see this data property if they are allowed to see its
-	 * predicate.
-	 */
-	private boolean isAuthorized(DisplayDataProperty action) {
-		String predicateUri = action.getDataProperty().getURI();
-		return canDisplayPredicate(new Property(predicateUri));
-	}
-
-	/**
-	 * The user may see this object property if they are allowed to see its
-	 * predicate.
-	 */
-	private boolean isAuthorized(DisplayObjectProperty action) {
-		return canDisplayPredicate(action.getObjectProperty());
-	}
-
-	/**
-	 * The user may see this data property if they are allowed to see its
-	 * subject and its predicate.
-	 */
-	private boolean isAuthorized(DisplayDataPropertyStatement action) {
-		DataPropertyStatement stmt = action.getDataPropertyStatement();
-		String subjectUri = stmt.getIndividualURI();
-		String predicateUri = stmt.getDatapropURI();
-		return canDisplayResource(subjectUri)
-				&& canDisplayPredicate(new Property(predicateUri));
-	}
-
-	/**
-	 * The user may see this data property if they are allowed to see its
-	 * subject, its predicate, and its object.
-	 */
-	private boolean isAuthorized(DisplayObjectPropertyStatement action) {
-		String subjectUri = action.getSubjectUri();
-		String objectUri = action.getObjectUri();
-		Property op = action.getProperty();
-		return canDisplayResource(subjectUri) && canDisplayPredicate(op)
-				&& canDisplayResource(objectUri);
-	}
-
-	private boolean canDisplayResource(String resourceUri) {
-		return PropertyRestrictionBean.getBean().canDisplayResource(
-				resourceUri, this.roleLevel);
-	}
-
-	private boolean canDisplayPredicate(Property predicate) {
-		return PropertyRestrictionBean.getBean().canDisplayPredicate(predicate,
-				this.roleLevel);
-	}
-
-	@Override
-	public String toString() {
-		return "DisplayByRolePermission['" + roleName + "']";
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java
deleted file mode 100644
index e276f9ace2..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.permissions;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBean;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyStatementAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * Is the user authorized to edit properties that are marked as restricted to a
- * certain "Role Level"?
- */
-public class EditByRolePermission extends Permission {
-	private static final Log log = LogFactory
-			.getLog(EditByRolePermission.class);
-
-	public static final String NAMESPACE = "java:"
-			+ EditByRolePermission.class.getName() + "#";
-
-	private final String roleName;
-	private final RoleLevel roleLevel;
-
-	public EditByRolePermission(String roleName, RoleLevel roleLevel) {
-		super(NAMESPACE + roleName);
-
-		if (roleName == null) {
-			throw new NullPointerException("role may not be null.");
-		}
-		if (roleLevel == null) {
-			throw new NullPointerException("roleLevel may not be null.");
-		}
-
-		this.roleName = roleName;
-		this.roleLevel = roleLevel;
-	}
-
-	/**
-	 * If the requested action is to edit a property statement, we might
-	 * authorize it based on their role level.
-	 */
-	@Override
-	public boolean isAuthorized(RequestedAction whatToAuth) {
-		boolean result;
-
-		if (whatToAuth instanceof AbstractDataPropertyStatementAction) {
-			result = isAuthorized((AbstractDataPropertyStatementAction) whatToAuth);
-		} else if (whatToAuth instanceof AbstractObjectPropertyStatementAction) {
-			result = isAuthorized((AbstractObjectPropertyStatementAction) whatToAuth);
-		} else {
-			result = false;
-		}
-
-		if (result) {
-			log.debug(this + " authorizes " + whatToAuth);
-		} else {
-			log.debug(this + " does not authorize " + whatToAuth);
-		}
-
-		return result;
-	}
-
-	/**
-	 * The user may add, edit, or delete this data property if they are allowed
-	 * to modify its subject and its predicate.
-	 */
-	private boolean isAuthorized(AbstractDataPropertyStatementAction action) {
-		String subjectUri = action.getSubjectUri();
-		Property predicate = action.getPredicate();
-		return canModifyResource(subjectUri) && canModifyPredicate(predicate);
-	}
-
-	/**
-	 * The user may add, edit, or delete this data property if they are allowed
-	 * to modify its subject, its predicate, and its object.
-	 */
-	private boolean isAuthorized(AbstractObjectPropertyStatementAction action) {
-		String subjectUri = action.getSubjectUri();
-		Property predicate = action.getPredicate();
-		String objectUri = action.getObjectUri();
-		return canModifyResource(subjectUri) && canModifyPredicate(predicate)
-				&& canModifyResource(objectUri);
-	}
-
-	private boolean canModifyResource(String resourceUri) {
-		return PropertyRestrictionBean.getBean().canModifyResource(resourceUri,
-				roleLevel);
-	}
-
-	private boolean canModifyPredicate(Property predicate) {
-		return PropertyRestrictionBean.getBean().canModifyPredicate(predicate,
-				roleLevel);
-	}
-
-	@Override
-	public String toString() {
-		return "EditByRolePermission['" + roleName + "']";
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/Permission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/Permission.java
deleted file mode 100644
index fda203fc22..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/Permission.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.permissions;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-
-/**
- * Interface that describes a unit of authorization, or permission to perform
- * requested actions.
- */
-public abstract class Permission implements Comparable<Permission> {
-	protected final String uri;
-
-	protected Permission(String uri) {
-		if (uri == null) {
-			throw new NullPointerException("uri may not be null.");
-		}
-		this.uri = uri;
-	}
-
-	/**
-	 * Get the URI that identifies this Permission object.
-	 */
-	public String getUri() {
-		return uri;
-	}
-
-	/**
-	 * Is a user with this Permission authorized to perform this
-	 * RequestedAction?
-	 */
-	public abstract boolean isAuthorized(RequestedAction whatToAuth);
-
-	@Override
-	public int compareTo(Permission that) {
-		return this.uri.compareTo(that.uri);
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if (obj == this) {
-			return true;
-		}
-		if (obj == null) {
-			return false;
-		}
-		if (!obj.getClass().equals(this.getClass())) {
-			return false;
-		}
-		Permission that = (Permission) obj;
-		return this.uri.equals(that.uri);
-	}
-
-	@Override
-	public int hashCode() {
-		return uri.hashCode();
-	}
-
-	@Override
-	public String toString() {
-		return this.getClass().getSimpleName() + "['" + uri + "']";
-	}
-
-	/**
-	 * A concrete Permission instance that authorizes nothing.
-	 */
-	static Permission NOT_AUTHORIZED = new Permission("java:"
-			+ Permission.class.getName() + "#NOT_AUTHORIZED") {
-
-		@Override
-		public boolean isAuthorized(RequestedAction whatToAuth) {
-			return false;
-		}
-
-	};
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java
deleted file mode 100644
index fab6cfff62..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java
+++ /dev/null
@@ -1,216 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.permissions;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.ServletContext;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
-
-/**
- * A collection of Permission objects, keyed by URI. Resides in the
- * ServletContext.
- *
- * This is not thread-safe, so Permissions should be added only during context
- * initialization.
- */
-public class PermissionRegistry {
-	private static final Log log = LogFactory.getLog(PermissionRegistry.class);
-
-	// ----------------------------------------------------------------------
-	// The factory
-	// ----------------------------------------------------------------------
-
-	private static final String ATTRIBUTE_NAME = PermissionRegistry.class
-			.getName();
-
-	/**
-	 * Has the registry been created yet?
-	 */
-	public static boolean isRegistryCreated(ServletContext ctx) {
-		return ctx.getAttribute(ATTRIBUTE_NAME) instanceof PermissionRegistry;
-	}
-
-	/**
-	 * Create the registry and store it in the context.
-	 */
-	public static void createRegistry(ServletContext ctx,
-			Collection<? extends Permission> permissions) {
-		if (ctx == null) {
-			throw new NullPointerException("ctx may not be null.");
-		}
-		if (permissions == null) {
-			throw new NullPointerException("permissions may not be null.");
-		}
-		if (ctx.getAttribute(ATTRIBUTE_NAME) != null) {
-			throw new IllegalStateException(
-					"PermissionRegistry has already been set.");
-		}
-
-		PermissionRegistry registry = new PermissionRegistry();
-		registry.addPermissions(permissions);
-		ctx.setAttribute(ATTRIBUTE_NAME, registry);
-	}
-
-	/**
-	 * Get the registry from the context. If there isn't one, throw an
-	 * exception.
-	 */
-	public static PermissionRegistry getRegistry(ServletContext ctx) {
-		if (ctx == null) {
-			throw new NullPointerException("ctx may not be null.");
-		}
-
-		Object o = ctx.getAttribute(ATTRIBUTE_NAME);
-		if (o == null) {
-			throw new IllegalStateException(
-					"PermissionRegistry has not been set.");
-		} else if (!(o instanceof PermissionRegistry)) {
-			throw new IllegalStateException("PermissionRegistry was set to an "
-					+ "invalid object: " + o);
-		}
-
-		return (PermissionRegistry) o;
-	}
-
-	// ----------------------------------------------------------------------
-	// The instance
-	// ----------------------------------------------------------------------
-
-	private final Map<String, Permission> map = new HashMap<>();
-
-	/**
-	 * This class is not thread-safe, so permissions should be added only during
-	 * context initialization.
-	 */
-	public void addPermissions(Collection<? extends Permission> permissions) {
-		for (Permission p : permissions) {
-			addPermission(p);
-		}
-	}
-
-	/**
-	 * This class is not thread-safe, so permissions should be added only during
-	 * context initialization.
-	 */
-	public void addPermission(Permission p) {
-		String uri = p.getUri();
-		if (map.containsKey(uri)) {
-			throw new IllegalStateException("A Permission is already "
-					+ "registered with this URI: '" + uri + "'.");
-		}
-		map.put(uri, p);
-	}
-
-	/**
-	 * Is there a Permission registered with this URI?
-	 */
-	public boolean isPermission(String uri) {
-		return map.containsKey(uri);
-	}
-
-	/**
-	 * Get the permission that is registered with this URI. If there is no such
-	 * Permission, return a BrokenPermission that always denies authorization.
-	 *
-	 * If you want to know whether an actual Permission has been registered at
-	 * this URI, call isPermission() instead.
-	 */
-	public Permission getPermission(String uri) {
-		Permission p = map.get(uri);
-		if (p == null) {
-			log.warn("No Permission is registered for '" + uri + "'");
-			return new BrokenPermission(uri);
-		}
-
-		return p;
-	}
-
-	// ----------------------------------------------------------------------
-	// Setup class
-	// ----------------------------------------------------------------------
-
-	public static class Setup implements ServletContextListener {
-		@Override
-		public void contextInitialized(ServletContextEvent sce) {
-			ServletContext ctx = sce.getServletContext();
-			StartupStatus ss = StartupStatus.getBean(ctx);
-			try {
-				List<Permission> permissions = new ArrayList<Permission>();
-
-				permissions.addAll(SimplePermission.getAllInstances());
-				permissions.addAll(createDisplayByRolePermissions());
-				permissions.addAll(createEditByRolePermissions());
-				permissions.addAll(createPublishByRolePermissions());
-
-				PermissionRegistry.createRegistry(ctx, permissions);
-
-				ss.info(this, "Created the PermissionRegistry with "
-						+ permissions.size() + " permissions.");
-			} catch (Exception e) {
-				ss.fatal(this, "Failed to initialize the PermissionRegistry.",
-						e);
-			}
-		}
-
-		/**
-		 * There is no DisplayByRolePermission for self-editors. They get the
-		 * same rights as PUBLIC. Other permissions give them their self-editing
-		 * privileges.
-		 */
-		private Collection<Permission> createDisplayByRolePermissions() {
-			List<Permission> list = new ArrayList<Permission>();
-			list.add(new DisplayByRolePermission("Admin", RoleLevel.DB_ADMIN));
-			list.add(new DisplayByRolePermission("Curator", RoleLevel.CURATOR));
-			list.add(new DisplayByRolePermission("Editor", RoleLevel.EDITOR));
-			list.add(new DisplayByRolePermission("Public", RoleLevel.PUBLIC));
-			return list;
-		}
-
-		/**
-		 * There is no EditByRolePermission for PUBLIC or for self-editors. A
-		 * property may be given an edit-level of "PUBLIC", but that may also
-		 * simply be the default assigned to it when editing, and we don't want
-		 * to recognize that.
-		 *
-		 * Other permissions give self-editors their editing privileges.
-		 */
-		private Collection<Permission> createEditByRolePermissions() {
-			List<Permission> list = new ArrayList<Permission>();
-			list.add(new EditByRolePermission("Admin", RoleLevel.DB_ADMIN));
-			list.add(new EditByRolePermission("Curator", RoleLevel.CURATOR));
-			list.add(new EditByRolePermission("Editor", RoleLevel.EDITOR));
-			return list;
-		}
-
-		@Override
-		public void contextDestroyed(ServletContextEvent sce) {
-			sce.getServletContext().removeAttribute(ATTRIBUTE_NAME);
-		}
-
-		/**
-		 * There is no PublishByRolePermission for self-editors. They get the
-		 * same rights as PUBLIC. Other permissions give them their self-editing
-		 * privileges.
-		 */
-		private Collection<Permission> createPublishByRolePermissions() {
-			List<Permission> list = new ArrayList<Permission>();
-			list.add(new PublishByRolePermission("Admin", RoleLevel.DB_ADMIN));
-			list.add(new PublishByRolePermission("Curator", RoleLevel.CURATOR));
-			list.add(new PublishByRolePermission("Editor", RoleLevel.EDITOR));
-			list.add(new PublishByRolePermission("Public", RoleLevel.PUBLIC));
-			return list;
-		}
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionSetsSmokeTest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionSetsSmokeTest.java
index 766f4c136d..b8c68f993a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionSetsSmokeTest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionSetsSmokeTest.java
@@ -69,7 +69,6 @@ public SmokeTester(ServletContextListener listener, ServletContext ctx,
 		public void test() {
 			checkForPermissionSetsWithoutLabels();
 			checkForReferencesToNonexistentPermissionSets();
-			checkForReferencesToNonexistentPermissions();
 			warnIfNoPermissionSetsForNewUsers();
 		}
 
@@ -95,21 +94,6 @@ private void checkForReferencesToNonexistentPermissionSets() {
 			}
 		}
 
-		private void checkForReferencesToNonexistentPermissions() {
-			PermissionRegistry registry = PermissionRegistry.getRegistry(ctx);
-			for (PermissionSet ps : uaDao.getAllPermissionSets()) {
-				for (String pUri : ps.getPermissionUris()) {
-					if (!registry.isPermission(pUri)) {
-						ss.warning(listener,
-								"The PermissionSet '" + ps.getLabel()
-										+ "' has the Permission '" + pUri
-										+ "', but the Permission "
-										+ "is not found in the registry.");
-					}
-				}
-			}
-		}
-
 		private void warnIfNoPermissionSetsForNewUsers() {
 			for (PermissionSet ps : uaDao.getAllPermissionSets()) {
 				if (ps.isForNewUsers()) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/PublishByRolePermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/PublishByRolePermission.java
deleted file mode 100644
index b1e63aa4bb..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/PublishByRolePermission.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.permissions;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBean;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish.PublishDataProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish.PublishDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish.PublishObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish.PublishObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * Is the user authorized to publish properties that are marked as restricted to
- * a certain "Role Level"?
- */
-public class PublishByRolePermission extends Permission {
-	private static final Log log = LogFactory
-			.getLog(PublishByRolePermission.class);
-
-	public static final String NAMESPACE = "java:"
-			+ PublishByRolePermission.class.getName() + "#";
-
-	private final String roleName;
-	private final RoleLevel roleLevel;
-
-	public PublishByRolePermission(String roleName, RoleLevel roleLevel) {
-		super(NAMESPACE + roleName);
-
-		if (roleName == null) {
-			throw new NullPointerException("role may not be null.");
-		}
-		if (roleLevel == null) {
-			throw new NullPointerException("roleLevel may not be null.");
-		}
-
-		this.roleName = roleName;
-		this.roleLevel = roleLevel;
-	}
-
-	@Override
-	public boolean isAuthorized(RequestedAction whatToAuth) {
-		boolean result;
-
-		if (whatToAuth instanceof PublishDataProperty) {
-			result = isAuthorized((PublishDataProperty) whatToAuth);
-		} else if (whatToAuth instanceof PublishObjectProperty) {
-			result = isAuthorized((PublishObjectProperty) whatToAuth);
-		} else if (whatToAuth instanceof PublishDataPropertyStatement) {
-			result = isAuthorized((PublishDataPropertyStatement) whatToAuth);
-		} else if (whatToAuth instanceof PublishObjectPropertyStatement) {
-			result = isAuthorized((PublishObjectPropertyStatement) whatToAuth);
-		} else {
-			result = false;
-		}
-
-		if (result) {
-			log.debug(this + " authorizes " + whatToAuth);
-		} else {
-			log.debug(this + " does not authorize " + whatToAuth);
-		}
-
-		return result;
-	}
-
-	/**
-	 * The user may publish this data property if they are allowed to publish
-	 * its predicate.
-	 */
-	private boolean isAuthorized(PublishDataProperty action) {
-		String predicateUri = action.getDataProperty().getURI();
-		return canPublishPredicate(new Property(predicateUri));
-	}
-
-	/**
-	 * The user may publish this object property if they are allowed to publish
-	 * its predicate.
-	 */
-	private boolean isAuthorized(PublishObjectProperty action) {
-		return canPublishPredicate(action.getObjectProperty());
-	}
-
-	/**
-	 * The user may publish this data property if they are allowed to publish
-	 * its subject and its predicate.
-	 */
-	private boolean isAuthorized(PublishDataPropertyStatement action) {
-		String subjectUri = action.getSubjectUri();
-		String predicateUri = action.getPredicateUri();
-		return canPublishResource(subjectUri)
-				&& canPublishPredicate(new Property(predicateUri));
-	}
-
-	/**
-	 * The user may publish this data property if they are allowed to publish
-	 * its subject, its predicate, and its object.
-	 */
-	private boolean isAuthorized(PublishObjectPropertyStatement action) {
-		String subjectUri = action.getSubjectUri();
-		Property predicate = action.getPredicate();
-		String objectUri = action.getObjectUri();
-		return canPublishResource(subjectUri) && canPublishPredicate(predicate)
-				&& canPublishResource(objectUri);
-	}
-
-	private boolean canPublishResource(String resourceUri) {
-		return PropertyRestrictionBean.getBean().canPublishResource(
-				resourceUri, this.roleLevel);
-	}
-
-	private boolean canPublishPredicate(Property predicate) {
-		return PropertyRestrictionBean.getBean().canPublishPredicate(predicate,
-				this.roleLevel);
-	}
-
-	@Override
-	public String toString() {
-		return "PublishByRolePermission['" + roleName + "']";
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
index 82ee603fa7..9c5571d499 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
@@ -1,154 +1,73 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
 package edu.cornell.mannlib.vitro.webapp.auth.permissions;
 
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleRequestedAction;
-
-/**
- * A class of simple permissions. Each instance holds a RequestedAction, and
- * will only authorize that RequestedAction (or one with the same URI).
- */
-public class SimplePermission extends Permission {
-	private static final Log log = LogFactory.getLog(SimplePermission.class);
-
-	private static final String NAMESPACE = "java:"
-			+ SimplePermission.class.getName() + "#";
-
-	private static final Map<String, SimplePermission> allInstances = new HashMap<String, SimplePermission>();
-
-	public static final SimplePermission ACCESS_SPECIAL_DATA_MODELS = new SimplePermission(
-		NAMESPACE + "AccessSpecialDataModels");
-	public static final SimplePermission DO_BACK_END_EDITING = new SimplePermission(
-		NAMESPACE + "DoBackEndEditing");
-	public static final SimplePermission DO_FRONT_END_EDITING = new SimplePermission(
-		NAMESPACE + "DoFrontEndEditing");
-	public static final SimplePermission EDIT_ONTOLOGY = new SimplePermission(
-		NAMESPACE + "EditOntology");
-	public static final SimplePermission EDIT_OWN_ACCOUNT = new SimplePermission(
-		NAMESPACE + "EditOwnAccount");
-	public static final SimplePermission EDIT_SITE_INFORMATION = new SimplePermission(
-		NAMESPACE + "EditSiteInformation");
-	public static final SimplePermission ENABLE_DEVELOPER_PANEL = new SimplePermission(
-		NAMESPACE + "EnableDeveloperPanel");
-	public static final SimplePermission LOGIN_DURING_MAINTENANCE = new SimplePermission(
-		NAMESPACE + "LoginDuringMaintenance");
-	public static final SimplePermission MANAGE_MENUS = new SimplePermission(
-		NAMESPACE + "ManageMenus");
-	public static final SimplePermission MANAGE_OWN_PROXIES = new SimplePermission(
-		NAMESPACE + "ManageOwnProxies");
-	public static final SimplePermission MANAGE_PROXIES = new SimplePermission(
-		NAMESPACE + "ManageProxies");
-	public static final SimplePermission MANAGE_SEARCH_INDEX = new SimplePermission(
-		NAMESPACE + "ManageSearchIndex");
-	public static final SimplePermission MANAGE_USER_ACCOUNTS = new SimplePermission(
-		NAMESPACE + "ManageUserAccounts");
-	public static final SimplePermission QUERY_FULL_MODEL = new SimplePermission(
-		NAMESPACE + "QueryFullModel");
-	public static final SimplePermission QUERY_USER_ACCOUNTS_MODEL = new SimplePermission(
-		NAMESPACE + "QueryUserAccountsModel");
-	public static final SimplePermission REFRESH_VISUALIZATION_CACHE = new SimplePermission(
-		NAMESPACE + "RefreshVisualizationCache");
-	public static final SimplePermission SEE_CONFIGURATION = new SimplePermission(
-		NAMESPACE + "SeeConfiguration");
-	public static final SimplePermission SEE_INDVIDUAL_EDITING_PANEL = new SimplePermission(
-		NAMESPACE + "SeeIndividualEditingPanel");
-	public static final SimplePermission SEE_REVISION_INFO = new SimplePermission(
-		NAMESPACE + "SeeRevisionInfo");
-	public static final SimplePermission SEE_SITE_ADMIN_PAGE = new SimplePermission(
-		NAMESPACE + "SeeSiteAdminPage");
-	public static final SimplePermission SEE_STARTUP_STATUS = new SimplePermission(
-		NAMESPACE + "SeeStartupStatus");
-	public static final SimplePermission SEE_VERBOSE_PROPERTY_INFORMATION = new SimplePermission(
-		NAMESPACE + "SeeVerbosePropertyInformation");
-	public static final SimplePermission USE_ADVANCED_DATA_TOOLS_PAGES = new SimplePermission(
-		NAMESPACE + "UseAdvancedDataToolsPages");
-	public static final SimplePermission USE_INDIVIDUAL_CONTROL_PANEL = new SimplePermission(
-		NAMESPACE + "UseIndividualControlPanel");
-	public static final SimplePermission USE_SPARQL_QUERY_PAGE = new SimplePermission(
-		NAMESPACE + "UseSparqlQueryPage");
-	public static final SimplePermission USE_SPARQL_QUERY_API = new SimplePermission(
-		NAMESPACE + "UseSparqlQueryApi");
-	public static final SimplePermission USE_SPARQL_UPDATE_API = new SimplePermission(
-		NAMESPACE + "UseSparqlUpdateApi");
-
-	// ----------------------------------------------------------------------
-	// These instances are "catch all" permissions to cover poorly defined
-	// groups of actions until better definitions were found. Don't add usages
-	// of these, and remove existing usages where possible.
-	// ----------------------------------------------------------------------
-
-	public static final SimplePermission USE_BASIC_AJAX_CONTROLLERS = new SimplePermission(
-		NAMESPACE + "UseBasicAjaxControllers");
-	public static final SimplePermission USE_MISCELLANEOUS_ADMIN_PAGES = new SimplePermission(
-		NAMESPACE + "UseMiscellaneousAdminPages");
-	public static final SimplePermission USE_MISCELLANEOUS_CURATOR_PAGES = new SimplePermission(
-		NAMESPACE + "UseMiscellaneousCuratorPages");
-	public static final SimplePermission USE_MISCELLANEOUS_PAGES = new SimplePermission(
-		NAMESPACE + "UseMiscellaneousPages");
-
-	// ----------------------------------------------------------------------
-	// These instances are permissions that can be specified for a given page created/managed through page management,
-	// e.g. this page is viewable only by admins, this page is viewable to anyone who is logged in, etc.
-	// ----------------------------------------------------------------------
-	public static final SimplePermission PAGE_VIEWABLE_ADMIN = new SimplePermission(
-			NAMESPACE + "PageViewableAdmin");
-		public static final SimplePermission PAGE_VIEWABLE_CURATOR = new SimplePermission(
-			NAMESPACE + "PageViewableCurator");
-		public static final SimplePermission PAGE_VIEWABLE_LOGGEDIN = new SimplePermission(
-			NAMESPACE + "PageViewableLoggedIn");
-		public static final SimplePermission PAGE_VIEWABLE_EDITOR = new SimplePermission(
-			NAMESPACE + "PageViewableEditor");
-		public static final SimplePermission PAGE_VIEWABLE_PUBLIC = new SimplePermission(
-			NAMESPACE + "PageViewablePublic");
-
-
-	public static List<SimplePermission> getAllInstances() {
-		return new ArrayList<SimplePermission>(allInstances.values());
-	}
-
-	//private final String localName;
-	public final RequestedAction ACTION;
-
-	public SimplePermission(String uri) {
-		super(uri);
-
-		if (uri == null) {
-			throw new NullPointerException("uri may not be null.");
-		}
-
-		this.ACTION = new SimpleRequestedAction(uri);
-
-		if (allInstances.containsKey(this.uri)) {
-			throw new IllegalStateException("A SimplePermission named '"
-					+ this.uri + "' already exists.");
-		}
-		allInstances.put(uri, this);
-	}
-
-	@Override
-	public boolean isAuthorized(RequestedAction whatToAuth) {
-		if (whatToAuth != null) {
-			if (ACTION.getURI().equals(whatToAuth.getURI())) {
-				log.debug(this + " authorizes " + whatToAuth);
-				return true;
-			}
-		}
-		log.debug(this + " does not authorize " + whatToAuth);
-		return false;
-	}
-
-	@Override
-	public String toString() {
-		return "SimplePermission['" + uri+ "']";
-	}
-
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObjectImpl;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
+
+public class SimplePermission {
+
+  //Access rules stored here for compatibility reasons
+
+    public static final SimplePermission ACCESS_SPECIAL_DATA_MODELS = new SimplePermission("AccessSpecialDataModels");
+    public static final SimplePermission DO_BACK_END_EDITING = new SimplePermission("DoBackEndEditing");
+    public static final SimplePermission DO_FRONT_END_EDITING = new SimplePermission("DoFrontEndEditing");
+    public static final SimplePermission EDIT_ONTOLOGY = new SimplePermission("EditOntology");
+    public static final SimplePermission EDIT_OWN_ACCOUNT = new SimplePermission("EditOwnAccount");
+    public static final SimplePermission EDIT_SITE_INFORMATION = new SimplePermission("EditSiteInformation");
+    public static final SimplePermission ENABLE_DEVELOPER_PANEL = new SimplePermission("EnableDeveloperPanel");
+    public static final SimplePermission LOGIN_DURING_MAINTENANCE = new SimplePermission("LoginDuringMaintenance");
+    public static final SimplePermission MANAGE_MENUS = new SimplePermission("ManageMenus");
+    public static final SimplePermission MANAGE_OWN_PROXIES = new SimplePermission("ManageOwnProxies");
+    public static final SimplePermission MANAGE_PROXIES = new SimplePermission("ManageProxies");
+    public static final SimplePermission MANAGE_SEARCH_INDEX = new SimplePermission("ManageSearchIndex");
+    public static final SimplePermission MANAGE_USER_ACCOUNTS = new SimplePermission("ManageUserAccounts");
+    public static final SimplePermission QUERY_FULL_MODEL = new SimplePermission("QueryFullModel");
+    public static final SimplePermission QUERY_USER_ACCOUNTS_MODEL = new SimplePermission("QueryUserAccountsModel");
+    public static final SimplePermission REFRESH_VISUALIZATION_CACHE = new SimplePermission("RefreshVisualizationCache");
+    public static final SimplePermission SEE_CONFIGURATION = new SimplePermission("SeeConfiguration");
+    public static final SimplePermission SEE_INDVIDUAL_EDITING_PANEL = new SimplePermission("SeeIndividualEditingPanel");
+    public static final SimplePermission SEE_REVISION_INFO = new SimplePermission("SeeRevisionInfo");
+    public static final SimplePermission SEE_SITE_ADMIN_PAGE = new SimplePermission("SeeSiteAdminPage");
+    public static final SimplePermission SEE_STARTUP_STATUS = new SimplePermission("SeeStartupStatus");
+    public static final SimplePermission SEE_VERBOSE_PROPERTY_INFORMATION = new SimplePermission("SeeVerbosePropertyInformation");
+    public static final SimplePermission USE_ADVANCED_DATA_TOOLS_PAGES = new SimplePermission("UseAdvancedDataToolsPages");
+    public static final SimplePermission USE_INDIVIDUAL_CONTROL_PANEL = new SimplePermission("UseIndividualControlPanel");
+    public static final SimplePermission USE_SPARQL_QUERY_PAGE = new SimplePermission("UseSparqlQueryPage");
+    public static final SimplePermission USE_SPARQL_QUERY_API = new SimplePermission("UseSparqlQueryApi");
+    public static final SimplePermission USE_SPARQL_UPDATE_API = new SimplePermission("UseSparqlUpdateApi");
+    
+    // ----------------------------------------------------------------------
+    // These instances are "catch all" permissions to cover poorly defined
+    // groups of actions until better definitions were found. Don't add usages
+    // of these, and remove existing usages where possible.
+    // ----------------------------------------------------------------------
+    
+    public static final SimplePermission USE_BASIC_AJAX_CONTROLLERS = new SimplePermission("UseBasicAjaxControllers");
+    public static final SimplePermission USE_MISCELLANEOUS_ADMIN_PAGES = new SimplePermission("UseMiscellaneousAdminPages");
+    public static final SimplePermission USE_MISCELLANEOUS_CURATOR_PAGES = new SimplePermission("UseMiscellaneousCuratorPages");
+    public static final SimplePermission USE_MISCELLANEOUS_PAGES = new SimplePermission("UseMiscellaneousPages");
+
+    // ----------------------------------------------------------------------
+    // These instances are permissions that can be specified for a given page
+    // created/managed through page management,
+    // e.g. this page is viewable only by admins, this page is viewable to anyone
+    // who is logged in, etc.
+    // ----------------------------------------------------------------------
+    
+    public static final SimplePermission PAGE_VIEWABLE_ADMIN = new SimplePermission("PageViewableAdmin");
+    public static final SimplePermission PAGE_VIEWABLE_CURATOR = new SimplePermission("PageViewableCurator");
+    public static final SimplePermission PAGE_VIEWABLE_LOGGEDIN = new SimplePermission("PageViewableLoggedIn");
+    public static final SimplePermission PAGE_VIEWABLE_EDITOR = new SimplePermission("PageViewableEditor");
+    public static final SimplePermission PAGE_VIEWABLE_PUBLIC = new SimplePermission("PageViewablePublic");
+    
+    
+    public SimpleAuthorizationRequest ACTION;
+    public static final String NS = "java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#";
+
+    private SimplePermission(String uri) {
+        uri = SimplePermission.NS + uri;
+        AccessObjectImpl ao = new AccessObjectImpl(uri, AccessObjectType.NAMED_OBJECT);
+        this.ACTION = new SimpleAuthorizationRequest(ao, AccessOperation.EXECUTE);
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java
deleted file mode 100644
index 1541cfc8eb..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import javax.servlet.ServletContext;
-
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBean;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * A base class with utility methods for policies involving self-editing.
- */
-public abstract class BaseSelfEditingPolicy {
-	protected final ServletContext ctx;
-	protected final RoleLevel roleLevel;
-
-	public BaseSelfEditingPolicy(ServletContext ctx, RoleLevel roleLevel) {
-		this.ctx = ctx;
-		this.roleLevel = roleLevel;
-	}
-
-	protected boolean canModifyResource(String uri) {
-		return PropertyRestrictionBean.getBean().canModifyResource(uri,
-				roleLevel);
-	}
-
-	protected boolean canModifyPredicate(Property predicate) {
-		return PropertyRestrictionBean.getBean().canModifyPredicate(predicate,
-				roleLevel);
-	}
-
-	protected PolicyDecision cantModifyResource(String uri) {
-		return inconclusiveDecision("No access to admin resources; cannot modify "
-				+ uri);
-	}
-
-	protected PolicyDecision cantModifyPredicate(Property predicate) {
-		return inconclusiveDecision("No access to admin predicates; cannot modify "
-				+ predicate.getURI());
-	}
-
-	protected PolicyDecision userNotAuthorizedToStatement() {
-		return inconclusiveDecision("User has no access to this statement.");
-	}
-
-	/** An INCONCLUSIVE decision with a message like "PolicyClass: message". */
-	protected PolicyDecision inconclusiveDecision(String message) {
-		return new BasicPolicyDecision(Authorization.INCONCLUSIVE, getClass()
-				.getSimpleName() + ": " + message);
-	}
-
-	/** An AUTHORIZED decision with a message like "PolicyClass: message". */
-	protected PolicyDecision authorizedDecision(String message) {
-		return new BasicPolicyDecision(Authorization.AUTHORIZED, getClass()
-				.getSimpleName() + ": " + message);
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyDecision.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyDecision.java
index b831be9ddb..2f44ff48dc 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyDecision.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyDecision.java
@@ -2,7 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 
 /**
@@ -14,21 +14,19 @@ public class BasicPolicyDecision implements PolicyDecision{
     String debuggingInfo;
     String message;
     String StackTrace;
-    Authorization authorized;
+    DecisionResult decisionResult;
 
-
-
-    public BasicPolicyDecision( Authorization authorized, String message) {
+    public BasicPolicyDecision( DecisionResult authorized, String message) {
         super();
         this.message = message;
-        this.authorized = authorized;
+        this.decisionResult = authorized;
     }
 
-    public Authorization getAuthorized() {
-        return authorized;
+    public DecisionResult getDecisionResult() {
+        return decisionResult;
     }
-    public BasicPolicyDecision setAuthorized(Authorization auth) {
-        this.authorized = auth;
+    public BasicPolicyDecision setDecisionResult(DecisionResult decisionResult) {
+        this.decisionResult = decisionResult;
         return this;
     }
     public String getDebuggingInfo() {
@@ -53,6 +51,6 @@ public void setStackTrace(String stackTrace) {
     }
 
     public String toString(){
-        return authorized + ": " + message;
+        return decisionResult + ": " + message;
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/CompositPolicyDecision.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/CompositPolicyDecision.java
deleted file mode 100644
index 22d568f2ff..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/CompositPolicyDecision.java
+++ /dev/null
@@ -1,23 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import java.util.List;
-
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-
-/**
- * Policy decision that is made from some analysis of a set of decisions.
- * @author bdc34
- *
- */
-public class CompositPolicyDecision extends BasicPolicyDecision implements PolicyDecision {
-    List<PolicyDecision> subDecisions;
-
-    public CompositPolicyDecision(Authorization auth, String message, List<PolicyDecision> subDecisions){
-        super( auth, message);
-        this.subDecisions = subDecisions;
-    }
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataToSelfPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataToSelfPolicy.java
deleted file mode 100644
index 2c536813c7..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataToSelfPolicy.java
+++ /dev/null
@@ -1,179 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import java.util.Collection;
-
-import javax.servlet.ServletContext;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasAssociatedIndividual;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBean;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayDataProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * Permit display of various data if it relates to the user's associated
- * individual.
- *
- * This policy is only to handle the case where a user would not be able to see
- * data except for their self-editing status. If the data would be visible
- * without that status, we assume that some other policy will grant access.
- */
-public class DisplayRestrictedDataToSelfPolicy implements PolicyIface {
-	private static final Log log = LogFactory
-			.getLog(DisplayRestrictedDataToSelfPolicy.class);
-
-	private final ServletContext ctx;
-
-	public DisplayRestrictedDataToSelfPolicy(ServletContext ctx) {
-		this.ctx = ctx;
-	}
-
-	/**
-	 * If the requested action is to display a property or a property statement,
-	 * we might authorize it based on their role level.
-	 */
-	@Override
-	public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
-			RequestedAction whatToAuth) {
-		if (whoToAuth == null) {
-			return defaultDecision("whomToAuth was null");
-		}
-		if (whatToAuth == null) {
-			return defaultDecision("whatToAuth was null");
-		}
-
-		Collection<String> associated = HasAssociatedIndividual
-				.getIndividualUris(whoToAuth);
-		if (associated.isEmpty()) {
-			return defaultDecision("not self-editing for anyone");
-		}
-
-		if (whatToAuth instanceof DisplayDataProperty) {
-			return defaultDecision("DataProperties have no associated 'self'");
-		} else if (whatToAuth instanceof DisplayObjectProperty) {
-			return defaultDecision("ObjectProperties have no associated 'self'");
-		}
-
-		PolicyDecision result;
-		if (whatToAuth instanceof DisplayDataPropertyStatement) {
-			result = isAuthorized((DisplayDataPropertyStatement) whatToAuth,
-					associated);
-		} else if (whatToAuth instanceof DisplayObjectPropertyStatement) {
-			result = isAuthorized((DisplayObjectPropertyStatement) whatToAuth,
-					associated);
-		} else {
-			result = defaultDecision("Unrecognized action");
-		}
-
-		log.debug("decision for '" + whatToAuth + "' is " + result);
-		return result;
-	}
-
-	/**
-	 * The user may see this data property statement if the subject and the
-	 * predicate are both viewable by self-editors, and the subject is one of
-	 * the associated individuals (the "selves").
-	 */
-	private PolicyDecision isAuthorized(DisplayDataPropertyStatement action,
-			Collection<String> individuals) {
-		DataPropertyStatement stmt = action.getDataPropertyStatement();
-		String subjectUri = stmt.getIndividualURI();
-		Property predicate = new Property(stmt.getDatapropURI());
-		if (canDisplayResource(subjectUri) && canDisplayPredicate(predicate)
-				&& isAboutAssociatedIndividual(individuals, subjectUri)) {
-			return authorized("user may view DataPropertyStatement "
-					+ subjectUri + " ==> " + predicate.getURI());
-		} else {
-			return defaultDecision("user may not view DataPropertyStatement "
-					+ subjectUri + " ==> " + predicate.getURI());
-		}
-	}
-
-	/**
-	 * The user may see this data property statement if the subject, the
-	 * predicate, and the object are all viewable by self-editors, and either
-	 * the subject or the object is one of the associated individuals (the
-	 * "selves").
-	 */
-	private PolicyDecision isAuthorized(DisplayObjectPropertyStatement action,
-			Collection<String> individuals) {
-		String subjectUri = action.getSubjectUri();
-		Property predicate = action.getProperty();
-		String objectUri = action.getObjectUri();
-		if (canDisplayResource(subjectUri)
-				&& canDisplayPredicate(predicate)
-				&& canDisplayResource(objectUri)
-				&& isAboutAssociatedIndividual(individuals, subjectUri,
-						objectUri)) {
-			return authorized("user may view ObjectPropertyStatement "
-					+ subjectUri + " ==> " + predicate.getURI() + " ==> "
-					+ objectUri);
-		} else {
-			return defaultDecision("user may not view ObjectPropertyStatement "
-					+ subjectUri + " ==> " + predicate.getURI() + " ==> "
-					+ objectUri);
-		}
-	}
-
-	/** If the user is explicitly authorized, return this. */
-	private PolicyDecision authorized(String message) {
-		String className = this.getClass().getSimpleName();
-		return new BasicPolicyDecision(Authorization.AUTHORIZED, className
-				+ ": " + message);
-	}
-
-	/** If the user isn't explicitly authorized, return this. */
-	private PolicyDecision defaultDecision(String message) {
-		return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message);
-	}
-
-	private boolean canDisplayResource(String uri) {
-		return PropertyRestrictionBean.getBean().canDisplayResource(uri,
-				RoleLevel.SELF);
-	}
-
-	private boolean canDisplayPredicate(Property predicate) {
-		return PropertyRestrictionBean.getBean().canDisplayPredicate(predicate,
-				RoleLevel.SELF);
-	}
-
-	private boolean isAboutAssociatedIndividual(Collection<String> selves,
-			String subjectUri) {
-		for (String self : selves) {
-			if (self.equals(subjectUri)) {
-				return true;
-			}
-		}
-		return false;
-	}
-
-	private boolean isAboutAssociatedIndividual(Collection<String> selves,
-			String subjectUri, String objectUri) {
-		for (String self : selves) {
-			if (self.equals(subjectUri) || self.equals(objectUri)) {
-				return true;
-			}
-		}
-		return false;
-	}
-
-	@Override
-	public String toString() {
-		return this.getClass().getSimpleName() + " - " + hashCode();
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
new file mode 100644
index 0000000000..7658f07e17
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
@@ -0,0 +1,80 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+
+public class DynamicPolicy implements Policy {
+    private static final Log log = LogFactory.getLog(DynamicPolicy.class);
+    private String uri;
+    
+    @Override
+    public String getUri() {
+        return uri;
+    }
+
+    private long priority;
+    public long getPriority() {
+        return priority;
+    }
+
+    private Set<AccessRule> rules = Collections.synchronizedSet(new HashSet<>());
+
+    public Set<AccessRule> getRules() {
+        return rules;
+    }
+
+    public void addRules(Set<AccessRule> addition) {
+        rules.addAll(addition);
+    }
+
+    public DynamicPolicy(String uri, long priority) {
+        this.uri = uri;
+        this.priority = priority;
+    }
+
+    @Override
+    public PolicyDecision decide(AuthorizationRequest ar) {
+        //IdentifierBundle ac_subject = ar.getIds();
+        AccessObject whatToAuth = ar.getAccessObject();
+        //if (ac_subject == null) {
+        //    return defaultDecision("whomToAuth was null");
+        //}
+        if (whatToAuth == null) {
+            return defaultDecision("whatToAuth was null");
+        }
+        for (AccessRule rule : getFilteredRules(ar)) {
+            if (rule.match(ar)) {
+                if(rule.isAllowMatched()) {
+                    log.debug("Access rule " + rule + " approves request " + whatToAuth);
+                    return new BasicPolicyDecision(DecisionResult.AUTHORIZED, "Dynamic policy '" + uri + "' rule '" + rule + "' approved " + ar);
+                } else {
+                    log.debug("Access rule " + rule + " rejects request " + whatToAuth);
+                    return new BasicPolicyDecision(DecisionResult.UNAUTHORIZED, "Dynamic policy '" + uri + "' rule '" + rule + "' rejected " + ar);
+                }
+            } else {
+                log.trace("Dynamic policy '" + uri + "' rule '" + rule + "' doesn't match the request " + ar);
+            }
+        }
+        
+        return defaultDecision("no permission will approve " + whatToAuth);
+    }
+
+    public Set<AccessRule> getFilteredRules(AuthorizationRequest ar) {
+        return rules;
+    }
+
+    private PolicyDecision defaultDecision(String message) {
+        return new BasicPolicyDecision(DecisionResult.INCONCLUSIVE, message);
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
new file mode 100644
index 0000000000..b3c985bdc0
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -0,0 +1,79 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.beans.Property;
+
+public class EntityPolicyController {
+    
+    private static final Log log = LogFactory.getLog(EntityPolicyController.class);
+    
+    public static void updateEntityPolicy(String entityUri, AccessObjectType aot, OperationGroup og,
+            List<String> selectedRoles, List<String> allRoles) {
+        if (StringUtils.isBlank(entityUri)) {
+            return;
+        }
+        Set<String> selectedSet = new HashSet<>(selectedRoles);
+        for (String role : allRoles) {
+            boolean isInDataSet = isUriInTestDataset(entityUri, og, aot, role);
+            boolean isSelected = selectedSet.contains(role);
+            final PolicyLoader loader = PolicyLoader.getInstance();
+            final String policyUri = loader.getPolicyUriByKey(og, aot, role);
+            if (policyUri == null) {
+                log.debug(String.format("Policy wasn't found by key:\n%s\n%s\n%s", og.toString(), aot.toString(), role));
+                continue;
+            }
+            if (isSelected && !isInDataSet) {
+                loader.addEntityToPolicyDataSet(entityUri, aot, og, role);
+                DynamicPolicy policy = loader.loadPolicy(policyUri);
+                PolicyStore.getInstance().add(policy);
+            } else if (!isSelected && isInDataSet) {
+                loader.removeEntityFromPolicyDataSet(entityUri, aot, og, role);
+                DynamicPolicy policy = loader.loadPolicy(policyUri);
+                PolicyStore.getInstance().add(policy);
+            }
+        }
+    }
+    
+    public static List<String> getGrantedRoles(String entityUri, OperationGroup og, AccessObjectType aot, List<String> allRoles) {
+        if (StringUtils.isBlank(entityUri)) {
+            return Collections.emptyList();
+        }
+        List<String> grantedRoles = new LinkedList<>();
+        for (String role : allRoles) {
+            if (isUriInTestDataset(entityUri, og, aot, role)) {
+                grantedRoles.add(role);
+            }
+        }
+        return grantedRoles;
+    }
+    
+    private static boolean isUriInTestDataset(String entityUri, OperationGroup og, AccessObjectType aot, String role) {
+        Set<String> values = PolicyLoader.getInstance().getPolicyDataSetValues(og, aot, role);
+        return values.contains(entityUri);
+    }
+
+    public static void deletedEntityEvent(Property oldObj) {
+        log.debug("Don't delete access rule if property has been deleted " + oldObj );
+    }
+
+    public static void updatedEntityEvent(Object oldObj, Object newObj) {
+        if (oldObj instanceof Property || newObj instanceof Property) {
+            log.error("update entity event old " + oldObj + " new object " + newObj );    
+        }
+    }
+
+    public static void insertedEntityEvent(Property newObj) {
+        log.debug("Nothing to do " + newObj );
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PermissionsPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PermissionsPolicy.java
deleted file mode 100644
index 0a66bdeffc..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PermissionsPolicy.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasPermission;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.Permission;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-
-/**
- * The user is authorized to perform the RequestedAction if one of his
- * Permissions will authorize it.
- */
-public class PermissionsPolicy implements PolicyIface {
-	private static final Log log = LogFactory.getLog(PermissionsPolicy.class);
-
-	@Override
-	public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
-			RequestedAction whatToAuth) {
-		if (whoToAuth == null) {
-			return defaultDecision("whomToAuth was null");
-		}
-		if (whatToAuth == null) {
-			return defaultDecision("whatToAuth was null");
-		}
-
-		for (Permission p : HasPermission.getPermissions(whoToAuth)) {
-			if (p.isAuthorized(whatToAuth)) {
-				log.debug("Permission " + p + " approves request " + whatToAuth);
-				return new BasicPolicyDecision(Authorization.AUTHORIZED,
-						"PermissionsPolicy: approved by " + p);
-			} else {
-			    log.trace("Permission " + p + " denies request " + whatToAuth);
-			}
-		}
-		log.debug("No permission will approve " + whatToAuth);
-		return defaultDecision("no permission will approve " + whatToAuth);
-	}
-
-	/** If the user isn't explicitly authorized, return this. */
-	private PolicyDecision defaultDecision(String message) {
-		return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message);
-	}
-
-	@Override
-	public String toString() {
-		return "PermissionsPolicy - " + hashCode();
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
new file mode 100644
index 0000000000..0766a98489
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
@@ -0,0 +1,18 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import java.util.List;
+
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
+
+public interface Policies {
+
+    public List<Policy> getList();
+    
+    public boolean contains(Policy policy);
+
+    public void add(Policy policy);
+
+    public long size();
+    
+    public void clear();
+}
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionLogger.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionLogger.java
index 1880c76939..a5e48bb6d7 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionLogger.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionLogger.java
@@ -2,7 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization.INCONCLUSIVE;
+import static edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult.INCONCLUSIVE;
 
 import java.util.regex.Pattern;
 
@@ -10,9 +10,9 @@
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
 import edu.cornell.mannlib.vitro.webapp.utils.developer.DeveloperSettings;
 import edu.cornell.mannlib.vitro.webapp.utils.developer.Key;
 
@@ -33,7 +33,7 @@ public class PolicyDecisionLogger {
 			INCONCLUSIVE, "The decision was null.");
 
 	private final DeveloperSettings settings;
-	private final RequestedAction whatToAuth;
+	private final AccessObject whatToAuth;
 	private final IdentifierBundle whoToAuth;
 
 	private final boolean enabled;
@@ -43,7 +43,7 @@ public class PolicyDecisionLogger {
 	private final boolean includeIdentifiers;
 
 	public PolicyDecisionLogger(IdentifierBundle whoToAuth,
-			RequestedAction whatToAuth) {
+			AccessObject whatToAuth) {
 		this.settings = DeveloperSettings.getInstance();
 		this.whoToAuth = whoToAuth;
 		this.whatToAuth = whatToAuth;
@@ -130,7 +130,7 @@ private Pattern compilePatternFromSetting(Key key) {
 	 * If the logger and the policy and the decision all pass the restrictions,
 	 * write to the log. A null decision is treated as inconclusive.
 	 */
-	public void log(PolicyIface policy, PolicyDecision pd) {
+	public void log(Policy policy, PolicyDecision pd) {
 		if (passesRestrictions(String.valueOf(policy), pd)) {
 			if (this.includeIdentifiers) {
 				log.info(String.format(
@@ -161,7 +161,7 @@ private boolean passesConclusiveRestriction(PolicyDecision pd) {
 	}
 
 	private boolean isInconclusive(PolicyDecision pd) {
-		return pd == null || pd.getAuthorized() == INCONCLUSIVE;
+		return pd == null || pd.getDecisionResult() == INCONCLUSIVE;
 	}
 
 	public void logNoDecision(PolicyDecision pd) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
new file mode 100644
index 0000000000..366fd7a852
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
@@ -0,0 +1,43 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public class PolicyDecisionPoint {
+
+    private static final Log log = LogFactory.getLog(PolicyDecisionPoint.class.getName());
+
+    public static PolicyDecision decide(AuthorizationRequest ar) {
+        PolicyDecision pd = null;
+        PolicyDecisionLogger logger = new PolicyDecisionLogger(ar.getIds(), ar.getAccessObject());
+        PolicyStore store = PolicyStore.getInstance();
+        for(Policy policy : store.getList()){
+            try{
+                pd = policy.decide(ar);
+                logger.log(policy, pd);
+                if( pd != null ){
+                    if(  pd.getDecisionResult() == DecisionResult.AUTHORIZED )
+                        return pd;
+                    if( pd.getDecisionResult() == DecisionResult.UNAUTHORIZED )
+                        return pd;
+                    if( pd.getDecisionResult() == DecisionResult.INCONCLUSIVE )
+                        continue;
+                } else{
+                    log.debug("policy " + policy.toString() + " returned a null PolicyDecision");
+                }
+            }catch(Throwable th){
+                log.error("ignoring exception in policy " + policy.toString(), th );
+            }
+        }
+
+        pd = new BasicPolicyDecision(DecisionResult.INCONCLUSIVE,
+                "No policy returned a conclusive decision on " + ar.getAccessObject());
+        logger.logNoDecision(pd);
+        return pd;
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
index 67f61897cb..e6b41374c3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
@@ -2,7 +2,11 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_URI;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -18,16 +22,19 @@
 import org.apache.jena.rdf.model.Statement;
 import org.apache.jena.rdf.model.StmtIterator;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.RequestIdentifiers;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasAssociatedIndividual;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IdentifierPermissionSetProvider;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
@@ -39,44 +46,80 @@
 public class PolicyHelper {
 	private static final Log log = LogFactory.getLog(PolicyHelper.class);
 
-	/**
-	 * Are these actions authorized for the current user by the current
-	 * policies?
-	 */
-	public static boolean isAuthorizedForActions(HttpServletRequest req,
-			AuthorizationRequest... actions) {
-		return isAuthorizedForActions(req, AuthorizationRequest.andAll(actions));
-	}
-
-	/**
-	 * Are these actions authorized for the current user by the current
-	 * policies?
-	 */
-	public static boolean isAuthorizedForActions(HttpServletRequest req,
-			Iterable<? extends AuthorizationRequest> actions) {
-		return isAuthorizedForActions(req, AuthorizationRequest.andAll(actions));
-	}
-
-	/**
-	 * Are these actions authorized for the current user by the current
-	 * policies?
-	 */
-	private static boolean isAuthorizedForActions(HttpServletRequest req,
-			AuthorizationRequest ar) {
-		PolicyIface policy = ServletPolicyList.getPolicies(req);
+	public static boolean isAuthorizedForActions(HttpServletRequest req, AccessObject ar, AccessOperation operation) {
 		IdentifierBundle ids = RequestIdentifiers.getIdBundleForRequest(req);
-		return ar.isAuthorized(ids, policy);
+		return actionRequestIsAuthorized(ids, ar, operation);
 	}
-
-	/**
-	 * Are these actions authorized for these identifiers by these policies?
-	 */
-	public static boolean isAuthorizedForActions(IdentifierBundle ids,
-			PolicyIface policy, AuthorizationRequest ar) {
-		return ar.isAuthorized(ids, policy);
+	
+    public static boolean isAuthorizedForActions(IdentifierBundle ids, AccessObject ar, AccessOperation op) {
+        return actionRequestIsAuthorized(ids, ar, op);
+    }
+    
+    public static boolean isAuthorizedForActions(IdentifierBundle ids, AuthorizationRequest ar) {
+        if (ar == null) {
+            log.error("AuthorizationRequest is null");
+            return false;
+        }
+        if (ar.getPredefinedDecision() != DecisionResult.INCONCLUSIVE){
+            return ar.getPredefinedDecision() == DecisionResult.AUTHORIZED;
+        }
+        if (ar.isContainer()) {
+            List<AuthorizationRequest> items = ar.getItems();
+            boolean result = false;
+            for (AuthorizationRequest item : items ) {
+                result = result || isAuthorizedForActions(ids, item);
+            }
+            return result;
+        }
+        return actionRequestIsAuthorized(ids, ar.getAccessObject(), ar.getAccessOperation());
+    }
+
+    public static boolean isAuthorizedForActions(HttpServletRequest req, AuthorizationRequest ar) {
+        if (ar == null) {
+            log.error("AuthorizationRequest is null");
+            return false;
+        }
+        if (ar.getPredefinedDecision() != DecisionResult.INCONCLUSIVE){
+            return ar.getPredefinedDecision() == DecisionResult.AUTHORIZED;
+        }
+        if (ar.isContainer()) {
+            List<AuthorizationRequest> items = ar.getItems();
+            boolean result = false;
+            for (AuthorizationRequest item : items ) {
+                result = result || isAuthorizedForActions(req, item);
+            }
+            return result;
+        }
+        IdentifierBundle ids = RequestIdentifiers.getIdBundleForRequest(req);
+        return actionRequestIsAuthorized(ids, ar.getAccessObject(), ar.getAccessOperation());
+    }
+
+	private static boolean actionRequestIsAuthorized(IdentifierBundle ids, AccessObject ao, AccessOperation operation) {
+	    if (operation == null) {
+	        log.error("Opeartion is null, accessObject " + ao );
+	        return false;
+	    }
+        if (ao == null) {
+            log.error("Access object is null, operation " + operation);
+            return false;
+        }
+        AuthorizationRequest ar = new SimpleAuthorizationRequest(ao, operation);
+        Collection<String> uris = IdentifierPermissionSetProvider.getPermissionSetUris(ids);
+        ar.setRoleUris(new ArrayList<String>(uris));
+        ar.setIds(ids);
+        ar.setEditorUris(new ArrayList<String>(HasAssociatedIndividual.getIndividualUris(ids)));
+	    PolicyDecision decision = PolicyDecisionPoint.decide(ar);
+	    debug(ar, decision);
+        return decision.getDecisionResult() == DecisionResult.AUTHORIZED;
 	}
 
-	/**
+	private static void debug(AuthorizationRequest ar, PolicyDecision decision) {
+	    if (true) {//log.isDebugEnabled()
+	        log.error(String.format("Request for %s on object %s resulted in decision %s", ar.getAccessOperation(), ar.getAccessObject(), decision.getDecisionResult()));
+	    }
+    }
+
+    /**
 	 * Is the email/password authorized for these actions? This should be used
 	 * when a controller or something needs allow actions if the user passes in
 	 * their email and password.
@@ -84,8 +127,7 @@ public static boolean isAuthorizedForActions(IdentifierBundle ids,
 	 * It may be better to check this as part of a servlet Filter and add an
 	 * identifier bundle.
 	 */
-	public static boolean isAuthorizedForActions(HttpServletRequest req,
-			String email, String password, AuthorizationRequest ar) {
+	public static boolean isAuthorizedForActions(HttpServletRequest req, String email, String password, AuthorizationRequest ar) {
 		if (password == null || email == null || password.isEmpty()
 				|| email.isEmpty()) {
 			return false;
@@ -111,10 +153,8 @@ public static boolean isAuthorizedForActions(HttpServletRequest req,
 					+ "account URI: %s", email, uri));
 
 			// figure out if that account can do the actions
-			IdentifierBundle ids = ActiveIdentifierBundleFactories
-					.getUserIdentifierBundle(req, user);
-			PolicyIface policy = ServletPolicyList.getPolicies(req);
-			return ar.isAuthorized(ids, policy);
+			IdentifierBundle ids = ActiveIdentifierBundleFactories.getUserIdentifierBundle(user);
+			return isAuthorizedForActions(ids, ar);
 		} catch (Exception ex) {
 			log.error("Error while attempting to authorize actions " + ar, ex);
 			return false;
@@ -127,8 +167,7 @@ public static boolean isAuthorizedForActions(HttpServletRequest req,
 	 *
 	 * The statement is expected to be fully-populated, with no null fields.
 	 */
-	public static boolean isAuthorizedToAdd(HttpServletRequest req,
-			Statement stmt, OntModel modelToBeModified) {
+	public static boolean isAuthorizedToAdd(HttpServletRequest req,	Statement stmt, OntModel modelToBeModified) {
 		if ((req == null) || (stmt == null) || (modelToBeModified == null)) {
 			return false;
 		}
@@ -140,20 +179,20 @@ public static boolean isAuthorizedToAdd(HttpServletRequest req,
 			return false;
 		}
 
-		RequestedAction action;
+		AccessObject action;
 		if (objectNode.isResource()) {
 			Property property = new Property(predicate.getURI());
 			property.setDomainVClassURI(SOME_URI);
 			property.setRangeVClassURI(SOME_URI);
-			action = new AddObjectPropertyStatement(modelToBeModified,
+			action = new ObjectPropertyStatementAccessObject(modelToBeModified,
 					subject.getURI(), property, objectNode.asResource()
 							.getURI());
 		} else {
-			action = new AddDataPropertyStatement(modelToBeModified,
+			action = new DataPropertyStatementAccessObject(modelToBeModified,
 					subject.getURI(), predicate.getURI(), objectNode
 							.asLiteral().getString());
 		}
-		return isAuthorizedForActions(req, action);
+		return isAuthorizedForActions(req, action, AccessOperation.ADD);
 	}
 
 	/**
@@ -162,8 +201,7 @@ public static boolean isAuthorizedToAdd(HttpServletRequest req,
 	 *
 	 * The statement is expected to be fully-populated, with no null fields.
 	 */
-	public static boolean isAuthorizedToDrop(HttpServletRequest req,
-			Statement stmt, OntModel modelToBeModified) {
+	public static boolean isAuthorizedToDrop(HttpServletRequest req, Statement stmt, OntModel modelToBeModified) {
 		if ((req == null) || (stmt == null) || (modelToBeModified == null)) {
 			return false;
 		}
@@ -175,20 +213,20 @@ public static boolean isAuthorizedToDrop(HttpServletRequest req,
 			return false;
 		}
 
-		RequestedAction action;
+		AccessObject action;
 		if (objectNode.isResource()) {
 			Property property = new Property(predicate.getURI());
 			property.setDomainVClassURI(SOME_URI);
 			property.setRangeVClassURI(SOME_URI);
-			action = new DropObjectPropertyStatement(modelToBeModified,
+			action = new ObjectPropertyStatementAccessObject(modelToBeModified,
 					subject.getURI(), property, objectNode.asResource()
 							.getURI());
 		} else {
-			action = new DropDataPropertyStatement(modelToBeModified,
+			action = new DataPropertyStatementAccessObject(modelToBeModified,
 					subject.getURI(), predicate.getURI(), objectNode
 							.asLiteral().getString());
 		}
-		return isAuthorizedForActions(req, action);
+		return isAuthorizedForActions(req, action, AccessOperation.DROP);
 	}
 
 	/**
@@ -204,8 +242,7 @@ public static boolean isAuthorizedToDrop(HttpServletRequest req,
 	 * log will contain a full record of all failures. This is no more expensive
 	 * than if all statements succeeded.
 	 */
-	public static boolean isAuthorizedAsExpected(HttpServletRequest req,
-			Model additions, Model retractions, OntModel modelBeingModified) {
+	public static boolean isAuthorizedAsExpected(HttpServletRequest req, Model additions, Model retractions, OntModel modelBeingModified) {
 		if (req == null) {
 			log.warn("Can't evaluate authorization if req is null");
 			return false;
@@ -334,4 +371,5 @@ private PolicyHelper() {
 		// nothing to do.
 	}
 
+
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyList.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyList.java
deleted file mode 100644
index 8baf48889a..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyList.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import java.util.ArrayList;
-import java.util.Collection;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-
-/**
- * This is a List of Policy Objects that implements PolciyIface.  The intent
- * is to make it easy to query a list of policies for a PolicyDecision.
- *
- *  The Policy objects in the PolicyList are queried for authorization in order
- *  and return the first AUTHORIZED or UNAUTHROIZED decision.  INCONCLUSIVE
- *  or null decisions will be ignored and the next policy on the list will
- *  be queried.
- */
-public class PolicyList extends ArrayList<PolicyIface> implements PolicyIface{
-    private static final Log log = LogFactory.getLog(PolicyList.class.getName());
-
-    public PolicyList(){
-        super();
-    }
-
-	public PolicyList(Collection<PolicyIface> policies) {
-		super(policies);
-	}
-
-	@Override
-	public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth) {
-	    PolicyDecision pd = null;
-	    PolicyDecisionLogger logger = new PolicyDecisionLogger(whoToAuth, whatToAuth);
-	    for(PolicyIface policy : this){
-            try{
-                pd = policy.isAuthorized(whoToAuth, whatToAuth);
-                logger.log(policy, pd);
-                if( pd != null ){
-                    if(  pd.getAuthorized() == Authorization.AUTHORIZED )
-                        return pd;
-                    if( pd.getAuthorized() == Authorization.UNAUTHORIZED )
-                        return pd;
-                    if( pd.getAuthorized() == Authorization.INCONCLUSIVE )
-                        continue;
-                } else{
-                    log.debug("policy " + policy.toString() + " returned a null PolicyDecision");
-                }
-            }catch(Throwable th){
-                log.error("ignoring exception in policy " + policy.toString(), th );
-            }
-        }
-
-		pd = new BasicPolicyDecision(Authorization.INCONCLUSIVE,
-				"No policy returned a conclusive decision on " + whatToAuth);
-		logger.logNoDecision(pd);
-		return pd;
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
new file mode 100644
index 0000000000..1835cdfa83
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -0,0 +1,641 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.query.ParameterizedSparqlString;
+import org.apache.jena.query.Query;
+import org.apache.jena.query.QueryExecution;
+import org.apache.jena.query.QueryExecutionFactory;
+import org.apache.jena.query.QueryFactory;
+import org.apache.jena.query.QuerySolution;
+import org.apache.jena.query.ResultSet;
+import org.apache.jena.query.ResultSetFormatter;
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.RDFNode;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRuleFactory;
+import edu.cornell.mannlib.vitro.webapp.dao.jena.event.BulkUpdateEvent;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.ChangeSet;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFServiceException;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService.ModelSerializationFormat;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
+
+public class PolicyLoader {
+
+    private static final String PRIORITY = "priority";
+    public static final String POLICY = "policy";
+    private static final Log log = LogFactory.getLog(PolicyLoader.class);
+    private static final String POLICY_QUERY =
+            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+          + "SELECT DISTINCT ?" + POLICY + " ?" + PRIORITY + " \n"
+          + "WHERE {\n"
+          + "?" + POLICY + " rdf:type ao:Policy .\n"
+          + "OPTIONAL {?" + POLICY + " ao:priority ?set_priority" + " . }\n"
+          + "BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n"
+          + "} ORDER BY ?" + PRIORITY;
+    
+    private static final String PRIORITY_QUERY =
+            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+          + "SELECT DISTINCT ?" + PRIORITY + " \n"
+          + "WHERE {\n"
+          + "?" + POLICY + " rdf:type ao:Policy .\n"
+          + "OPTIONAL {?" + POLICY + " ao:priority ?set_priority" + " . }\n"
+          + "BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n"
+          + "} ORDER BY ?" + PRIORITY;
+    
+    private static final String DATASET_QUERY =
+            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+          + "SELECT DISTINCT ?dataSet \n"
+          + "WHERE {\n"
+          + "       ?policy ao:testDatasets ?dataSets .\n"
+          + "       ?policy rdf:type ao:Policy .\n"
+          + "       ?dataSets ao:testDataset ?dataSet .\n"
+          + "} ORDER BY ?dataSet";
+    
+    private static final String NO_DATASET_RULES_QUERY =
+            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+          + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id \n"
+          + "WHERE {\n"
+          + "?policy rdf:type ao:Policy .\n"
+          + "?policy ao:rules ?rules . \n"
+          + "?rules ao:rule ?rule . \n"
+          + "?rule ao:attribute ?attribute .\n"
+          + "OPTIONAL {\n"
+          + "  ?attribute ao:test ?attributeTest .\n"
+          + "  OPTIONAL {\n"
+          + "    ?attributeTest ao:id ?testId . \n"
+          + "  }\n"
+          + "}"
+          + "OPTIONAL {\n"
+          + "  ?attribute ao:type ?attributeType . \n"
+          + "  OPTIONAL {\n"
+          + "    ?attributeType ao:id ?typeId . \n"
+          + "  }\n"
+          + "}\n"
+          + "OPTIONAL {\n"
+          + "   ?rule ao:decision ?decision . \n"
+          + "   ?decision ao:id ?decision_id . \n"
+          + "}\n"
+          + "?attribute ao:value ?value . \n"
+          + "OPTIONAL {?value ao:id ?lit_value . }\n"
+          + "} ORDER BY ?rule ?attribute";
+    
+    private static final String DATASET_RULES_QUERY =
+            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+          + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id ?dataSetUri \n"
+          + "WHERE {\n"
+          + "?policy rdf:type ao:Policy .\n"
+          + "?policy ao:rules ?rules . \n"
+          + "?rules rdf:type ao:Rules . \n"
+          + "?rules ao:rule ?rule . \n"
+          + "?rule ao:attribute ?attribute . \n"
+          + "?attribute rdf:type ao:Attribute .\n"
+          + "OPTIONAL {\n"
+          + "  ?attribute ao:test ?attributeTest .\n"
+          + "  OPTIONAL {\n"
+          + "    ?attributeTest ao:id ?testId . \n"
+          + "  }\n"
+          + "}"
+          + "OPTIONAL {\n"
+          + "  ?attribute ao:type ?attributeType . \n"
+          + "  OPTIONAL {\n"
+          + "    ?attributeType ao:id ?typeId . \n"
+          + "  }\n"
+          + "}\n"
+          + "OPTIONAL {\n"
+          + "   ?rule ao:decision ?decision . \n"
+          + "   ?decision ao:id ?decision_id . \n"
+          + "}\n"
+          + "OPTIONAL {\n"
+          + "   ?attribute ao:setValue ?testData . \n"
+          + "   ?dataSet ao:testData ?testData . \n"
+          + "   ?testData ao:dataValue ?value . \n"
+          + "   OPTIONAL {?value ao:id ?lit_value . }\n"
+          + "}\n"
+          + "OPTIONAL {\n"
+          + "   ?attribute ao:value ?value . \n"
+          + "   OPTIONAL {?value ao:id ?lit_value . }\n"
+          + "}\n"
+          + "BIND(?dataSet as ?dataSetUri)\n"
+          + "} ORDER BY ?rule ?attribute";
+
+    
+    private static final String policyKeyTemplatePrefix = 
+        "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+      + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+      + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+      + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+      + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+      + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+      + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+      + "SELECT DISTINCT ?" + POLICY + " ?value ?valueId ( COUNT(?key) AS ?keySize ) \n"
+      + "WHERE {\n"
+      + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n"
+      + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
+      + "  ?testDataSets ao:testDataset ?dataSet . \n"
+      + "  ?dataSet ao:testData ?testData . \n"
+      + "  OPTIONAL { ?testData ao:dataValue ?value . \n"
+      + "    OPTIONAL { ?value ao:id ?valueId . } \n"
+      + "  }"
+      + "  ?policyKeyUri ao:keyComponent ?key .\n";
+
+    private static final String policyKeyTemplateSuffix = "} GROUP BY ?" + POLICY + " ?value ?valueId";
+   
+    private static final String policyStatementByKeyTemplatePrefix = 
+          "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+        + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+        + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+        + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+        + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+        + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+        + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+        + "CONSTRUCT { \n"
+        + "  ?testData ao:dataValue <%s> .\n"
+        + "}\n"
+        + "WHERE {\n"
+        + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n"
+        + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
+        + "  ?testDataSets ao:testDataset ?dataSet . \n"
+        + "  ?dataSet ao:testData ?testData . \n";
+
+    private static final String policyStatementByKeyTemplateSuffix = "}";
+
+    private Model userAccountsModel;
+    private RDFService rdfService;
+    private static PolicyLoader INSTANCE;
+    
+    public static PolicyLoader getInstance() {
+        return INSTANCE;
+    }
+    
+    private PolicyLoader(Model model) {
+        if (model != null) {
+            this.userAccountsModel = model;
+            this.rdfService = new RDFServiceModel(userAccountsModel);
+        } else {
+            this.userAccountsModel = ModelAccess.getInstance().getOntModelSelector().getUserAccountsModel();
+            //this.rdfService = ModelAccess.getInstance().getRDFService(WhichService.CONFIGURATION);
+            this.rdfService = new RDFServiceModel(userAccountsModel);
+            loadPolicies();
+        }
+    }
+
+    private Model getUserAccountsModel() {
+        return userAccountsModel;
+    }
+
+    public static void initialize(Model model) {
+        INSTANCE = new PolicyLoader(model);
+    }
+    
+    private void loadPolicies() {
+        List<String> policyUris = getPolicyUris();
+        for (String uri : policyUris) {
+            debug("Loading policy %s", uri);
+            DynamicPolicy policy = loadPolicy(uri);
+            if (policy != null) {
+                debug("Loaded policy %s", uri);
+                //take policy priority into account
+                PolicyStore.getInstance().add(policy);
+            }
+        }
+    }
+
+    public List<String> getPolicyUris() {
+        debug("SPARQL Query to get policy uris from the graph:\n %s", POLICY_QUERY);
+        Query query = QueryFactory.create(POLICY_QUERY);
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        List<String> policyUris = new LinkedList<String>();
+        try {
+            ResultSet rs = qexec.execSelect();
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                if (!qs.contains(POLICY) || !qs.get(POLICY).isResource()) {
+                    //debug("Policy solution doesn't contain policy resource");
+                    continue;
+                }
+                policyUris.add(qs.getResource(POLICY).getURI());
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        } finally {
+            qexec.close();
+        }
+        return policyUris;
+    }
+    
+    public DynamicPolicy loadPolicy(String uri) {
+        List<String> dataSetNames = getDataSetNames(uri);
+        Set<AccessRule> rules = new HashSet<>();
+        long priority = getPriority(uri);
+        try {
+            if (dataSetNames.isEmpty()) {
+                loadRulesWithoutDataSet(uri, rules);
+            } else {
+                for (String dataSetName : dataSetNames) {
+                    loadRulesForDataSet(uri, rules, dataSetName);
+                }
+            }
+        } catch (Exception e) {
+            return null;
+        }
+        if (rules.isEmpty()) {
+            return null;
+        }
+        DynamicPolicy policy = new DynamicPolicy(uri, priority);
+        policy.addRules(rules);
+        return policy;
+    }
+    
+    public Set<String> getPolicyDataSetValues(OperationGroup og, AccessObjectType aot, String role) {
+        Set<String> values = new HashSet<>();
+        long expectedSize = 3;
+        final String queryText = getPolicyTestValuesByKeyQuery(new String[]{role}, new String[]{og.toString(), aot.toString()});
+        debug("SPARQL Query to get policy data set values:\n %s", queryText);
+        Query query = QueryFactory.create(queryText);
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        try {
+            ResultSet rs = qexec.execSelect();
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                if (!qs.contains(POLICY) || 
+                    !qs.contains("keySize") || 
+                    !qs.get("keySize").isLiteral()) {
+                 continue;  
+                }
+                long keySize = qs.getLiteral("keySize").getLong();
+                if (expectedSize != keySize) {
+                    continue;
+                }
+                if (qs.contains("valueId") && qs.get("valueId").isLiteral()) {
+                    values.add(qs.getLiteral("valueId").getString());
+                } else if (qs.contains("value")) {
+                    RDFNode node = qs.get("value");
+                    if (node.isLiteral()) {
+                        values.add(node.asLiteral().toString());
+                    } else if (node.isResource()){
+                        values.add(node.asResource().getURI());
+                    }
+                }
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        } finally {
+            qexec.close();
+        }
+        return values;
+    }
+    
+    public String getPolicyUriByKey(OperationGroup og, AccessObjectType aot, String role) {
+        String uri = null;
+        long expectedSize = 3;
+        final String queryText = getPolicyTestValuesByKeyQuery(new String[]{role}, new String[]{og.toString(), aot.toString()});
+        debug("SPARQL Query to get policy data set values:\n %s", queryText);
+        Query query = QueryFactory.create(queryText);
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        try {
+            ResultSet rs = qexec.execSelect();
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                if (!qs.contains(POLICY) || 
+                    !qs.get(POLICY).isResource() ||
+                    !qs.contains("keySize") || 
+                    !qs.get("keySize").isLiteral()) {
+                 continue;  
+                }
+                long keySize = qs.getLiteral("keySize").getLong();
+                if (expectedSize != keySize) {
+                    continue;
+                }
+                return qs.getResource(POLICY).getURI();
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        } finally {
+            qexec.close();
+        }
+        return uri;
+    }
+    
+    public void modifyPolicyDataSetValue(String entityUri, OperationGroup og, AccessObjectType aot, String role, boolean isAdd) {
+        final String queryText = getPolicyDataSetValueStatementByKeyQuery(entityUri, new String[]{role}, new String[]{og.toString(), aot.toString()});
+        debug("SPARQL Query to get policy data set values:\n %s", queryText);
+        Query query = QueryFactory.create(queryText);
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        try {
+             Model model = qexec.execConstruct();
+             if (model.isEmpty()) {
+                 log.error("statements to add/delete are empty");
+                 return;
+             }
+             updateUserAccountsModel(model, isAdd);
+        } catch (Exception e) {
+            log.error(e, e);
+        } finally {
+            qexec.close();
+        }
+    }
+    
+    private void updateUserAccountsModel(Model data, boolean isAdd) {
+        try {
+            ChangeSet changeSet = makeChangeSet();
+            ByteArrayOutputStream baos = new ByteArrayOutputStream();
+            data.write(baos, "TTL");
+            InputStream in = new ByteArrayInputStream(baos.toByteArray());
+            debug(modelToString(data, isAdd));
+            if (isAdd) {
+                changeSet.addAddition(in, ModelSerializationFormat.N3, ModelNames.USER_ACCOUNTS);    
+            } else {
+                changeSet.addRemoval(in, ModelSerializationFormat.N3, ModelNames.USER_ACCOUNTS);
+            }
+            rdfService.changeSetUpdate(changeSet);
+        } catch (RDFServiceException e) {
+            String message = modelToString(data, isAdd);
+            log.error(message);
+            log.error(e,e);
+        }
+    }
+
+    private String modelToString(Model ruleData, boolean isAdd) {
+        StringWriter sw = new StringWriter();
+        ruleData.write(sw, "TTL");
+        String message = (isAdd ? "Adding to" : "Removing from") + " user accounts model \n" + sw.toString();
+        return message;
+    }
+    
+    private static String getPolicyDataSetValueStatementByKeyQuery(String entityUri, String[] uris, String[] ids) {
+        StringBuilder query = new StringBuilder();
+        query.append(String.format(policyStatementByKeyTemplatePrefix, entityUri));
+        for (String uri : uris) {
+            query.append(String.format("  ?policyKeyUri ao:keyComponent <%s> . \n", uri));
+        }
+        int i = 0;
+        for (String id : ids) {
+            query.append(String.format("  ?policyKeyUri ao:keyComponent ?uri%d . ?uri%d ao:id \"%s\" . \n", i, i, id));
+            i++;
+        }
+        query.append(policyStatementByKeyTemplateSuffix);
+        return query.toString();
+    }
+    
+    private static String getPolicyTestValuesByKeyQuery(String[] uris, String[] ids) {
+        StringBuilder query = new StringBuilder(policyKeyTemplatePrefix);
+        for (String uri : uris) {
+            query.append(String.format("  ?policyKeyUri ao:keyComponent <%s> . \n", uri));
+        }
+        int i = 0;
+        for (String id : ids) {
+            query.append(String.format("  ?policyKeyUri ao:keyComponent ?uri%d . ?uri%d ao:id \"%s\" . \n", i, i, id));
+            i++;
+        }
+        query.append(policyKeyTemplateSuffix);
+        return query.toString();
+    }
+    
+    private long getPriority(String uri) {
+        //debug("SPARQL Query to get policy uris from the graph:\n %s", POLICY_URIS_QUERY);
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(PRIORITY_QUERY);
+        pss.setIri(POLICY, uri);
+        //debug("Get priority query:\n %s", pss.toString());
+        Query query = QueryFactory.create(pss.toString());
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        try {
+            ResultSet rs = qexec.execSelect();
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                if (!qs.contains(PRIORITY) || !qs.get(PRIORITY).isLiteral()) {
+                    return 0;
+                }
+                return qs.getLiteral(PRIORITY).getLong();
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        } finally {
+            qexec.close();
+        }
+        return 0;
+    }
+
+    private void loadRulesWithoutDataSet(String policyUri, Set<AccessRule> rules) throws Exception {
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(NO_DATASET_RULES_QUERY);
+        pss.setIri(POLICY, policyUri);
+        debug(pss.toString());
+        Query query = QueryFactory.create(pss.toString());
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        try {
+            ResultSet rs = qexec.execSelect();
+            AccessRule rule = null;
+            //debugSelectQueryResults(rs);
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                if (isInvalidPolicySolution(policyUri, qs)) {
+                    throw new Exception();
+                }
+                if (isRuleContinues(rule, qs)){
+                    populateRule(rule, qs);
+                } else {
+                    if (rule != null) {
+                        rules.add(rule);    
+                    }
+                    rule = AccessRuleFactory.createRule(qs);
+                }
+            }
+            if (rule != null) {
+                rules.add(rule);
+                debug("\nLoaded %s rules for %s policy", rules.size(), policyUri);
+            } else {
+                debug("\nNo rules loaded from the user accounts model for %s policy.", policyUri);
+            }
+        } finally {
+            qexec.close();
+        }
+    }
+    
+    private void loadRulesForDataSet(String policyUri, Set<AccessRule> rules, String dataSetName) throws Exception {
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(DATASET_RULES_QUERY);
+        pss.setIri(POLICY, policyUri);
+        pss.setIri("dataSet", dataSetName);
+        debug(pss.toString());
+        Query query = QueryFactory.create(pss.toString());
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        try {
+            ResultSet rs = qexec.execSelect();
+            AccessRule rule = null;
+            //debugSelectQueryResults(rs);
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                if (isInvalidPolicySolution(policyUri, qs)) {
+                    throw new Exception();
+                }
+                if (isRuleContinues(rule, qs)){
+                    populateRule(rule, qs);
+                } else {
+                    if (rule != null) {
+                        rules.add(rule);    
+                    }
+                    rule = AccessRuleFactory.createRule(qs);
+                }
+            }
+            if (rule != null) {
+                rules.add(rule);
+                debug("\nLoaded %s rules for %s policy", rules.size(), policyUri);
+            } else {
+                debug("\nNo rules loaded from the user accounts model for %s policy.", policyUri);
+            }
+        } finally {
+            qexec.close();
+        }
+    }
+
+    private List<String> getDataSetNames(String policyUri) {
+        List<String> result = new ArrayList<>();
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(DATASET_QUERY);
+        pss.setIri(POLICY, policyUri);
+        Query query = QueryFactory.create(pss.toString());
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        try {
+            ResultSet rs = qexec.execSelect();
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                if (qs.contains("dataSet")) {
+                    RDFNode dataSet = qs.get("dataSet");
+                    if (dataSet.isResource()) {
+                        result.add(dataSet.asResource().getURI());
+                    }
+                }
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        } finally {
+            qexec.close();
+        }
+        return result;
+    }
+
+    
+    private void debugSelectQueryResults(ResultSet rs) {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        ResultSetFormatter.outputAsJSON(baos, rs);
+        String json = new String(baos.toByteArray());
+        debug(json);
+    }
+    
+    private static boolean isRuleContinues(AccessRule rule, QuerySolution qs) {
+        if (rule == null) {
+            return false;
+        }
+        String ruleUri = qs.getResource("rule").getURI();
+        if (qs.contains("dataSetUri")) {
+            ruleUri += "." + qs.getResource("dataSetUri").getURI();    
+        }
+        return rule.getRuleUri().equals(ruleUri);
+    }
+    
+    private static void populateRule(AccessRule ar, QuerySolution qs) throws Exception {
+        if (ar == null) {
+            return;
+        }
+        String attributeUri = qs.getResource("attribute").getURI();
+        if (ar.containsAttributeUri(attributeUri)) {
+            AttributeFactory.extendAttribute(ar.getAttribute(attributeUri), qs);
+            return;
+        } 
+        try {
+            ar.addAttribute(AttributeFactory.createAttribute(qs));
+        } catch (Exception e) {
+            log.error(e, e);
+        }
+    }
+    
+    private static boolean isInvalidPolicySolution(String uri, QuerySolution qs) {
+        if (!qs.contains("rules") || !qs.get("rules").isResource()) {
+            debug("Policy <%s> solution doesn't contain rules uri", uri);
+            return true;
+        }
+        if (!qs.contains("rule") || !qs.get("rule").isResource()) {
+            debug("Policy <%s> solution doesn't contain rule uri", uri);
+            return true;
+        }
+        if (!qs.contains("value")) {
+            debug("Policy <%s> solution doesn't contain value", uri);
+            return true;
+        }
+        if (!qs.contains("typeId") || !qs.get("typeId").isLiteral()) {
+            debug("Policy <%s> solution doesn't contain attribute type id", uri);
+            return true;
+        }
+        if (!qs.contains("testId") || !qs.get("testId").isLiteral()) {
+            debug("Policy <%s> solution doesn't contain attribute test id", uri);
+            return true;
+        }
+        return false;
+    }
+    
+    private static void debug(String template, Object... objects) {
+        if (log.isDebugEnabled()) {
+            log.error(String.format(template, objects ));
+        }
+    }
+
+    public void addEntityToPolicyDataSet(String entityUri, AccessObjectType aot, OperationGroup og, String role) {
+        modifyPolicyDataSetValue(entityUri, og, aot, role, true);
+    }
+
+    public void removeEntityFromPolicyDataSet(String entityUri, AccessObjectType aot, OperationGroup og, String role) {
+        modifyPolicyDataSetValue(entityUri, og, aot, role, false);
+    }
+    
+    private ChangeSet makeChangeSet() {
+        ChangeSet cs = rdfService.manufactureChangeSet();
+        cs.addPreChangeEvent(new BulkUpdateEvent(null, true));
+        cs.addPostChangeEvent(new BulkUpdateEvent(null, false));
+        return cs;
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
new file mode 100644
index 0000000000..7702ef0086
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
@@ -0,0 +1,91 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.LinkedHashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
+
+public class PolicyStore implements Policies {
+    
+    private static final Comparator<Policy> comparator = getPolicyComparator();
+    private static PolicyStore INSTANCE = new PolicyStore();
+    private static final Log log = LogFactory.getLog(PolicyStore.class);
+
+    private PolicyStore() {
+        INSTANCE = this;
+    }
+    
+    public static PolicyStore getInstance() {
+        return INSTANCE;
+    }
+    protected List<Policy> policyList = Collections.synchronizedList(new ArrayList<Policy>());
+    protected Map<String, Policy> policyMap = Collections.synchronizedMap(new LinkedHashMap<String, Policy>());
+
+    @Override
+    public boolean contains(Policy policy) {
+        return policyList.contains(policy);
+    }
+
+    @Override
+    public synchronized void add(Policy policy) {
+        if (policy == null) {
+            log.error("Policy to add is null");
+            return;
+        }
+        Policy oldPolicy = policyMap.put(policy.getUri(), policy);
+        if (oldPolicy != null) {
+            policyList.remove(oldPolicy);
+        }
+        policyList.add(policy);
+        Collections.sort(policyList, comparator);
+    }
+
+    @Override
+    public synchronized void clear() {
+        policyList.clear();
+        policyMap.clear();
+    }
+    
+    public List<String> getUris() {
+        List<String> uris = new LinkedList<>();
+        for (Policy policy : policyList) {
+            uris.add(policy.getUri());
+        }
+        return uris;
+    }
+    
+    private static Comparator<Policy> getPolicyComparator() {
+        return new Comparator<Policy>() {
+            @Override
+            public int compare(Policy lps, Policy rps) {
+                if ( lps.getPriority() > rps.getPriority() ) {
+                    return -1;
+                } else 
+                if (lps.getPriority() > rps.getPriority()) {
+                    return 1;
+                }
+                return lps.getUri().compareTo(lps.getUri()); 
+            }
+        };
+    }
+
+    @Override
+    public List<Policy> getList() {
+        return new ArrayList<>(policyList);
+    }
+
+    @Override
+    public long size() {
+        return policyList.size();
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RequestPolicyList.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RequestPolicyList.java
deleted file mode 100644
index c077daac50..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RequestPolicyList.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import javax.servlet.ServletContext;
-import javax.servlet.ServletRequest;
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-
-/**
- * Allow us to store policies in a Request, in addition to those in the
- * ServletContext
- */
-public class RequestPolicyList extends PolicyList {
-	private static final String ATTRIBUTE_POLICY_ADDITIONS = RequestPolicyList.class
-			.getName();
-	private static final Log log = LogFactory.getLog(RequestPolicyList.class);
-
-	/**
-	 * Get a copy of the current list of policies. This includes the policies in
-	 * the ServletContext, followed by any stored in the request. This method may
-	 * return an empty list, but it never returns null.
-	 */
-	public static PolicyList getPolicies(HttpServletRequest request) {
-		ServletContext ctx = request.getSession().getServletContext();
-
-		PolicyList list = ServletPolicyList.getPolicies(ctx);
-		list.addAll(getPoliciesFromRequest(request));
-		return list;
-	}
-
-	public static void addPolicy(ServletRequest request, PolicyIface policy) {
-		PolicyList policies = getPoliciesFromRequest(request);
-		if (!policies.contains(policy)) {
-			policies.add(policy);
-			log.debug("Added policy: " + policy.toString());
-		} else {
-			log.warn("Ignored attempt to add redundent policy.");
-		}
-	}
-
-	/**
-	 * Get the current list of policy additions from the request, or create one
-	 * if there is none. This method may return an empty list, but it never
-	 * returns null.
-	 */
-	private static PolicyList getPoliciesFromRequest(ServletRequest request) {
-		if (request == null) {
-			throw new NullPointerException("request may not be null.");
-		}
-
-		Object obj = request.getAttribute(ATTRIBUTE_POLICY_ADDITIONS);
-		if (obj == null) {
-			obj = new PolicyList();
-			request.setAttribute(ATTRIBUTE_POLICY_ADDITIONS, obj);
-		}
-
-		if (!(obj instanceof PolicyList)) {
-			throw new IllegalStateException("Expected to find an instance of "
-					+ PolicyList.class.getName()
-					+ " in the context, but found an instance of "
-					+ obj.getClass().getName() + " instead.");
-		}
-
-		return (PolicyList) obj;
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RestrictHomeMenuItemEditingPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RestrictHomeMenuItemEditingPolicy.java
deleted file mode 100644
index 3b43577548..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RestrictHomeMenuItemEditingPolicy.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
-
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.dao.DisplayVocabulary;
-
-/**
- * Don't allow user to edit or drop the HomeMenuItem statement.
- */
-public class RestrictHomeMenuItemEditingPolicy implements PolicyIface {
-
-	@Override
-	public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
-			RequestedAction whatToAuth) {
-		if (whatToAuth instanceof EditObjectPropertyStatement) {
-			return isAuthorized((EditObjectPropertyStatement) whatToAuth);
-		} else if (whatToAuth instanceof DropObjectPropertyStatement) {
-			return isAuthorized((DropObjectPropertyStatement) whatToAuth);
-		} else {
-			return notHandled();
-		}
-	}
-
-	private PolicyDecision isAuthorized(
-			AbstractObjectPropertyStatementAction whatToAuth) {
-		if (whatToAuth.getPredicateUri()
-				.equals(DisplayVocabulary.HAS_ELEMENT)
-				&& whatToAuth.getObjectUri().equals(
-						DisplayVocabulary.HOME_MENU_ITEM)) {
-			return notAuthorized();
-		} else {
-			return notHandled();
-		}
-	}
-
-	private BasicPolicyDecision notHandled() {
-		return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
-				"Doesn't handle this type of request");
-	}
-
-	private BasicPolicyDecision notAuthorized() {
-		return new BasicPolicyDecision(Authorization.UNAUTHORIZED,
-				"Can't edit home menu item.");
-	}
-
-	public static class Setup implements ServletContextListener {
-		@Override
-		public void contextInitialized(ServletContextEvent sce) {
-			ServletPolicyList.addPolicyAtFront(sce.getServletContext(),
-					new RestrictHomeMenuItemEditingPolicy());
-		}
-
-		@Override
-		public void contextDestroyed(ServletContextEvent ctx) {
-			// Nothing to do here.
-		}
-
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java
deleted file mode 100644
index 816bf7d515..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java
+++ /dev/null
@@ -1,233 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import java.util.TreeSet;
-
-import javax.servlet.ServletContext;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsRootUser;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
-import edu.cornell.mannlib.vitro.webapp.beans.UserAccount.Status;
-import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
-import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
-import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
-import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
-
-/**
- * If the user has an IsRootUser identifier, they can do anything!
- *
- * On setup, check to see that the specified root user exists. If not, create
- * it. If we can't create it, abort.
- *
- * If any other root users exist, warn about them.
- */
-public class RootUserPolicy implements PolicyIface {
-	private static final Log log = LogFactory.getLog(RootUserPolicy.class);
-
-	private static final String PROPERTY_ROOT_USER_EMAIL = "rootUser.emailAddress";
-	/*
-	 * UQAM Add-Feature For parameterization of rootUser
-	 */
-	private static final String PROPERTY_ROOT_USER_PASSWORD = "rootUser.password";
-	private static final String PROPERTY_ROOT_USER_PASSWORD_CHANGE_REQUIRED = "rootUser.passwordChangeRequired";
-
-	private static final String ROOT_USER_INITIAL_PASSWORD = "rootPassword";
-	private static final String ROOT_USER_INITIAL_PASSWORD_CHANGE_REQUIRED = "true";
-
-	/**
-	 * This is the entire policy. If you are a root user, you are authorized.
-	 */
-	@Override
-	public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
-			RequestedAction whatToAuth) {
-		if (IsRootUser.isRootUser(whoToAuth)) {
-			return new BasicPolicyDecision(Authorization.AUTHORIZED,
-					"RootUserPolicy: approved");
-		} else {
-			return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
-					"not root user");
-		}
-	}
-
-	@Override
-	public String toString() {
-		return "RootUserPolicy - " + hashCode();
-	}
-
-	// ----------------------------------------------------------------------
-	// Setup class
-	// ----------------------------------------------------------------------
-
-	public static class Setup implements ServletContextListener {
-		private ServletContext ctx;
-		private StartupStatus ss;
-		private UserAccountsDao uaDao;
-		private ConfigurationProperties cp;
-		private String configuredRootUser;
-		private boolean configuredRootUserExists;
-		private TreeSet<String> otherRootUsers;
-
-		@Override
-		public void contextInitialized(ServletContextEvent sce) {
-			ctx = sce.getServletContext();
-			ss = StartupStatus.getBean(ctx);
-			cp = ConfigurationProperties.getBean(ctx);
-
-			try {
-				uaDao = ModelAccess.on(ctx).getWebappDaoFactory()
-						.getUserAccountsDao();
-				configuredRootUser = getRootEmailFromConfig();
-
-				otherRootUsers = getEmailsOfAllRootUsers();
-				configuredRootUserExists = otherRootUsers
-						.remove(configuredRootUser);
-
-				if (configuredRootUserExists) {
-					if (otherRootUsers.isEmpty()) {
-						informThatRootUserExists();
-					} else {
-						complainAboutMultipleRootUsers();
-					}
-				} else {
-					createRootUser();
-					if (!otherRootUsers.isEmpty()) {
-						complainAboutWrongRootUsers();
-					}
-				}
-
-				ServletPolicyList.addPolicy(ctx, new RootUserPolicy());
-			} catch (Exception e) {
-				ss.fatal(this, "Failed to set up the RootUserPolicy", e);
-			}
-		}
-
-		private String getRootEmailFromConfig() {
-			String email = ConfigurationProperties.getBean(ctx).getProperty(
-					PROPERTY_ROOT_USER_EMAIL);
-			if (email == null) {
-				throw new IllegalStateException(
-						"runtime.properties must contain a value for '"
-								+ PROPERTY_ROOT_USER_EMAIL + "'");
-			} else {
-				return email;
-			}
-		}
-
-		private TreeSet<String> getEmailsOfAllRootUsers() {
-			TreeSet<String> rootUsers = new TreeSet<String>();
-			for (UserAccount ua : uaDao.getAllUserAccounts()) {
-				if (ua.isRootUser()) {
-					rootUsers.add(ua.getEmailAddress());
-				}
-			}
-			return rootUsers;
-		}
-
-		/**
-		 * TODO The first and last name should be left blank, so the user will
-		 * be forced to edit them. However, that's not in place yet.
-		 */
-		private void createRootUser() {
-			if (!Authenticator.isValidEmailAddress(configuredRootUser)) {
-				throw new IllegalStateException("Value for '"
-						+ PROPERTY_ROOT_USER_EMAIL
-						+ "' is not a valid email address: '"
-						+ configuredRootUser + "'");
-			}
-
-			if (null != uaDao.getUserAccountByEmail(configuredRootUser)) {
-				throw new IllegalStateException("Can't create root user - "
-						+ "an account already exists with email address '"
-						+ configuredRootUser + "'");
-			}
-
-			UserAccount ua = new UserAccount();
-			ua.setEmailAddress(configuredRootUser);
-			ua.setFirstName("root");
-			ua.setLastName("user");
-			// UQAM Add-Feature using getRootPasswordFromConfig()
-			ua.setArgon2Password(Authenticator.applyArgon2iEncoding(
-					getRootPasswordFromConfig()));
-			ua.setMd5Password("");
-			// UQAM Add-Feature using getRootPasswdChangeRequiredFromConfig()
-			ua.setPasswordChangeRequired(getRootPasswdChangeRequiredFromConfig().booleanValue());
-			ua.setStatus(Status.ACTIVE);
-			ua.setRootUser(true);
-
-			uaDao.insertUserAccount(ua);
-
-			StartupStatus.getBean(ctx).info(this,
-					"Created root user '" + configuredRootUser + "'");
-		}
-
-		private void informThatRootUserExists() {
-			ss.info(this, "Root user is " + configuredRootUser);
-		}
-
-		private void complainAboutMultipleRootUsers() {
-			for (String other : otherRootUsers) {
-				ss.warning(this, "runtime.properties specifies '"
-						+ configuredRootUser + "' as the value for '"
-						+ PROPERTY_ROOT_USER_EMAIL
-						+ "', but the system also contains this root user: "
-						+ other);
-			}
-			ss.warning(this, "For security, "
-					+ "it is best to delete unneeded root user accounts.");
-		}
-
-		private void complainAboutWrongRootUsers() {
-			for (String other : otherRootUsers) {
-				ss.warning(this, "runtime.properties specifies '"
-						+ configuredRootUser + "' as the value for '"
-						+ PROPERTY_ROOT_USER_EMAIL
-						+ "', but the system contains this root user instead: "
-						+ other);
-			}
-			ss.warning(this, "Creating root user '" + configuredRootUser + "'");
-			ss.warning(this, "For security, "
-					+ "it is best to delete unneeded root user accounts.");
-		}
-		/*
-		 * UQAM Add-Feature
-		 * Add for getting rootUser.password property value from runtime.properties
-		 */
-		private String getRootPasswordFromConfig() {
-			String passwd = ConfigurationProperties.getBean(ctx).getProperty(
-					PROPERTY_ROOT_USER_PASSWORD);
-			if (passwd == null) {
-				passwd = ROOT_USER_INITIAL_PASSWORD;
-			}
-			return passwd;
-		}
-
-		/*
-		 * UQAM Add-Feature
-		 * Add for getting rootUser.passwordChangeRequired  property value  from runtime.properties
-		 */
-		private Boolean getRootPasswdChangeRequiredFromConfig() {
-			String passwdCR = ConfigurationProperties.getBean(ctx).getProperty(
-					PROPERTY_ROOT_USER_PASSWORD_CHANGE_REQUIRED);
-			if (passwdCR == null) {
-				passwdCR = ROOT_USER_INITIAL_PASSWORD_CHANGE_REQUIRED;
-			}
-			return new Boolean(passwdCR);
-		}
-		@Override
-		public void contextDestroyed(ServletContextEvent sce) {
-			// Nothing to destroy
-		}
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java
deleted file mode 100644
index ab43736a74..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java
+++ /dev/null
@@ -1,161 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.ServletContext;
-
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasAssociatedIndividual;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyStatementAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * Policy to use for Vivo Self-Editing based on NetId for use at Cornell. All
- * methods in this class should be thread safe and side effect free.
- */
-public class SelfEditingPolicy extends BaseSelfEditingPolicy implements
-		PolicyIface {
-	public SelfEditingPolicy(ServletContext ctx) {
-		super(ctx, RoleLevel.SELF);
-	}
-
-	@Override
-	public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
-			RequestedAction whatToAuth) {
-		if (whoToAuth == null) {
-			return inconclusiveDecision("whoToAuth was null");
-		}
-		if (whatToAuth == null) {
-			return inconclusiveDecision("whatToAuth was null");
-		}
-
-		List<String> userUris = new ArrayList<String>(
-				HasAssociatedIndividual.getIndividualUris(whoToAuth));
-
-		if (userUris.isEmpty()) {
-			return inconclusiveDecision("Not self-editing.");
-		}
-
-		if (whatToAuth instanceof AbstractObjectPropertyStatementAction) {
-			return isAuthorizedForObjectPropertyAction(userUris,
-					(AbstractObjectPropertyStatementAction) whatToAuth);
-		}
-
-		if (whatToAuth instanceof AbstractDataPropertyStatementAction) {
-			return isAuthorizedForDataPropertyAction(userUris,
-					(AbstractDataPropertyStatementAction) whatToAuth);
-		}
-
-		if (whatToAuth instanceof AbstractResourceAction) {
-			return isAuthorizedForResourceAction((AbstractResourceAction) whatToAuth);
-		}
-
-		return inconclusiveDecision("Does not authorize "
-				+ whatToAuth.getClass().getSimpleName() + " actions");
-	}
-
-	/**
-	 * The user can edit a object property if it is not restricted and if it is
-	 * about him.
-	 */
-	private PolicyDecision isAuthorizedForObjectPropertyAction(
-			List<String> userUris, AbstractObjectPropertyStatementAction action) {
-		String subject = action.getSubjectUri();
-		Property predicate = action.getPredicate();
-		String object = action.getObjectUri();
-
-		if (!canModifyResource(subject)) {
-			return cantModifyResource(subject);
-		}
-		if (!canModifyPredicate(predicate)) {
-			return cantModifyPredicate(predicate);
-		}
-		if (!canModifyResource(object)) {
-			return cantModifyResource(object);
-		}
-
-		if (userCanEditAsSubjectOrObjectOfStmt(userUris, subject, object)) {
-			return authorizedDecision("User is subject or object of statement.");
-		} else {
-			return userNotAuthorizedToStatement();
-		}
-	}
-
-	/**
-	 * The user can edit a data property if it is not restricted and if it is
-	 * about him.
-	 */
-	private PolicyDecision isAuthorizedForDataPropertyAction(
-			List<String> userUris, AbstractDataPropertyStatementAction action) {
-		String subject = action.getSubjectUri();
-		Property predicate = action.getPredicate();
-
-		if (!canModifyResource(subject)) {
-			return cantModifyResource(subject);
-		}
-		if (!canModifyPredicate(predicate)) {
-			return cantModifyPredicate(predicate);
-		}
-
-		if (userCanEditAsSubjectOfStmt(userUris, subject)) {
-			return authorizedDecision("User is subject of statement.");
-		} else {
-			return userNotAuthorizedToStatement();
-		}
-	}
-
-	/**
-	 * The user can add or remove resources if they are not restricted.
-	 */
-	private PolicyDecision isAuthorizedForResourceAction(
-			AbstractResourceAction action) {
-		String uri = action.getSubjectUri();
-		if (!canModifyResource(uri)) {
-			return cantModifyResource(uri);
-		} else {
-			return authorizedDecision("May add/remove resource.");
-		}
-	}
-
-	// ----------------------------------------------------------------------
-	// Helper methods
-	// ----------------------------------------------------------------------
-
-	private boolean userCanEditAsSubjectOfStmt(List<String> userUris,
-			String subject) {
-		for (String userUri : userUris) {
-			if (userUri.equals(subject)) {
-				return true;
-			}
-		}
-		return false;
-	}
-
-	private boolean userCanEditAsSubjectOrObjectOfStmt(List<String> userUris,
-			String subject, String object) {
-		for (String userUri : userUris) {
-			if (userUri.equals(subject)) {
-				return true;
-			}
-			if (userUri.equals(object)) {
-				return true;
-			}
-		}
-		return false;
-	}
-
-	@Override
-	public String toString() {
-		return "SelfEditingPolicy - " + hashCode();
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ServletPolicyList.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ServletPolicyList.java
deleted file mode 100644
index f724a50390..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ServletPolicyList.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import java.util.ListIterator;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-
-/**
- * This maintains a PolicyList in the ServletContext. As a rule, however, this
- * is only used as the basis for the RequestPolicyList. Client code that wants
- * to access the current list of policies should look there.
- */
-public class ServletPolicyList {
-	private static final String ATTRIBUTE_POLICY_LIST = ServletPolicyList.class.getName();
-	private static final Log log = LogFactory.getLog(ServletPolicyList.class);
-
-	/**
-	 * Get a copy of the current list of policies. This method may return an
-	 * empty list, but it never returns null.
-	 */
-	public static PolicyIface getPolicies(HttpServletRequest hreq) {
-		return getPolicies(hreq.getSession().getServletContext());
-	}
-
-	/**
-	 * Get a copy of the current list of policies. This method may return an
-	 * empty list, but it never returns null.
-	 */
-	public static PolicyList getPolicies(ServletContext sc) {
-		return new PolicyList(getPolicyList(sc));
-	}
-
-	/**
-	 * Add the policy to the end of the list.
-	 */
-	public static void addPolicy(ServletContext sc, PolicyIface policy) {
-		if (policy == null) {
-			return;
-		}
-
-		PolicyList policies = getPolicyList(sc);
-		if (!policies.contains(policy)) {
-			policies.add(policy);
-			log.debug("Added policy: " + policy.toString());
-		} else {
-			log.warn("Ignored attempt to add redundant policy.");
-		}
-	}
-
-	/**
-	 * Add the policy to the front of the list. It may be moved further down the
-	 * list by other policies that are later added using this method.
-	 */
-	public static void addPolicyAtFront(ServletContext sc, PolicyIface policy) {
-		if (policy == null) {
-			return;
-		}
-
-		PolicyList policies = getPolicyList(sc);
-		if (!policies.contains(policy)) {
-			policies.add(0, policy);
-			log.debug("Added policy at front: " + policy.toString());
-		} else {
-			log.warn("Ignored attempt to add redundant policy.");
-		}
-	}
-
-	/**
-	 * Replace the first instance of this class of policy in the list. If no
-	 * instance is found, add the policy to the end of the list.
-	 */
-	public static void replacePolicy(ServletContext sc, PolicyIface policy) {
-		if (policy == null) {
-			return;
-		}
-
-		Class<?> clzz = policy.getClass();
-		PolicyList policies = getPolicyList(sc);
-		ListIterator<PolicyIface> it = policies.listIterator();
-		while (it.hasNext()) {
-			if (clzz.isAssignableFrom(it.next().getClass())) {
-				it.set(policy);
-				return;
-			}
-		}
-
-		addPolicy(sc, policy);
-	}
-
-	/**
-	 * Get the current PolicyList from the context, or create one if there is
-	 * none. This method may return an empty list, but it never returns null.
-	 */
-	private static PolicyList getPolicyList(ServletContext ctx) {
-		if (ctx == null) {
-			throw new NullPointerException("ctx may not be null.");
-		}
-
-		Object obj = ctx.getAttribute(ATTRIBUTE_POLICY_LIST);
-		if (obj == null) {
-			obj = new PolicyList();
-			ctx.setAttribute(ATTRIBUTE_POLICY_LIST, obj);
-		}
-
-		if (!(obj instanceof PolicyList)) {
-			throw new IllegalStateException("Expected to find an instance of "
-					+ PolicyList.class.getName()
-					+ " in the context, but found an instance of "
-					+ obj.getClass().getName() + " instead.");
-		}
-
-		return (PolicyList) obj;
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBean.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBean.java
deleted file mode 100644
index 51c113ee5d..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBean.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
-
-import java.util.Arrays;
-import java.util.Collection;
-
-import javax.servlet.ServletContext;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
-import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
-
-/**
- * Assists the role-based policies in determining whether a property or resource
- * may be displayed, modified, or published in linked open data.
- *
- * There is a singleton bean that holds the current threshold role levels for
- * displaying, modifying, or publishing restricted properties.
- *
- * Create this bean after the context models are in place.
- *
- * Add PropertyRestrictionListener to your EditProcessObject if you are editing
- * a property, to ensure that the bean stays current.
- */
-public abstract class PropertyRestrictionBean {
-	private static final Log log = LogFactory
-			.getLog(PropertyRestrictionBean.class);
-
-	private static final PropertyRestrictionBean NULL = new PropertyRestrictionBeanNull();
-
-	protected static volatile PropertyRestrictionBean instance = NULL;
-
-	protected static final Collection<String> PROHIBITED_NAMESPACES = Arrays
-			.asList(new String[] { VitroVocabulary.vitroURI, "" });
-
-	protected static final Collection<String> PERMITTED_EXCEPTIONS = Arrays
-			.asList(new String[] { VitroVocabulary.MONIKER,
-					VitroVocabulary.MODTIME, VitroVocabulary.IND_MAIN_IMAGE,
-					VitroVocabulary.LINK, VitroVocabulary.PRIMARY_LINK,
-					VitroVocabulary.ADDITIONAL_LINK,
-					VitroVocabulary.LINK_ANCHOR, VitroVocabulary.LINK_URL });
-
-	// ----------------------------------------------------------------------
-	// static methods
-	// ----------------------------------------------------------------------
-
-	public static PropertyRestrictionBean getBean() {
-		return instance;
-	}
-
-	// ----------------------------------------------------------------------
-	// instance methods
-	// ----------------------------------------------------------------------
-
-	/**
-	 * Any resource can be displayed.
-	 *
-	 * (Someday we may want to implement display restrictions based on VClass.)
-	 */
-	public abstract boolean canDisplayResource(String resourceUri,
-			RoleLevel userRole);
-
-	/**
-	 * A resource cannot be modified if its namespace is in the prohibited list
-	 * (but some exceptions are allowed).
-	 *
-	 * (Someday we may want to implement modify restrictions based on VClass.)
-	 */
-	public abstract boolean canModifyResource(String resourceUri,
-			RoleLevel userRole);
-
-	/**
-	 * Any resource can be published.
-	 *
-	 * (Someday we may want to implement publish restrictions based on VClass.)
-	 */
-	public abstract boolean canPublishResource(String resourceUri,
-			RoleLevel userRole);
-
-	/**
-	 * If display of a predicate is restricted, the user's role must be at least
-	 * as high as the restriction level.
-	 */
-	public abstract boolean canDisplayPredicate(Property predicate,
-			RoleLevel userRole);
-
-	/**
-	 * A predicate cannot be modified if its namespace is in the prohibited list
-	 * (some exceptions are allowed).
-	 *
-	 * If modification of a predicate is restricted, the user's role must be at
-	 * least as high as the restriction level.
-	 */
-	public abstract boolean canModifyPredicate(Property predicate,
-			RoleLevel userRole);
-
-	/**
-	 * If publishing of a predicate is restricted, the user's role must be at
-	 * least as high as the restriction level.
-	 */
-	public abstract boolean canPublishPredicate(Property predicate,
-			RoleLevel userRole);
-
-	/**
-	 * The threshold values for this property may have changed.
-	 */
-	public abstract void updateProperty(PropertyRestrictionLevels levels);
-
-	// ----------------------------------------------------------------------
-	// The null implementation
-	// ----------------------------------------------------------------------
-
-	/**
-	 * A placeholder for when the bean instance is not set.
-	 */
-	private static class PropertyRestrictionBeanNull extends
-			PropertyRestrictionBean {
-		@Override
-		public boolean canDisplayResource(String resourceUri, RoleLevel userRole) {
-			warn();
-			return false;
-		}
-
-		@Override
-		public boolean canModifyResource(String resourceUri, RoleLevel userRole) {
-			warn();
-			return false;
-		}
-
-		@Override
-		public boolean canPublishResource(String resourceUri, RoleLevel userRole) {
-			warn();
-			return false;
-		}
-
-		@Override
-		public boolean canDisplayPredicate(Property predicate,
-				RoleLevel userRole) {
-			warn();
-			return false;
-		}
-
-		@Override
-		public boolean canModifyPredicate(Property predicate, RoleLevel userRole) {
-			warn();
-			return false;
-		}
-
-		@Override
-		public boolean canPublishPredicate(Property predicate,
-				RoleLevel userRole) {
-			warn();
-			return false;
-		}
-
-		@Override
-		public void updateProperty(PropertyRestrictionLevels levels) {
-			warn();
-		}
-
-		private void warn() {
-			try {
-				throw new IllegalStateException();
-			} catch (IllegalStateException e) {
-				log.warn("No PropertyRestrictionBean in place.", e);
-			}
-		}
-	}
-
-	// ----------------------------------------------------------------------
-	// Setup class
-	// ----------------------------------------------------------------------
-
-	/**
-	 * Create the bean at startup and remove it at shutdown.
-	 */
-	public static class Setup implements ServletContextListener {
-		@Override
-		public void contextInitialized(ServletContextEvent sce) {
-			ServletContext ctx = sce.getServletContext();
-			StartupStatus ss = StartupStatus.getBean(ctx);
-
-			try {
-				instance = new PropertyRestrictionBeanImpl(
-						PROHIBITED_NAMESPACES, PERMITTED_EXCEPTIONS,
-						ModelAccess.on(ctx));
-			} catch (Exception e) {
-				ss.fatal(this,
-						"could not set up PropertyRestrictionBean", e);
-			}
-		}
-
-		@Override
-		public void contextDestroyed(ServletContextEvent sce) {
-			instance = NULL;
-		}
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBeanImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBeanImpl.java
deleted file mode 100644
index 7676396dcd..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBeanImpl.java
+++ /dev/null
@@ -1,247 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
-
-import static edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels.Which.DISPLAY;
-import static edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels.Which.MODIFY;
-import static edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels.Which.PUBLISH;
-
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeSet;
-import java.util.concurrent.ConcurrentHashMap;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.apache.jena.rdf.model.impl.Util;
-
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels.Which;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
-import edu.cornell.mannlib.vitro.webapp.beans.FauxProperty;
-import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-import edu.cornell.mannlib.vitro.webapp.dao.PropertyDao.FullPropertyKey;
-import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ContextModelAccess;
-
-/**
- * On creation, populate a map of PropertyRestrictionLevels.
- *
- * When a change is detected, update the map accordingly.
- *
- * ------------------------------
- *
- * How is authorization determined?
- *
- * Resources are easy. If they aren't in a prohibited namespace, or are an
- * exception to the prohibition, they are accessible.
- *
- * Properties are harder. The prohibited namespace and exceptions still apply,
- * but if we pass that test, then we check the threshold map.
- *
- * When a test is made, we look for thresholds in the map. First we look for the
- * full key of domain-base-range, in case we are testing a faux property. Faux
- * properties are recorded in the map with the full key.
- *
- * If we don't find the full key, then perhaps we are testing a faux property
- * that has no settings, or perhaps we are testing an object property. We look
- * for the partial key of null-base-null, which covers both of these cases,
- * since object properties (and data properties) are recorded the map with a
- * partial key.
- *
- * Similarly, if we find a null threshold value in the full key, we look back to
- * the partial key for a threshold.
- *
- * If we find no non-null threshold value then the property is unrestricted for
- * that feature.
- *
- * -----------------------------
- *
- * It would perhaps be a silly optimization, but if we find a key with 3 null
- * thresholds, we could remove it from the map without changing the behavior.
- */
-public class PropertyRestrictionBeanImpl extends PropertyRestrictionBean {
-	private static final Log log = LogFactory
-			.getLog(PropertyRestrictionBeanImpl.class);
-
-	private final Set<String> prohibitedNamespaces;
-	private final Set<String> permittedExceptions;
-
-	private final Map<FullPropertyKey, PropertyRestrictionLevels> thresholdMap = new ConcurrentHashMap<>();
-
-	public PropertyRestrictionBeanImpl(Collection<String> prohibitedNamespaces,
-			Collection<String> permittedExceptions, ContextModelAccess models) {
-		Objects.requireNonNull(prohibitedNamespaces,
-				"prohibitedNamespaces may not be null.");
-		this.prohibitedNamespaces = Collections.unmodifiableSet(new TreeSet<>(
-				prohibitedNamespaces));
-
-		Objects.requireNonNull(permittedExceptions,
-				"permittedExceptions may not be null.");
-		this.permittedExceptions = Collections.unmodifiableSet(new TreeSet<>(
-				permittedExceptions));
-
-		Objects.requireNonNull(models, "models may not be null.");
-		populateThresholdMap(models.getWebappDaoFactory());
-	}
-
-	private void populateThresholdMap(WebappDaoFactory wadf) {
-		for (ObjectProperty oProp : wadf.getObjectPropertyDao()
-				.getAllObjectProperties()) {
-			addObjectPropertyToMap(oProp);
-			for (FauxProperty fProp : wadf.getFauxPropertyDao()
-					.getFauxPropertiesForBaseUri(oProp.getURI())) {
-				addFauxPropertyToMap(fProp);
-			}
-		}
-		for (DataProperty dProp : wadf.getDataPropertyDao()
-				.getAllDataProperties()) {
-			addDataPropertyToMap(dProp);
-		}
-	}
-
-	private void addObjectPropertyToMap(ObjectProperty oProp) {
-		FullPropertyKey key = new FullPropertyKey(oProp.getURI());
-		PropertyRestrictionLevels levels = new PropertyRestrictionLevels(key,
-				oProp.getHiddenFromDisplayBelowRoleLevel(),
-				oProp.getProhibitedFromUpdateBelowRoleLevel(),
-				oProp.getHiddenFromPublishBelowRoleLevel());
-		thresholdMap.put(key, levels);
-	}
-
-	private void addFauxPropertyToMap(FauxProperty fProp) {
-		FullPropertyKey key = new FullPropertyKey(fProp.getDomainURI(),
-				fProp.getBaseURI(), fProp.getRangeURI());
-		PropertyRestrictionLevels levels = new PropertyRestrictionLevels(key,
-				fProp.getHiddenFromDisplayBelowRoleLevel(),
-				fProp.getProhibitedFromUpdateBelowRoleLevel(),
-				fProp.getHiddenFromPublishBelowRoleLevel());
-		thresholdMap.put(key, levels);
-	}
-
-	private void addDataPropertyToMap(DataProperty dProp) {
-		FullPropertyKey key = new FullPropertyKey(dProp.getURI());
-		PropertyRestrictionLevels levels = new PropertyRestrictionLevels(key,
-				dProp.getHiddenFromDisplayBelowRoleLevel(),
-				dProp.getProhibitedFromUpdateBelowRoleLevel(),
-				dProp.getHiddenFromPublishBelowRoleLevel());
-		thresholdMap.put(key, levels);
-	}
-
-	@Override
-	public boolean canDisplayResource(String resourceUri, RoleLevel userRole) {
-		return (resourceUri != null) && (userRole != null);
-	}
-
-	@Override
-	public boolean canModifyResource(String resourceUri, RoleLevel userRole) {
-		if (resourceUri == null || userRole == null) {
-			return false;
-		}
-		return !prohibitedNamespaces.contains(namespace(resourceUri))
-				|| permittedExceptions.contains(resourceUri);
-	}
-
-	@Override
-	public boolean canPublishResource(String resourceUri, RoleLevel userRole) {
-		return (resourceUri != null) && (userRole != null);
-	}
-
-	@Override
-	public boolean canDisplayPredicate(Property predicate, RoleLevel userRole) {
-		if (predicate == null || predicate.getURI() == null) {
-			return false;
-		}
-		return isAuthorized(userRole, getThreshold(predicate, DISPLAY));
-	}
-
-	@Override
-	public boolean canModifyPredicate(Property predicate, RoleLevel userRole) {
-		if (predicate == null || predicate.getURI() == null) {
-			return false;
-		}
-		return isAuthorized(userRole, getPropertyModifyThreshold(predicate));
-	}
-
-	@Override
-	public boolean canPublishPredicate(Property predicate, RoleLevel userRole) {
-		if (predicate == null || predicate.getURI() == null) {
-			return false;
-		}
-		return isAuthorized(userRole, getThreshold(predicate, PUBLISH));
-	}
-
-	@Override
-	public void updateProperty(PropertyRestrictionLevels levels) {
-		thresholdMap.put(levels.getKey(), levels);
-	}
-
-	private boolean isAuthorized(RoleLevel userRole, RoleLevel thresholdRole) {
-		if (userRole == null) {
-			return false;
-		}
-		if (thresholdRole == null) {
-			return true;
-		}
-		return userRole.compareTo(thresholdRole) >= 0;
-	}
-
-	private RoleLevel getPropertyModifyThreshold(Property p) {
-		if (prohibitedNamespaces.contains(namespace(p.getURI()))
-				&& !permittedExceptions.contains(p.getURI())) {
-			return RoleLevel.NOBODY;
-		}
-		return getThreshold(p, MODIFY);
-	}
-
-	private RoleLevel getThreshold(Property p, Which which) {
-		RoleLevel qualifiedLevel = getThreshold(new FullPropertyKey(p), which);
-		if (qualifiedLevel != null) {
-			return qualifiedLevel;
-		}
-
-		RoleLevel bareLevel = getThreshold(new FullPropertyKey(p.getURI()),
-				which);
-		return bareLevel;
-	}
-
-	private RoleLevel getThreshold(FullPropertyKey key, Which which) {
-		PropertyRestrictionLevels levels = thresholdMap.get(key);
-		if (levels == null) {
-			return null;
-		} else {
-			return levels.getLevel(which);
-		}
-	}
-
-	private String namespace(String uri) {
-		return uri.substring(0, Util.splitNamespaceXML(uri));
-	}
-
-	@Override
-	public String toString() {
-		SortedSet<FullPropertyKey> keys = new TreeSet<>(
-				new Comparator<FullPropertyKey>() {
-					@Override
-					public int compare(FullPropertyKey o1, FullPropertyKey o2) {
-						return o1.toString().compareTo(o2.toString());
-					}
-				});
-		keys.addAll(thresholdMap.keySet());
-
-		StringBuilder buffer = new StringBuilder();
-		for (FullPropertyKey key : keys) {
-			buffer.append(key).append(" ").append(thresholdMap.get(key).getLevel(DISPLAY)).append(" ").append(thresholdMap.get(key).getLevel(MODIFY)).append(" ").append(thresholdMap.get(key).getLevel(PUBLISH)).append("\n");
-		}
-		return buffer.toString();
-
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionLevels.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionLevels.java
deleted file mode 100644
index 369c074705..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionLevels.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
-
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.dao.PropertyDao.FullPropertyKey;
-
-/**
- * The threshold levels for operations on a given property.
- *
- * This is based on the assumption that the FullPropertyKey is sufficient to
- * distinguish all properties. An object property and a data property may not
- * share the same key. A faux property must have a different key from any object
- * property.
- */
-public class PropertyRestrictionLevels {
-	private final FullPropertyKey key;
-	private final RoleLevel displayThreshold;
-	private final RoleLevel modifyThreshold;
-	private final RoleLevel publishThreshold;
-
-	public enum Which {
-		DISPLAY, MODIFY, PUBLISH
-	}
-
-	public PropertyRestrictionLevels(FullPropertyKey key,
-			RoleRestrictedProperty p) {
-		this(key, p.getHiddenFromDisplayBelowRoleLevel(), p
-				.getProhibitedFromUpdateBelowRoleLevel(), p
-				.getHiddenFromPublishBelowRoleLevel());
-	}
-
-	public PropertyRestrictionLevels(FullPropertyKey key,
-			RoleLevel displayThreshold, RoleLevel modifyThreshold,
-			RoleLevel publishThreshold) {
-		this.key = key;
-		this.displayThreshold = displayThreshold;
-		this.modifyThreshold = modifyThreshold;
-		this.publishThreshold = publishThreshold;
-	}
-
-	public FullPropertyKey getKey() {
-		return key;
-	}
-
-	public RoleLevel getLevel(Which which) {
-		if (which == null) {
-			return null;
-		} else {
-			switch (which) {
-			case DISPLAY:
-				return displayThreshold;
-			case MODIFY:
-				return modifyThreshold;
-			default:
-				return publishThreshold;
-			}
-		}
-	}
-
-	@Override
-	public String toString() {
-		return "PropertyRestrictionLevels[key=" + key + ", display="
-				+ displayThreshold + ", modify=" + modifyThreshold
-				+ ", publish=" + publishThreshold + "]";
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionListener.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionListener.java
index d632703fac..19862e2cd4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionListener.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionListener.java
@@ -2,12 +2,13 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
 
+import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
+import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vedit.beans.EditProcessObject;
 import edu.cornell.mannlib.vedit.listener.ChangeListener;
-import edu.cornell.mannlib.vitro.webapp.dao.PropertyDao.FullPropertyKey;
 
 /**
  * Add this ChangeListener to your EditProcessObject when modifying the
@@ -15,20 +16,17 @@
  * appropriate.
  */
 public class PropertyRestrictionListener implements ChangeListener {
-	private static final Log log = LogFactory
-			.getLog(PropertyRestrictionListener.class);
+	private static final Log log = LogFactory.getLog(PropertyRestrictionListener.class);
 
 	/**
 	 * If the deleted property had a non-null restriction, rebuild the bean.
 	 */
 	@Override
 	public void doDeleted(Object oldObj, EditProcessObject epo) {
-		if (oldObj instanceof RoleRestrictedProperty) {
-			RoleRestrictedProperty p = (RoleRestrictedProperty) oldObj;
-			FullPropertyKey key = new FullPropertyKey(p);
-			updateLevels(new PropertyRestrictionLevels(key, p));
+		if (oldObj instanceof Property) {
+		    EntityPolicyController.deletedEntityEvent((Property)oldObj);
 		} else {
-			log.warn("Not an instance of RoleRestrictedProperty: " + oldObj);
+			log.warn("Not an instance of Property: " + oldObj);
 		}
 	}
 
@@ -37,12 +35,10 @@ public void doDeleted(Object oldObj, EditProcessObject epo) {
 	 */
 	@Override
 	public void doInserted(Object newObj, EditProcessObject epo) {
-		if (newObj instanceof RoleRestrictedProperty) {
-			RoleRestrictedProperty p = (RoleRestrictedProperty) newObj;
-			FullPropertyKey key = new FullPropertyKey(p);
-			updateLevels(new PropertyRestrictionLevels(key, p));
+		if (newObj instanceof Property) {
+	        EntityPolicyController.insertedEntityEvent((Property)newObj);
 		} else {
-			log.warn("Not an instance of RoleRestrictedProperty: " + newObj);
+			log.warn("Not an instance of Property: " + newObj);
 		}
 	}
 
@@ -51,17 +47,12 @@ public void doInserted(Object newObj, EditProcessObject epo) {
 	 */
 	@Override
 	public void doUpdated(Object oldObj, Object newObj, EditProcessObject epo) {
-		if (newObj instanceof RoleRestrictedProperty) {
-			RoleRestrictedProperty newP = (RoleRestrictedProperty) newObj;
-			FullPropertyKey key = new FullPropertyKey(newP);
-			updateLevels(new PropertyRestrictionLevels(key, newP));
+		if (newObj instanceof Property) {
+	        EntityPolicyController.updatedEntityEvent(oldObj, newObj);
+
 		} else {
-			log.warn("Not instances of RoleRestrictedProperty: " + oldObj
+			log.warn("Not instances of Property: " + oldObj
 					+ ", " + newObj);
 		}
 	}
-
-	private void updateLevels(PropertyRestrictionLevels levels) {
-		PropertyRestrictionBean.getBean().updateProperty(levels);
-	}
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/RoleRestrictedProperty.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/RoleRestrictedProperty.java
deleted file mode 100644
index 7219bbf4bd..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/RoleRestrictedProperty.java
+++ /dev/null
@@ -1,23 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
-
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-
-/**
- * A property or faux property whose usage can be restricted according to the
- * user's role level.
- */
-public interface RoleRestrictedProperty {
-	String getDomainVClassURI();
-
-	String getRangeVClassURI();
-
-	String getURI();
-
-	RoleLevel getHiddenFromDisplayBelowRoleLevel();
-
-	RoleLevel getProhibitedFromUpdateBelowRoleLevel();
-
-	RoleLevel getHiddenFromPublishBelowRoleLevel();
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Authorization.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/DecisionResult.java
similarity index 89%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Authorization.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/DecisionResult.java
index 367a5a2acb..b5eaae3875 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Authorization.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/DecisionResult.java
@@ -2,7 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces;
 
-public enum Authorization {
+public enum DecisionResult {
     AUTHORIZED, //explicitly authorized
     UNAUTHORIZED, //explicitly not authorized
     INCONCLUSIVE;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyIface.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java
similarity index 55%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyIface.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java
index 11a19a4ede..1a55dd048d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyIface.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java
@@ -2,8 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces;
 
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
 /**
  * Represents the process of mapping an identifier that represents a user or
@@ -13,7 +12,14 @@
  * @author bdc34
  *
  */
-public interface PolicyIface  {
-    public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth);
+public interface Policy  {
+    public PolicyDecision decide(AuthorizationRequest ar);
 
+    public default String getUri() {
+        return "";
+    }
+    
+    public default long getPriority() {
+        return 0;
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyDecision.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyDecision.java
index c174776c1b..93ad098963 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyDecision.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyDecision.java
@@ -8,7 +8,7 @@
  * they are not authorized for some action.
  */
 public interface PolicyDecision {
-    public Authorization getAuthorized();
+    public DecisionResult getDecisionResult();
 
     public String getStackTrace();
     public String getMessage();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java
index 7a57232677..444c48b496 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java
@@ -8,17 +8,12 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundleFactory;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasPermissionFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasPermissionSetFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasProfileOrIsBlacklistedFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasProxyEditingRightsFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.IsRootUserFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.IsUserFactory;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.DisplayRestrictedDataToSelfPolicy;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PermissionsPolicy;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
 
 /**
@@ -32,27 +27,19 @@ public void contextInitialized(ServletContextEvent sce) {
 		StartupStatus ss = StartupStatus.getBean(ctx);
 
 		try {
-			policy(ctx, new PermissionsPolicy());
-			policy(ctx, new DisplayRestrictedDataToSelfPolicy(ctx));
-			policy(ctx, new SelfEditingPolicy(ctx));
-
-			factory(ctx, new IsUserFactory(ctx));
-			factory(ctx, new IsRootUserFactory(ctx));
-			factory(ctx, new HasProfileOrIsBlacklistedFactory(ctx));
-			factory(ctx, new HasPermissionSetFactory(ctx));
-			factory(ctx, new HasPermissionFactory(ctx));
-			factory(ctx, new HasProxyEditingRightsFactory(ctx));
+		    PolicyLoader.initialize(null);
+			factory(new IsUserFactory());
+			factory(new IsRootUserFactory());
+			factory(new HasProfileOrIsBlacklistedFactory());
+			factory(new HasPermissionSetFactory());
+			factory(new HasProxyEditingRightsFactory());
 		} catch (Exception e) {
 			ss.fatal(this, "could not run CommonPolicyFamilySetup", e);
 		}
 	}
 
-	private void policy(ServletContext ctx, PolicyIface policy) {
-		ServletPolicyList.addPolicy(ctx, policy);
-	}
-
-	private void factory(ServletContext ctx, IdentifierBundleFactory factory) {
-		ActiveIdentifierBundleFactories.addFactory(ctx, factory);
+	private void factory(IdentifierBundleFactory factory) {
+		ActiveIdentifierBundleFactories.addFactory(factory);
 	}
 
 	@Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java
deleted file mode 100644
index ddf88ed179..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships;
-
-import javax.servlet.ServletContext;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.policy.BasicPolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBean;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * A collection of building-block methods so we can code a policy based on the
- * relationship of the object being edited to the identity of the user doing the
- * editing.
- */
-public abstract class AbstractRelationshipPolicy implements PolicyIface {
-	private static final Log log = LogFactory
-			.getLog(AbstractRelationshipPolicy.class);
-
-	protected final ServletContext ctx;
-
-	public AbstractRelationshipPolicy(ServletContext ctx) {
-		this.ctx = ctx;
-	}
-
-	protected boolean canModifyResource(String uri) {
-		return PropertyRestrictionBean.getBean().canModifyResource(uri,
-				RoleLevel.SELF);
-	}
-
-	protected boolean canModifyPredicate(Property predicate) {
-		return PropertyRestrictionBean.getBean().canModifyPredicate(predicate,
-				RoleLevel.SELF);
-	}
-
-	protected PolicyDecision cantModifyResource(String uri) {
-		return inconclusiveDecision("No access to admin resources; cannot modify "
-				+ uri);
-	}
-
-	protected PolicyDecision cantModifyPredicate(String uri) {
-		return inconclusiveDecision("No access to admin predicates; cannot modify "
-				+ uri);
-	}
-
-	protected PolicyDecision userNotAuthorizedToStatement() {
-		return inconclusiveDecision("User has no access to this statement.");
-	}
-
-	/** An INCONCLUSIVE decision with a message like "PolicyClass: message". */
-	protected PolicyDecision inconclusiveDecision(String message) {
-		return new BasicPolicyDecision(Authorization.INCONCLUSIVE, getClass()
-				.getSimpleName() + ": " + message);
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/RelationshipChecker.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/RelationshipChecker.java
deleted file mode 100644
index 31625f912a..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/RelationshipChecker.java
+++ /dev/null
@@ -1,205 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.apache.jena.ontology.OntModel;
-import org.apache.jena.rdf.model.Property;
-import org.apache.jena.rdf.model.RDFNode;
-import org.apache.jena.rdf.model.Resource;
-import org.apache.jena.rdf.model.Selector;
-import org.apache.jena.rdf.model.SimpleSelector;
-import org.apache.jena.rdf.model.StmtIterator;
-import org.apache.jena.shared.Lock;
-
-import edu.cornell.mannlib.vitro.webapp.auth.policy.BasicPolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
-
-/**
- * Look for relationships within an OntModel. Types of resources, links between
- * resources, and links between resources via a context node.
- *
- * Also provides some convenience methods for test lists of URIs and for
- * creating PolicyDecisions.
- */
-public class RelationshipChecker {
-	private static final Log log = LogFactory.getLog(RelationshipChecker.class);
-
-	protected static final String NS_CORE = "http://vivoweb.org/ontology/core#";
-	protected static final String NS_OBO = "http://purl.obolibrary.org/obo/";
-	protected static final String URI_RELATES = NS_CORE + "relates";
-	protected static final String URI_RELATED_BY = NS_CORE + "relatedBy";
-	protected static final String URI_INHERES_IN = NS_OBO + "RO_0000052";
-	protected static final String URI_REALIZES = NS_OBO + "BFO_0000055";
-
-	private final OntModel ontModel;
-
-	public RelationshipChecker(OntModel ontModel) {
-		this.ontModel = ontModel;
-	}
-
-	/**
-	 * Are there any URIs that appear in both of these lists?
-	 */
-	public boolean anyUrisInCommon(List<String> list1, List<String> list2) {
-		List<String> urisInCommon = new ArrayList<String>(list1);
-		urisInCommon.retainAll(list2);
-		return !urisInCommon.isEmpty();
-	}
-
-	/**
-	 * Is this resource a member of this type? That is, is there an statement of
-	 * the form: {@code <resourceUri> rdfs:type <typeUri> }
-	 */
-	public boolean isResourceOfType(String resourceUri, String typeUri) {
-		Selector selector = createSelector(resourceUri,
-				VitroVocabulary.RDF_TYPE, typeUri);
-
-		StmtIterator stmts = null;
-		ontModel.enterCriticalSection(Lock.READ);
-		try {
-			stmts = ontModel.listStatements(selector);
-			if (stmts.hasNext()) {
-				log.debug("resource '" + resourceUri + "' is of type '"
-						+ typeUri + "'");
-				return true;
-			} else {
-				log.debug("resource '" + resourceUri + "' is not of type '"
-						+ typeUri + "'");
-				return false;
-			}
-		} finally {
-			if (stmts != null) {
-				stmts.close();
-			}
-			ontModel.leaveCriticalSection();
-		}
-	}
-
-	/**
-	 * Get a list of the object URIs that satisfy this statement:
-	 *
-	 * {@code <resourceUri> <propertyUri> <objectUri> }
-	 *
-	 * May return an empty list, but never returns null.
-	 */
-	public List<String> getObjectsOfProperty(String resourceUri,
-			String propertyUri) {
-		List<String> list = new ArrayList<String>();
-
-		Selector selector = createSelector(resourceUri, propertyUri, null);
-
-		StmtIterator stmts = null;
-		ontModel.enterCriticalSection(Lock.READ);
-		try {
-			stmts = ontModel.listStatements(selector);
-			while (stmts.hasNext()) {
-				list.add(stmts.next().getObject().toString());
-			}
-			log.debug("Objects of property '" + propertyUri + "' on resource '"
-					+ resourceUri + "': " + list);
-			return list;
-		} finally {
-			if (stmts != null) {
-				stmts.close();
-			}
-			ontModel.leaveCriticalSection();
-		}
-	}
-
-	/**
-	 * Get a list of the object URIs that satisfy these statements:
-	 *
-	 * {@code <resourceUri> <linkUri> <contextNodeUri> }
-	 *
-	 * {@code <contextNodeUri> <propertyUri> <objectUri> }
-	 *
-	 * May return an empty list, but never returns null.
-	 */
-	public List<String> getObjectsOfLinkedProperty(String resourceUri,
-			String linkUri, String propertyUri) {
-		List<String> list = new ArrayList<String>();
-
-		Selector selector = createSelector(resourceUri, linkUri, null);
-
-		StmtIterator stmts = null;
-
-		ontModel.enterCriticalSection(Lock.READ);
-		try {
-			stmts = ontModel.listStatements(selector);
-			while (stmts.hasNext()) {
-				RDFNode contextNode = stmts.next().getObject();
-				if (contextNode.isResource()) {
-					log.debug("found context node for '" + resourceUri + "': "
-							+ contextNode);
-					list.addAll(getObjectsOfProperty(contextNode.asResource()
-							.getURI(), propertyUri));
-				}
-			}
-			log.debug("Objects of linked properties '" + linkUri + "' ==> '"
-					+ propertyUri + "' on '" + resourceUri + "': " + list);
-			return list;
-		} finally {
-			if (stmts != null) {
-				stmts.close();
-			}
-			ontModel.leaveCriticalSection();
-		}
-	}
-
-	/**
-	 * Get a list of URIs for object that link to the specified resource, by
-	 * means of the specified properties, through a linking node of the
-	 * specified type.
-	 *
-	 * So we're looking for object URIs that statisfy these statements:
-	 *
-	 * {@code <resourceUri> <property1Uri> <linkNodeUri> }
-	 *
-	 * {@code <linkNodeUri> rdfs:type <linkNodeTypeUri> }
-	 *
-	 * {@code <linkNodeUri> <property2Uri> <objectUri> }
-	 */
-	public List<String> getObjectsThroughLinkingNode(String resourceUri,
-			String property1Uri, String linkNodeTypeUri, String property2Uri) {
-		List<String> list = new ArrayList<String>();
-
-		for (String linkNodeUri : getObjectsOfProperty(resourceUri, property1Uri)) {
-			if (isResourceOfType(linkNodeUri, linkNodeTypeUri)) {
-				list.addAll(getObjectsOfProperty(linkNodeUri, property2Uri));
-			}
-		}
-
-		return list;
-	}
-
-	public Selector createSelector(String subjectUri, String predicateUri,
-			String objectUri) {
-		Resource subject = (subjectUri == null) ? null : ontModel
-				.getResource(subjectUri);
-		return createSelector(subject, predicateUri, objectUri);
-	}
-
-	public Selector createSelector(Resource subject, String predicateUri,
-			String objectUri) {
-		Property predicate = (predicateUri == null) ? null : ontModel
-				.getProperty(predicateUri);
-		RDFNode object = (objectUri == null) ? null : ontModel
-				.getResource(objectUri);
-		return new SimpleSelector(subject, predicate, object);
-	}
-
-	/** An AUTHORIZED decision with a message like "PolicyClass: message". */
-	protected PolicyDecision authorizedDecision(String message) {
-		return new BasicPolicyDecision(Authorization.AUTHORIZED, getClass()
-				.getSimpleName() + ": " + message);
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AllowedAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AllowedAuthorizationRequest.java
new file mode 100644
index 0000000000..fdb99f9fc4
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AllowedAuthorizationRequest.java
@@ -0,0 +1,30 @@
+package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
+
+public class AllowedAuthorizationRequest extends AuthorizationRequest{
+
+    private DecisionResult decision;
+
+    public AllowedAuthorizationRequest() {
+        decision = DecisionResult.AUTHORIZED;
+    }
+
+    @Override
+    public DecisionResult getPredefinedDecision() {
+        return decision;
+    }
+
+    @Override
+    public AccessObject getAccessObject() {
+        return null;
+    }
+
+    @Override
+    public AccessOperation getAccessOperation() {
+        return null;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthHelper.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthHelper.java
new file mode 100644
index 0000000000..cd23112a29
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthHelper.java
@@ -0,0 +1,61 @@
+package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
+
+import java.util.Arrays;
+import java.util.List;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+
+public class AuthHelper {
+
+    static class OrAuthorizationRequest extends AuthorizationRequest {
+    	private final AuthorizationRequest ar1;
+    	private final AuthorizationRequest ar2;
+    
+    	private OrAuthorizationRequest(AuthorizationRequest ar1, AuthorizationRequest ar2) {
+    		this.ar1 = ar1;
+    		this.ar2 = ar2;
+    	}
+    	@Override
+        public boolean isContainer() {
+            return true;
+        }
+
+        public List<AuthorizationRequest> getItems(){
+            return Arrays.asList(ar1, ar2);
+        };
+
+    
+    	@Override
+    	public String toString() {
+    		return "(" + ar1 + " || " + ar2 + ")";
+    	}
+        @Override
+        public AccessObject getAccessObject() {
+            // TODO Auto-generated method stub
+            return null;
+        }
+        @Override
+        public AccessOperation getAccessOperation() {
+            // TODO Auto-generated method stub
+            return null;
+        }
+        @Override
+        public IdentifierBundle getIds() {
+            // TODO Auto-generated method stub
+            return null;
+        }
+    }
+
+    public static AuthorizationRequest logicOr(AuthorizationRequest fist, AuthorizationRequest second) {
+        if (fist == null) {
+            return second;
+        } else if (second == null) {
+            return fist;
+        } else {
+            return new AuthHelper.OrAuthorizationRequest(fist, second);
+        }
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
index 80e3f32cf5..4672bee4ad 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
@@ -1,125 +1,61 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
 package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
 
-import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 
-/**
- * A base class for RequestedAction that permits boolean operations on them.
- *
- * A null request is ignored, so in "and" it is equivalent to true, while in
- * "or" it is equivalent to false.
- */
 public abstract class AuthorizationRequest {
-	// ----------------------------------------------------------------------
-	// Constants
-	// ----------------------------------------------------------------------
-
-	public static final AuthorizationRequest AUTHORIZED = new AuthorizationRequest() {
-		@Override
-		public boolean isAuthorized(IdentifierBundle ids, PolicyIface policy) {
-			return true;
-		}
-	};
-
-	public static final AuthorizationRequest UNAUTHORIZED = new AuthorizationRequest() {
-		@Override
-		public boolean isAuthorized(IdentifierBundle ids, PolicyIface policy) {
-			return false;
-		}
-	};
-
-	// ----------------------------------------------------------------------
-	// Static convenience methods
-	// ----------------------------------------------------------------------
-
-	public static AuthorizationRequest andAll(AuthorizationRequest... ars) {
-		return andAll(Arrays.asList(ars));
-	}
-
-	public static AuthorizationRequest andAll(
-			Iterable<? extends AuthorizationRequest> ars) {
-		AuthorizationRequest result = AUTHORIZED;
-		for (AuthorizationRequest ar : ars) {
-			result = result.and(ar);
-		}
-		return result;
-	}
-
-	// ----------------------------------------------------------------------
-	// The abstract class
-	// ----------------------------------------------------------------------
-
-	public AuthorizationRequest and(AuthorizationRequest that) {
-		if (that == null) {
-			return this;
-		} else {
-			return new AndAuthorizationRequest(this, that);
-		}
-	}
-
-	public AuthorizationRequest or(AuthorizationRequest that) {
-		if (that == null) {
-			return this;
-		} else {
-			return new OrAuthorizationRequest(this, that);
-		}
-	}
-
-	public abstract boolean isAuthorized(IdentifierBundle ids,
-			PolicyIface policy);
-
-	// ----------------------------------------------------------------------
-	// Subclasses for boolean operations
-	// ----------------------------------------------------------------------
-
-	private static class AndAuthorizationRequest extends AuthorizationRequest {
-		private final AuthorizationRequest ar1;
-		private final AuthorizationRequest ar2;
-
-		private AndAuthorizationRequest(AuthorizationRequest ar1,
-				AuthorizationRequest ar2) {
-			this.ar1 = ar1;
-			this.ar2 = ar2;
-		}
-
-		@Override
-		public boolean isAuthorized(IdentifierBundle ids, PolicyIface policy) {
-			return ar1.isAuthorized(ids, policy)
-					&& ar2.isAuthorized(ids, policy);
-		}
-
-		@Override
-		public String toString() {
-			return "(" + ar1 + " && " + ar2 + ")";
-		}
-
-	}
-
-	private static class OrAuthorizationRequest extends AuthorizationRequest {
-		private final AuthorizationRequest ar1;
-		private final AuthorizationRequest ar2;
-
-		private OrAuthorizationRequest(AuthorizationRequest ar1,
-				AuthorizationRequest ar2) {
-			this.ar1 = ar1;
-			this.ar2 = ar2;
-		}
-
-		@Override
-		public boolean isAuthorized(IdentifierBundle ids, PolicyIface policy) {
-			return ar1.isAuthorized(ids, policy)
-					|| ar2.isAuthorized(ids, policy);
-		}
-
-		@Override
-		public String toString() {
-			return "(" + ar1 + " || " + ar2 + ")";
-		}
-
-	}
 
-}
+    public static final AuthorizationRequest UNAUTHORIZED = new ForbiddenAuthorizationRequest();
+    public static final AuthorizationRequest AUTHORIZED = new AllowedAuthorizationRequest();
+    
+    IdentifierBundle ids;
+    private List<String> editorUris = Collections.emptyList();
+    List<String> roleUris = Collections.emptyList();
+
+    
+    public void setRoleUris(List<String> roleUris) {
+        this.roleUris = roleUris;
+    }
+
+    public boolean isContainer() {
+        return false;
+    }
+
+    public DecisionResult getPredefinedDecision(){
+        return DecisionResult.INCONCLUSIVE;
+    }
+    
+    public List<AuthorizationRequest> getItems() {
+        return Collections.emptyList();
+    }
+    
+    public abstract AccessObject getAccessObject();
+    
+    public abstract AccessOperation getAccessOperation();
+
+    public IdentifierBundle getIds() {
+        return ids;
+    }
+    
+    public List<String> getRoleUris() {
+        return roleUris;
+    }
+    
+    public void setIds(IdentifierBundle ids) {
+        this.ids = ids;
+    }
+
+    public void setEditorUris(List<String> list) {
+        editorUris = list;
+    }
+
+    public List<String> getEditorUris(){
+        return editorUris;
+    };
+    
+}
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ForbiddenAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ForbiddenAuthorizationRequest.java
new file mode 100644
index 0000000000..43222c3ff2
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ForbiddenAuthorizationRequest.java
@@ -0,0 +1,36 @@
+package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
+
+public class ForbiddenAuthorizationRequest extends AuthorizationRequest {
+
+    private DecisionResult predefinedDecision;
+
+    public ForbiddenAuthorizationRequest() {
+        predefinedDecision = DecisionResult.UNAUTHORIZED;
+    }
+
+    @Override
+    public DecisionResult getPredefinedDecision() {
+        return predefinedDecision;
+    }
+
+    @Override
+    public AccessObject getAccessObject() {
+        return null;
+    }
+
+    @Override
+    public AccessOperation getAccessOperation() {
+        return null;
+    }
+
+    @Override
+    public IdentifierBundle getIds() {
+        // TODO Auto-generated method stub
+        return null;
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/RequestedAction.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/RequestedAction.java
deleted file mode 100644
index e326674659..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/RequestedAction.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
-
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/* Represents a request to perform an action.    */
-public abstract class RequestedAction extends AuthorizationRequest {
-	public static String ACTION_NAMESPACE = "java:";
-
-	public static String SOME_URI = "?SOME_URI";
-	public static Property SOME_PREDICATE = new Property(SOME_URI);
-	public static String SOME_LITERAL = "?SOME_LITERAL";
-
-	/**
-	 * In its most basic form, a RequestAction needs to have an identifier.
-	 * Sometimes this will be enough.
-	 */
-	public String getURI() {
-		return ACTION_NAMESPACE + this.getClass().getName();
-	}
-
-	/**
-	 * For authorization, just ask the Policy. INCONCLUSIVE is not good enough.
-	 */
-	@Override
-	public final boolean isAuthorized(IdentifierBundle ids, PolicyIface policy) {
-		PolicyDecision decision = policy.isAuthorized(ids, this);
-		return decision.getAuthorized() == Authorization.AUTHORIZED;
-	}
-
-	@Override
-	public String toString() {
-		return this.getClass().getSimpleName();
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java
new file mode 100644
index 0000000000..c7139f2cda
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java
@@ -0,0 +1,47 @@
+package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObjectImpl;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
+
+public class SimpleAuthorizationRequest extends AuthorizationRequest {
+
+    private AccessObject object;
+
+    public AccessObject getObject() {
+        return object;
+    }
+
+    public AccessOperation getOperation() {
+        return operation;
+    }
+
+    private AccessOperation operation;
+    
+    public SimpleAuthorizationRequest(AccessObject object, AccessOperation operation) {
+        this.object = object;
+        this.operation = operation;
+    }
+    
+    public SimpleAuthorizationRequest(String namedAccessObject) {
+        this.object = new AccessObjectImpl(namedAccessObject);
+        this.operation = AccessOperation.EXECUTE;
+    }
+
+    @Override
+    public DecisionResult getPredefinedDecision() {
+        return DecisionResult.INCONCLUSIVE;
+    }
+
+    @Override
+    public AccessObject getAccessObject() {
+        return object;
+    }
+
+    @Override
+    public AccessOperation getAccessOperation() {
+        return operation;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleRequestedAction.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleRequestedAction.java
deleted file mode 100644
index 28ff5ba770..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleRequestedAction.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
-
-
-/**
- * A RequestedAction that can be recognized by a SimplePermission.
- */
-public class SimpleRequestedAction extends RequestedAction {
-	private final String uri;
-
-	public SimpleRequestedAction(String uri) {
-		if (uri == null) {
-			throw new NullPointerException("uri may not be null.");
-		}
-
-		this.uri = uri;
-	}
-
-	@Override
-	public String getURI() {
-		return uri;
-	}
-
-	@Override
-	public int hashCode() {
-		return uri.hashCode();
-	}
-
-	@Override
-	public boolean equals(Object o) {
-		if (o instanceof SimpleRequestedAction) {
-			SimpleRequestedAction that = (SimpleRequestedAction) o;
-			return equivalent(this.uri, that.uri);
-		}
-		return false;
-	}
-
-	private boolean equivalent(Object o1, Object o2) {
-		return (o1 == null) ? (o2 == null) : o1.equals(o2);
-	}
-
-	@Override
-	public String toString() {
-		return "SimpleRequestedAction['" + uri + "']";
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/AddNewUser.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/AddNewUser.java
deleted file mode 100644
index 0c57618a98..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/AddNewUser.java
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
-
-/** Should we allow the user to create a user account? */
-public class AddNewUser extends RequestedAction implements AdminRequestedAction{
-	// no members
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/LoadOntology.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/LoadOntology.java
deleted file mode 100644
index ea7027a735..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/LoadOntology.java
+++ /dev/null
@@ -1,19 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
-
-/** Should we allow the user to load an ontology? */
-public class LoadOntology extends RequestedAction implements AdminRequestedAction{
-    protected String ontologyUrl;
-
-    public String getOntologyUrl() {
-        return ontologyUrl;
-    }
-
-    public void setOntologyUrl(String ontologyUrl) {
-        this.ontologyUrl = ontologyUrl;
-    }
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/RebuildTextIndex.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/RebuildTextIndex.java
deleted file mode 100644
index e0261e4504..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/RebuildTextIndex.java
+++ /dev/null
@@ -1,10 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
-
-public class RebuildTextIndex extends RequestedAction implements AdminRequestedAction{
-	// no members
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/RemoveUser.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/RemoveUser.java
deleted file mode 100644
index 28fd602ad0..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/RemoveUser.java
+++ /dev/null
@@ -1,19 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
-
-/** Should we allow the user to remove a user account */
-public class RemoveUser extends RequestedAction implements AdminRequestedAction{
-    protected String userUri;
-
-    public String getUserUri() {
-        return userUri;
-    }
-
-    public void setUserUri(String userUri) {
-        this.userUri = userUri;
-    }
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/ServerStatus.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/ServerStatus.java
deleted file mode 100644
index 8e2ff80ddd..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/ServerStatus.java
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
-
-/** Should we allow the user to view information about the server status? */
-public class ServerStatus extends RequestedAction implements AdminRequestedAction {
-	// no members
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/UpdateTextIndex.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/UpdateTextIndex.java
deleted file mode 100644
index 2331078236..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/UpdateTextIndex.java
+++ /dev/null
@@ -1,10 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
-
-public class UpdateTextIndex extends RequestedAction implements AdminRequestedAction{
-	// no fields
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/UploadFile.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/UploadFile.java
deleted file mode 100644
index 2327ecc4ff..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/UploadFile.java
+++ /dev/null
@@ -1,18 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
-
-/** Should we allow the user to upload a file? */
-public class UploadFile extends RequestedAction implements AdminRequestedAction{
-    protected String subjectUri;
-    protected String predicateUri;
-
-    public UploadFile(String subjectUri, String predicateUri) {
-        super();
-        this.subjectUri = subjectUri;
-        this.predicateUri = predicateUri;
-    }
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayDataProperty.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayDataProperty.java
deleted file mode 100644
index a452d40fba..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayDataProperty.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
-
-/** Should we allow the user to see this DataProperty? */
-public class DisplayDataProperty extends RequestedAction {
-	private final DataProperty dataProperty;
-
-	public DisplayDataProperty(DataProperty dataProperty) {
-		this.dataProperty = dataProperty;
-	}
-
-	public DataProperty getDataProperty() {
-		return dataProperty;
-	}
-
-	@Override
-	public String toString() {
-		return "DisplayDataProperty[" + dataProperty + "]";
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayDataPropertyStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayDataPropertyStatement.java
deleted file mode 100644
index dfa25f1ab2..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayDataPropertyStatement.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
-
-/** Should we let the user see this DataPropertyStatement? */
-public class DisplayDataPropertyStatement extends RequestedAction {
-	private final DataPropertyStatement dataPropertyStatement;
-
-	public DisplayDataPropertyStatement(
-			DataPropertyStatement dataPropertyStatement) {
-		this.dataPropertyStatement = dataPropertyStatement;
-	}
-
-	public DataPropertyStatement getDataPropertyStatement() {
-		return dataPropertyStatement;
-	}
-
-	@Override
-	public String toString() {
-		return "DisplayDataPropertyStatement["
-				+ dataPropertyStatement.getIndividualURI() + "==>"
-				+ dataPropertyStatement.getDatapropURI() + "==>"
-				+ dataPropertyStatement.getData() + "]";
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectProperty.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectProperty.java
deleted file mode 100644
index 19b5655641..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectProperty.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
-
-/** Should we allow the user to see this ObjectProperty? */
-public class DisplayObjectProperty extends RequestedAction {
-	private final ObjectProperty objectProperty;
-
-	public DisplayObjectProperty(ObjectProperty objectProperty) {
-		this.objectProperty = objectProperty;
-	}
-
-	public ObjectProperty getObjectProperty() {
-		return objectProperty;
-	}
-
-	@Override
-	public String toString() {
-		return "DisplayObjectProperty[" + objectProperty + "]";
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectPropertyStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectPropertyStatement.java
deleted file mode 100644
index 1decb1196a..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectPropertyStatement.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
-
-/** Should we let the user see this ObjectPropertyStatement? */
-public class DisplayObjectPropertyStatement extends RequestedAction {
-	private final String subjectUri;
-	private final ObjectProperty property;
-	private final String objectUri;
-
-	public DisplayObjectPropertyStatement(String subjectUri,
-			ObjectProperty property, String objectUri) {
-		this.subjectUri = subjectUri;
-		this.property = property;
-		this.objectUri = objectUri;
-	}
-
-	public String getSubjectUri() {
-		return subjectUri;
-	}
-
-	public ObjectProperty getProperty() {
-		return property;
-	}
-
-	public String getObjectUri() {
-		return objectUri;
-	}
-
-	@Override
-	public String toString() {
-		return "DisplayObjectPropertyStatement[" + subjectUri + "==>"
-				+ property.getURI() + "==>" + objectUri + "]";
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/AdminRequestedAction.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/AdminRequestedAction.java
deleted file mode 100644
index 25e73019c0..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/AdminRequestedAction.java
+++ /dev/null
@@ -1,8 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
-
-/** Denotes an action that is administrative, like adding users, etc. */
-public interface AdminRequestedAction {
-	/** marker interface */
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/OntoRequestedAction.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/OntoRequestedAction.java
deleted file mode 100644
index cc2382901b..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/OntoRequestedAction.java
+++ /dev/null
@@ -1,8 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
-
-/** Denotes an action that relates to manipulating the ontology. */
-public interface OntoRequestedAction {
-	/** marker interface */
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequiresActions.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequiresActions.java
deleted file mode 100644
index 7199b0f9f6..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequiresActions.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
-
-/**
- * Interface to objects that provide a list of Actions that are
- * required for the object to be used.
- *
- * This is intended to provide a way to setup DataGetter
- * objects to be used with the FreemarkerHttpServlet.requiredActions()
- * method.
- *
- * @author bdc34
- */
-public interface RequiresActions {
-
-    /**
-     * Returns Actions that are required to be authorized for
-     * the object to be used.
-     *
-     * The code that is calling this method
-     * could use methods from PolicyHelper to check if the
-     * request has authorization to do these Actions. The code
-     * calling this method would then have the ability to
-     * deny the action if it is not authorized.
-     *
-     * @param vreq Vitro request
-     * @return Should not be null. Return Actions.AUTHORIZED
-     * if no authorization is required to do use the object.
-     */
-    public AuthorizationRequest requiredActions(VitroRequest vreq) ;
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/SingleParameterAction.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/SingleParameterAction.java
deleted file mode 100644
index f460e4feb9..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/SingleParameterAction.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-
-/**
- * A base class for actions that involve a single URI.
- */
-public abstract class SingleParameterAction extends RequestedAction {
-    protected String subjectUri;
-
-    public String getSubjectUri() {
-        return subjectUri;
-    }
-
-    public void setSubjectUri(String subjectUri) {
-        this.subjectUri = subjectUri;
-    }
-
-    @Override
-	public String toString(){
-        return this.getClass().getName() + " <"+subjectUri+">";
-    }
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/CreateOwlClass.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/CreateOwlClass.java
deleted file mode 100644
index 36b7f732c4..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/CreateOwlClass.java
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.SingleParameterAction;
-
-/** Should we allow the user to create a new class in the ontology? */
-public class CreateOwlClass extends SingleParameterAction implements OntoRequestedAction {
-	// no fields
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/DefineDataProperty.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/DefineDataProperty.java
deleted file mode 100644
index f7667d5f91..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/DefineDataProperty.java
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.SingleParameterAction;
-
-/** Should we allow the user to define a data property in the ontology? */
-public class DefineDataProperty extends SingleParameterAction implements OntoRequestedAction{
-	// no fields
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/DefineObjectProperty.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/DefineObjectProperty.java
deleted file mode 100644
index 63d1898837..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/DefineObjectProperty.java
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.SingleParameterAction;
-
-/** Should we allow the user to define a new object property in the ontology? */
-public class DefineObjectProperty extends SingleParameterAction implements OntoRequestedAction{
-	// no fields
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/RemoveOwlClass.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/RemoveOwlClass.java
deleted file mode 100644
index 495116aaeb..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/RemoveOwlClass.java
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.SingleParameterAction;
-
-/** Should we allow the user to remove a class from the ontology? */
-public class RemoveOwlClass extends SingleParameterAction implements OntoRequestedAction{
-	// no fields
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java
deleted file mode 100644
index 2d9a17338b..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
-
-import org.apache.jena.ontology.OntModel;
-
-import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * A base class for requested actions that involve adding, editing, or dropping
- * data property statements from a model.
- */
-public abstract class AbstractDataPropertyStatementAction extends
-		AbstractPropertyStatementAction {
-	private final String subjectUri;
-	private final String predicateUri;
-	private final Property predicate;
-	private final String dataValue;
-
-	public AbstractDataPropertyStatementAction(OntModel ontModel,
-			String subjectUri, String predicateUri, String dataValue) {
-		super(ontModel);
-		this.subjectUri = subjectUri;
-		this.predicateUri = predicateUri;
-		Property dataProperty = new Property();
-		dataProperty.setURI(predicateUri);
-		this.predicate = dataProperty;
-		this.dataValue = dataValue;
-	}
-
-	public AbstractDataPropertyStatementAction(OntModel ontModel,
-			DataPropertyStatement dps) {
-		super(ontModel);
-		this.subjectUri = (dps.getIndividual() == null) ? dps
-				.getIndividualURI() : dps.getIndividual().getURI();
-		this.predicateUri = dps.getDatapropURI();
-	    Property dataProperty = new Property();
-	    dataProperty.setURI(predicateUri);
-	    this.predicate = dataProperty;
-	    this.dataValue = dps.getData();
-	}
-
-	public String getSubjectUri() {
-		return subjectUri;
-	}
-
-	@Override
-	public Property getPredicate() {
-	    return predicate;
-	}
-
-	@Override
-	public String getPredicateUri() {
-		return predicateUri;
-	}
-
-	@Override
-	public String[] getResourceUris() {
-		return new String[] {subjectUri};
-	}
-
-	public String dataValue() {
-		return dataValue;
-	}
-
-	@Override
-	public String toString() {
-		return getClass().getSimpleName() + ": <" + subjectUri + "> <"
-				+ predicateUri + ">";
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java
deleted file mode 100644
index 2e70191e10..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
-
-import org.apache.jena.ontology.OntModel;
-
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * A base class for requested actions that involve adding, editing, or deleting
- * object property statements from a model.
- */
-public abstract class AbstractObjectPropertyStatementAction extends
-		AbstractPropertyStatementAction {
-	private final String subjectUri;
-	private final Property predicate;
-	private final String objectUri;
-
-	public AbstractObjectPropertyStatementAction(OntModel ontModel,
-			String subjectUri, Property predicate, String objectUri) {
-		super(ontModel);
-		this.subjectUri = subjectUri;
-		this.predicate = predicate;
-		this.objectUri = objectUri;
-	}
-
-	public String getSubjectUri() {
-		return subjectUri;
-	}
-
-	public String getObjectUri() {
-		return objectUri;
-	}
-
-	@Override
-	public Property getPredicate() {
-		return predicate;
-	}
-
-	@Override
-	public String getPredicateUri() {
-		return predicate.getURI();
-	}
-
-	@Override
-	public String[] getResourceUris() {
-		return new String[] { subjectUri, objectUri };
-	}
-
-	@Override
-	public String toString() {
-		return this.getClass().getSimpleName() + ": <" + subjectUri + "> <"
-				+ predicate.getURI() + "> <" + objectUri + ">";
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java
deleted file mode 100644
index b0351a9d45..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
-
-import org.apache.jena.ontology.OntModel;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * A base class for requested actions that involve adding, editing, or deleting
- * statements from a model.
- */
-public abstract class AbstractPropertyStatementAction extends RequestedAction {
-	private final OntModel ontModel;
-
-	public AbstractPropertyStatementAction(OntModel ontModel) {
-		this.ontModel = ontModel;
-	}
-
-	public OntModel getOntModel() {
-		return ontModel;
-	}
-
-	/**
-	 * Get the URI of the Resources that are involved in this statement. Those
-	 * are the Subject, and the Object if this is an ObjectProperty request.
-	 */
-	public abstract String[] getResourceUris();
-
-	public abstract Property getPredicate();
-
-	public abstract String getPredicateUri();
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java
deleted file mode 100644
index 8b49ddc6b9..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
-
-import org.apache.jena.ontology.OntModel;
-
-import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
-
-/**
- * Should we allow the user to add this DataPropertyStatement to this model?
- */
-public class AddDataPropertyStatement extends
-		AbstractDataPropertyStatementAction {
-
-	public AddDataPropertyStatement(OntModel ontModel, String subjectUri,
-			String predicateUri, String dataValue) {
-		super(ontModel, subjectUri, predicateUri, dataValue);
-	}
-
-	public AddDataPropertyStatement(OntModel ontModel, DataPropertyStatement dps) {
-		super(ontModel, dps);
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java
deleted file mode 100644
index cc3f53dc65..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java
+++ /dev/null
@@ -1,19 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
-
-import org.apache.jena.ontology.OntModel;
-
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * Should we allow the user to add this ObjectPropertyStatement to this model?
- */
-public class AddObjectPropertyStatement extends
-		AbstractObjectPropertyStatementAction {
-	public AddObjectPropertyStatement(OntModel ontModel, String uriOfSub,
-			Property predicate, String uriOfObj) {
-		super(ontModel, uriOfSub, predicate, uriOfObj);
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java
deleted file mode 100644
index e801837dc1..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
-
-import org.apache.jena.ontology.OntModel;
-
-import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
-
-/**
- * Should we allow the user to delete this DataPropertyStatement from this
- * model?
- */
-public class DropDataPropertyStatement extends
-		AbstractDataPropertyStatementAction {
-
-	public DropDataPropertyStatement(OntModel ontModel, String subjectUri,
-			String predicateUri, String dataValue) {
-		super(ontModel, subjectUri, predicateUri, dataValue);
-	}
-
-	public DropDataPropertyStatement(OntModel ontModel,
-			DataPropertyStatement dps) {
-		super(ontModel, dps);
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java
deleted file mode 100644
index 36549b8b8f..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java
+++ /dev/null
@@ -1,19 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
-
-import org.apache.jena.ontology.OntModel;
-
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * Should we allow the user to delete this ObjectPropertyStatement from this
- * model?
- */
-public class DropObjectPropertyStatement extends
-		AbstractObjectPropertyStatementAction {
-	public DropObjectPropertyStatement(OntModel ontModel, String sub,
-			Property pred, String obj) {
-		super(ontModel, sub, pred, obj);
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java
deleted file mode 100644
index 8fe4939d68..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java
+++ /dev/null
@@ -1,23 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
-
-import org.apache.jena.ontology.OntModel;
-
-import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
-
-/**
- * Should we allow the user to edit this DataPropertyStatement in this model?
- */
-public class EditDataPropertyStatement extends
-		AbstractDataPropertyStatementAction {
-	public EditDataPropertyStatement(OntModel ontModel, String subjectUri,
-			String predicateUri, String dataValue) {
-		super(ontModel, subjectUri, predicateUri, dataValue);
-	}
-
-	public EditDataPropertyStatement(OntModel ontModel,
-			DataPropertyStatement dps) {
-		super(ontModel, dps);
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java
deleted file mode 100644
index d85bfe7842..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java
+++ /dev/null
@@ -1,18 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
-
-import org.apache.jena.ontology.OntModel;
-
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * Should we allow the user to edit this ObjectPropertyStatement in this model?
- */
-public class EditObjectPropertyStatement extends
-		AbstractObjectPropertyStatementAction {
-	public EditObjectPropertyStatement(OntModel ontModel, String subjectUri,
-			Property keywordPred, String objectUri) {
-		super(ontModel, subjectUri, keywordPred, objectUri);
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishDataProperty.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishDataProperty.java
deleted file mode 100644
index e3d36a3e36..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishDataProperty.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
-
-/** Should we allow the user to publish this DataProperty in Linked Open Data? */
-public class PublishDataProperty extends RequestedAction {
-	private final DataProperty dataProperty;
-
-	public PublishDataProperty(DataProperty dataProperty) {
-		this.dataProperty = dataProperty;
-	}
-
-	public DataProperty getDataProperty() {
-		return dataProperty;
-	}
-
-	@Override
-	public String toString() {
-		return "PublishDataProperty[" + dataProperty + "]";
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishDataPropertyStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishDataPropertyStatement.java
deleted file mode 100644
index 03c019a80d..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishDataPropertyStatement.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish;
-
-import org.apache.jena.ontology.OntModel;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyStatementAction;
-import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
-
-/**
- * Should we publish this DataPropertyStatement in a Linked Open Data request
- * from the current user?
- */
-public class PublishDataPropertyStatement extends
-		AbstractDataPropertyStatementAction {
-	public PublishDataPropertyStatement(OntModel ontModel, String subjectUri,
-			String predicateUri, String dataValue) {
-		super(ontModel, subjectUri, predicateUri, dataValue);
-	}
-
-	public PublishDataPropertyStatement(OntModel ontModel,
-			DataPropertyStatement dps) {
-		super(ontModel, dps);
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishObjectProperty.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishObjectProperty.java
deleted file mode 100644
index 5120a04cf0..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishObjectProperty.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
-
-/** Should we allow the user to publish this ObjectProperty in Linked Open Data? */
-public class PublishObjectProperty extends RequestedAction {
-	private final ObjectProperty objectProperty;
-
-	public PublishObjectProperty(ObjectProperty objectProperty) {
-		this.objectProperty = objectProperty;
-	}
-
-	public ObjectProperty getObjectProperty() {
-		return objectProperty;
-	}
-
-	@Override
-	public String toString() {
-		return "PublishObjectProperty[" + objectProperty.getLocalName() + "]";
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishObjectPropertyStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishObjectPropertyStatement.java
deleted file mode 100644
index cf593284fa..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/publish/PublishObjectPropertyStatement.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish;
-
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_URI;
-
-import org.apache.jena.ontology.OntModel;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * Should we publish this ObjectPropertyStatement in a Linked Open Data request
- * from the current user?
- */
-
-public class PublishObjectPropertyStatement extends
-		AbstractObjectPropertyStatementAction {
-	public PublishObjectPropertyStatement(OntModel ontModel, String subjectUri,
-			Property keywordPred, String objectUri) {
-		super(ontModel, subjectUri, keywordPred, objectUri);
-	}
-
-	/**
-	 * We don't need to know range and domain because publishing never involves
-	 * faux properties.
-	 */
-	public PublishObjectPropertyStatement(OntModel ontModel,
-			String subjectUri,
-			String predicateUri, String objectUri) {
-		this(ontModel, subjectUri, populateProperty(predicateUri), objectUri);
-	}
-
-	private static Property populateProperty(String predicateUri) {
-		Property prop = new Property(predicateUri);
-		prop.setDomainVClassURI(SOME_URI);
-		prop.setRangeVClassURI(SOME_URI);
-		return prop;
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/resource/AbstractResourceAction.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/resource/AbstractResourceAction.java
deleted file mode 100644
index a3354af9d6..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/resource/AbstractResourceAction.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-
-/**
- * A common base class for resource-related actions.
- */
-public abstract class AbstractResourceAction extends RequestedAction {
-	private final String typeUri;
-	private final String subjectUri;
-
-	public AbstractResourceAction(String typeUri, String subjectUri) {
-		this.typeUri = typeUri;
-		this.subjectUri = subjectUri;
-	}
-
-	// This should return a list of type URIs since an Indiviudal can be
-	// multiple types.
-	public String getTypeUri() {
-		return typeUri;
-	}
-
-	public String getSubjectUri() {
-		return subjectUri;
-	}
-
-	@Override
-	public String toString() {
-		return this.getClass().getSimpleName() + " <" + subjectUri + ">";
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/resource/AddResource.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/resource/AddResource.java
deleted file mode 100644
index 6f748975b6..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/resource/AddResource.java
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource;
-
-/** Should we allow the user to add a Resource to the model? */
-public class AddResource extends AbstractResourceAction {
-
-	public AddResource(String typeUri, String subjectUri) {
-		super(typeUri, subjectUri);
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/resource/DropResource.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/resource/DropResource.java
deleted file mode 100644
index 7dadddc433..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/resource/DropResource.java
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource;
-
-/** Should we allow the user to delete a Resource from the model? */
-public class DropResource extends AbstractResourceAction {
-
-	public DropResource(String typeUri, String subjectUri) {
-		super(typeUri, subjectUri);
-	}
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/ManageRootAccount.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/ManageRootAccount.java
deleted file mode 100644
index f2603b34aa..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/ManageRootAccount.java
+++ /dev/null
@@ -1,12 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-
-/**
- * Should we allow the user to edit or delete the root account?
- */
-public class ManageRootAccount extends RequestedAction {
-	// no fields
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UsePagesRequestedAction.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UsePagesRequestedAction.java
deleted file mode 100644
index 7910825dd7..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UsePagesRequestedAction.java
+++ /dev/null
@@ -1,8 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
-
-/** Denotes a request to use a particular page or group of pages. */
-public interface UsePagesRequestedAction {
-	/** marker interface */
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
new file mode 100644
index 0000000000..caa191cf8f
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
@@ -0,0 +1,156 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.rules;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.commons.lang3.builder.EqualsBuilder;
+import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public abstract class AccessRule {
+    private static final Log log = LogFactory.getLog(AccessRule.class);
+    private AccessOperation operation = AccessOperation.ANY;
+    private AccessObjectType objectType = AccessObjectType.ANY;
+    private Set<Set<AccessRule>> ruleSets = new HashSet<>();
+    protected Map<String,Attribute> attributes = new HashMap<>();
+    private boolean allowMatched = true;
+    private String objectUri = "";
+    private String ruleUri;
+
+    public boolean isAllowMatched() {
+        return allowMatched;
+    }
+
+    public void setAllowMatched(boolean allowMatched) {
+        this.allowMatched = allowMatched;
+    }
+
+    public String getRuleUri() {
+        return ruleUri;
+    }
+
+    public void setRuleUri(String ruleUri) {
+        this.ruleUri = ruleUri;
+    }
+    
+    public void addToSet(Set<AccessRule> set) {
+        ruleSets.add(set);
+        set.add(this);
+    }
+    
+    public void removeFromSets() {
+        for (Set<AccessRule> set : ruleSets) {
+            set.remove(this);
+        }
+        ruleSets.clear();
+    }
+    
+	public Map<String, Attribute> getAttributes() {
+        return attributes;
+    }
+	
+	public boolean match(AuthorizationRequest ar) {
+	   for (Attribute a : attributes.values()) {
+	       if (!a.match(ar)) {
+	           return false;
+	       }
+	   }
+	   return true;
+	}
+
+    public String getObjectUri() {
+        return objectUri;
+    };
+
+    public void setObjectUri(String uri) {
+        this.objectUri = uri;
+    };
+	
+	public void addAttribute(Attribute attr) {
+	    if (attributes.containsKey(attr.getUri())) {
+	        log.error(String.format("attribute %s already exists in the rule",attr.getUri()));
+	    }
+	    attributes.put(attr.getUri(), attr);
+	    if (attr.getAttributeType().equals(AttributeType.OPERATION)) {
+	        operation = AccessOperation.valueOf(attr.getValues().iterator().next());
+	    }
+        if (attr.getAttributeType().equals(AttributeType.OBJECT_TYPE)) {
+            objectType = AccessObjectType.valueOf(attr.getValues().iterator().next());
+        }
+        if (attr.getAttributeType().equals(AttributeType.OBJECT_URI)) {
+            objectUri = attr.getValues().iterator().next();
+        }
+	}
+
+    public AccessOperation getOperation() {
+        return operation;
+    }
+
+    public void setObjectType(AccessObjectType objectType) {
+        this.objectType = objectType;
+    }
+    
+    public AccessObjectType getObjectType() {
+        return objectType;
+    }
+    
+    @Override
+    public boolean equals(Object object) {
+        if (!(object instanceof AccessRule)) {
+            return false;
+        }
+        if (object == this) {
+            return true;
+        }
+        AccessRule compared = (AccessRule) object;
+
+        return new EqualsBuilder()
+                .append(getRuleUri(), compared.getRuleUri())
+                .append(getObjectUri(), compared.getObjectUri())
+                .append(getAttributes(), compared.getAttributes())
+                .append(getOperation(), compared.getOperation())
+                .isEquals();
+    }
+    
+    @Override
+    public int hashCode() {
+        return new HashCodeBuilder(15, 101)
+                .append(getAttributes())
+                .append(getObjectUri())
+                .append(getRuleUri())
+                .append(getOperation())
+                .toHashCode();
+    }
+
+    public Set<String> getAttributeUris() {
+        return attributes.keySet();
+    }
+    
+    public boolean containsAttributeUri(String uri) {
+        return attributes.containsKey(uri);
+    }
+
+    protected Set<Attribute> getAttributesByType(AttributeType type){
+        return getAttributes().values().stream().filter(a -> a.getAttributeType().equals(type)).collect(Collectors.toSet());
+    }
+    
+    public long getAttributesCount() {
+        return attributes.size();
+    }
+    
+    public Attribute getAttribute(String uri) {
+        return attributes.get(uri);
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
new file mode 100644
index 0000000000..1893fe7bec
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
@@ -0,0 +1,30 @@
+package edu.cornell.mannlib.vitro.webapp.auth.rules;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.query.QuerySolution;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
+
+public class AccessRuleFactory {
+
+    private static final Log log = LogFactory.getLog(AccessRuleFactory.class);
+
+    public static AccessRule createRule(QuerySolution qs) {
+        AccessRule ar = new SimpleAccessRule();
+        String ruleUri = qs.getResource(AccessRuleStore.RULE).getURI();
+        if (qs.contains("dataSetUri")) {
+            ruleUri += "." + qs.getResource("dataSetUri").getURI();    
+        }
+
+        ar.setRuleUri(ruleUri);
+        ar.addAttribute(AttributeFactory.createAttribute(qs));
+        if (qs.contains("decision_id") && qs.get("decision_id").isLiteral()) {
+            String decisionId = qs.getLiteral("decision_id").getString();
+            if (decisionId.equals("DENY")) {
+                ar.setAllowMatched(false);
+            }
+        }
+        return ar;
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStore.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStore.java
new file mode 100644
index 0000000000..23b801374f
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStore.java
@@ -0,0 +1,694 @@
+package edu.cornell.mannlib.vitro.webapp.auth.rules;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.query.ParameterizedSparqlString;
+import org.apache.jena.query.Query;
+import org.apache.jena.query.QueryExecution;
+import org.apache.jena.query.QueryExecutionFactory;
+import org.apache.jena.query.QueryFactory;
+import org.apache.jena.query.QuerySolution;
+import org.apache.jena.query.ResultSet;
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.ModelFactory;
+import org.apache.jena.rdf.model.RDFNode;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.TestType;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObjectImpl;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.dao.jena.event.BulkUpdateEvent;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.ChangeSet;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService.ModelSerializationFormat;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFServiceException;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
+
+public class AccessRuleStore {
+    private static final String NO_URI_VALUE = "";
+    public static final String ATTR_VALUE = "value";
+    public static final String LITERAL_VALUE = "lit_value";
+    public static final String TYPE_ID = "typeId";
+    public static final String TEST_ID = "testId";
+    public static final String ID = "id";
+    public static final String URI = "uri";
+    public static final String OBJECT_TYPE_ID = "objectTypeId";
+    public static final String OBJECT_URI = "objectUri";
+    public static final String OPERATION_ID = "operationId";
+    public static final String ATTRIBUTE = "attribute";
+    public static final String RULE = "rule";
+    
+    private static final String RULES_QUERY =
+            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+          + "SELECT ?" + RULE + " ?" + ATTRIBUTE + " ?" + TEST_ID + " ?" + TYPE_ID + " ?" + ATTR_VALUE + " ?" + LITERAL_VALUE + " \n"
+          + "WHERE {\n"
+          + "?" + RULE + " rdf:type ao:Rule .\n"
+          + "?" + RULE + " ao:attribute ?" + ATTRIBUTE + " .\n"
+          + "?" + ATTRIBUTE + " ao:test ?test .\n"
+          + "?test ao:id ?" + TEST_ID + " .\n"
+          + "?" + ATTRIBUTE + " ao:type ?type .\n"
+          + "?type ao:id ?" + TYPE_ID + " .\n"
+          + "?" + ATTRIBUTE + " ao:value ?" + ATTR_VALUE + " .\n"
+          + "OPTIONAL {?" + ATTR_VALUE + " ao:id ?" + LITERAL_VALUE + " . }\n"
+          + "} ORDER BY ?rule ?attribute";
+    
+    private static final String RULE_QUERY =
+            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+          + "SELECT ?" + RULE + " ?" + ATTRIBUTE + " ?" + TEST_ID + " ?" + TYPE_ID + " ?" + ATTR_VALUE + " ?" + LITERAL_VALUE + " \n"
+          + "WHERE {\n"
+          + "?" + RULE + " rdf:type ao:Rule .\n"
+          + "?" + RULE + " ao:attribute ?" + ATTRIBUTE + " .\n"
+          + "?" + ATTRIBUTE + " ao:test ?test .\n"
+          + "?test ao:id ?" + TEST_ID + " .\n"
+          + "?" + ATTRIBUTE + " ao:type ?type .\n"
+          + "?type ao:id ?" + TYPE_ID + " .\n"
+          + "?" + ATTRIBUTE + " ao:value ?" + ATTR_VALUE + " .\n"
+          + "OPTIONAL {?" + ATTR_VALUE + " ao:id ?" + LITERAL_VALUE + " . }\n"
+          + "FILTER (?" + RULE + " = IRI(?rule_filter) )\n"
+          + "} ORDER BY ?rule ?attribute";
+
+    private static final String DELETE_QUERY = 
+              "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "CONSTRUCT { \n"
+            + "  ?" + RULE + " rdf:type ao:Rule .\n"
+            + "  ?" + RULE + " ao:attribute ?" + ATTRIBUTE + " .\n"
+            + "  ?" + ATTRIBUTE + " rdf:type ?rdfType . \n" 
+            + "  ?" + ATTRIBUTE + " ao:test ?test .\n"
+            + "  ?" + ATTRIBUTE + " ao:type ?type .\n"
+            + "  ?" + ATTRIBUTE + " ao:value ?" + ATTR_VALUE + " .\n"
+            + "  ?" + ATTR_VALUE + " ao:id ?" + LITERAL_VALUE + " . \n"
+            + "}"
+            + "WHERE {\n"
+            + "  ?" + RULE + " rdf:type ao:Rule .\n"
+            + "  ?" + RULE + " ao:attribute ?" + ATTRIBUTE + " .\n"
+            + "  OPTIONAL {\n"
+            + "    FILTER NOT EXISTS {"
+            + "      ?rule2  ao:attribute ?" + ATTRIBUTE + " .\n"
+            + "      FILTER (?" + RULE + " != ?rule2)"
+            + "    }"
+            + "    ?" + ATTRIBUTE + " rdf:type ?rdfType . \n" 
+            + "    ?" + ATTRIBUTE + " ao:test ?test . \n"
+            + "    ?" + ATTRIBUTE + " ao:type ?type . \n"
+            + "    ?" + ATTRIBUTE + " ao:value ?" + ATTR_VALUE + " .\n"
+            + "  }"
+            + "}";
+    
+    private static final String getAttributeUriQuery(boolean hasLiteralValue) {
+            return
+            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+          + "SELECT ?" + ATTRIBUTE + " \n"
+          + "WHERE {\n"
+          + "?" + ATTRIBUTE + " rdf:type ao:Attribute .\n"
+          + "?" + ATTRIBUTE + " ao:test ?test .\n"
+          + "?test ao:id ?" + TEST_ID + " .\n"
+          + "?" + ATTRIBUTE + " ao:type ?type .\n"
+          + "?type ao:id ?" + TYPE_ID + " .\n"
+          + "?" + ATTRIBUTE + " ao:value ?" + ATTR_VALUE + " .\n"
+          + (hasLiteralValue ? "?" + ATTR_VALUE + " ao:id ?" + LITERAL_VALUE + " . \n" : NO_URI_VALUE)
+          + "}";
+    }
+    
+    private static final String URI_BY_ID_QUERY = NO_URI_VALUE
+          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+          + "SELECT ?" + URI + " \n"
+          + "WHERE {\n"
+          + "?" + URI + " ao:id ?" + ID + " .\n"
+          + "}";
+    
+    private static final Log log = LogFactory.getLog(AccessRuleStore.class);
+    
+    
+    private static AccessRuleStore INSTANCE;
+
+    public static AccessRuleStore getInstance() {
+        return INSTANCE;
+    }
+
+    private Set<AccessRule> allRules = Collections.synchronizedSet(new HashSet<>());
+    private Map<AccessOperation,Set<AccessRule>> ruleSetsByOperation;
+    private Map<AccessObjectType,Set<AccessRule>> ruleSetsByObjectType;
+    private Map<String,Set<AccessRule>> ruleSetsByObjectUri;
+    
+    private Model userAccountsModel;
+    private Model getUserAccountsModel() {
+        return userAccountsModel;
+    }
+
+    private RDFService rdfService;
+    
+    
+    private AccessRuleStore(Model model){
+        if (model != null) {
+            this.userAccountsModel = model;
+        } else {
+            this.userAccountsModel = ModelAccess.getInstance().getOntModelSelector().getUserAccountsModel();
+            //this.rdfService = ModelAccess.getInstance().getRDFService(WhichService.CONFIGURATION);
+        }
+        this.rdfService = new RDFServiceModel(userAccountsModel);
+        initilizeRuleSetsByOperation();
+        initilizeRuleSetsByObjectType();
+        initilizeRuleSetsByObjectUri();
+        loadRules();
+    }
+
+    private void initilizeRuleSetsByObjectUri() {
+        ruleSetsByObjectUri = Collections.synchronizedMap(new HashMap<>());
+        Set<AccessRule> set = Collections.synchronizedSet(new HashSet<>());
+        ruleSetsByObjectUri.put(NO_URI_VALUE, set);
+    }
+    
+    private void initilizeRuleSetsByObjectType() {
+        ruleSetsByObjectType = Collections.synchronizedMap(new HashMap<>());
+        for (AccessObjectType aot : AccessObjectType.values()) {
+            Set<AccessRule> set = Collections.synchronizedSet(new HashSet<>());
+            ruleSetsByObjectType.put(aot, set);
+        }        
+    }
+
+    private void initilizeRuleSetsByOperation() {
+        ruleSetsByOperation = Collections.synchronizedMap(new HashMap<>());
+        for (AccessOperation ao : AccessOperation.values()) {
+            Set<AccessRule> set = Collections.synchronizedSet(new HashSet<>());
+            ruleSetsByOperation.put(ao, set);
+        }
+    }
+
+    public static void initialize(Model model) {
+        INSTANCE = new AccessRuleStore(model);
+    }
+
+    private void loadRules() {
+        loadRulesFromModel(RULES_QUERY);
+    }
+    
+    private void loadRule(String uri) {
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(RULE_QUERY);
+        pss.setLiteral("rule_filter", uri);
+        loadRulesFromModel(pss.toString());
+    }
+
+    private void loadRulesFromModel(String sparqlQuery) {
+        debug("SPARQL Query to get rule from the model:\n %s", sparqlQuery);
+        Query query = QueryFactory.create(sparqlQuery);
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        try {
+            ResultSet rs = qexec.execSelect();
+            AccessRule rule = null;
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                if (isInvalidRulesData(qs)) {
+                    return;
+                }
+                if (isRuleContinues(rule, qs)){
+                    populateRule(rule, qs);
+                } else {
+                    if (rule != null) {
+                        addRule(rule);    
+                    }
+                    rule = AccessRuleFactory.createRule(qs);
+                }
+            }
+            if (rule != null) {
+                addRule(rule);    
+            } {
+                debug("Rule wasn't loaded from the user accounts model.");
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        } finally {
+            qexec.close();
+        }
+    }
+    
+    private String getAttributeUri(String testId, String typeId, String value, boolean valueIsLiteral) throws Exception {
+        String uri = getAttributeUriFromModel(testId, typeId, value, valueIsLiteral);
+        if (StringUtils.isBlank(uri)) {
+            uri = createNewAttribute(testId, typeId, value);
+        } 
+        return uri;
+    }
+
+    private String createNewAttribute(String testId, String typeId, String value) throws Exception {
+        final String attributeUri = generateAttributeUri(testId, typeId);
+        String ttl = NO_URI_VALUE
+                + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
+                + "@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .\n"
+                + "@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .\n"
+                + "<" + attributeUri + "> rdf:type ao:Attribute . \n"
+                + "<" + attributeUri + "> ao:test <" + getUriById(testId) + "> .\n"
+                + "<" + attributeUri + "> ao:type <" + getUriById(typeId) + "> .\n"
+                + NO_URI_VALUE;
+        if (AttributeType.OBJECT_URI.toString().equals(typeId) || 
+            AttributeType.SUBJECT_ROLE_URI.toString().equals(typeId)) {
+            ttl += "<" + attributeUri + "> ao:value <" + value + "> . \n";
+        } else {
+            System.out.println(typeId);
+            ttl += "<" + attributeUri + "> ao:value <" + getUriById(value) + "> . \n";
+        }
+        try {
+            Model attributeData = ModelFactory.createDefaultModel();
+            attributeData.read(IOUtils.toInputStream(ttl, "UTF-8"), null, "TTL");
+            updateUserAccountsModel(attributeData, false);
+        } catch (IOException e) {
+            log.error(e, e);
+        }
+        return attributeUri;
+    }
+    
+    private String getUriById(String id) throws Exception {
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(URI_BY_ID_QUERY);
+        pss.setLiteral(ID, id);    
+        Query query = QueryFactory.create(pss.toString());
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        try {
+            ResultSet rs = qexec.execSelect();
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                RDFNode uri = qs.get(URI);
+                if (uri.isResource()) {
+                    return uri.asResource().toString();
+                }
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        } finally {
+            qexec.close();
+        }
+        throw new Exception(String.format("Uri by id '%s' not found.", id ));
+    }
+
+    private String generateUUID() {
+        return UUID.randomUUID().toString();
+    }
+
+    protected String getAttributeUriFromModel(String testId, String typeId, String value, boolean valueIsLiteral) {
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(getAttributeUriQuery(valueIsLiteral));
+        if (testId != null) {
+            pss.setLiteral(TEST_ID,testId);    
+        }
+        if (typeId != null) {
+            pss.setLiteral(TYPE_ID, typeId);    
+        }
+        if (value != null) {
+            if (valueIsLiteral) {
+                pss.setLiteral(LITERAL_VALUE, value);    
+            } else {
+                pss.setIri(ATTR_VALUE, value);    
+            }
+        }
+        Query query = QueryFactory.create(pss.toString());
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        try {
+            ResultSet rs = qexec.execSelect();
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                RDFNode uri = qs.get(ATTRIBUTE);
+                if (uri.isResource()) {
+                    return uri.asResource().toString();
+                }
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        } finally {
+            qexec.close();
+        }
+        return NO_URI_VALUE;
+    }
+    
+    private void removeRuleFromModel(String ruleUri) {
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(DELETE_QUERY);
+        pss.setIri(RULE, ruleUri);
+        Query query = QueryFactory.create(pss.toString());
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        Model ruleData = null;
+        try {
+              ruleData = qexec.execConstruct();
+        } catch (Exception e) {
+            log.error(e, e);
+        } finally {
+            qexec.close();
+        }
+        if (ruleData != null) {
+            updateUserAccountsModel(ruleData, true);
+        }
+    }
+    
+    private void updateUserAccountsModel(Model ruleData, boolean isRemove) {
+        try {
+            ChangeSet changeSet = makeChangeSet();
+            ByteArrayOutputStream baos = new ByteArrayOutputStream();
+            ruleData.write(baos, "TTL");
+            InputStream in = new ByteArrayInputStream(baos.toByteArray());
+            debug(modelToString(ruleData, isRemove));
+            if (isRemove) {
+                changeSet.addRemoval(in, ModelSerializationFormat.N3, ModelNames.USER_ACCOUNTS);  
+            } else {
+                changeSet.addAddition(in, ModelSerializationFormat.N3, ModelNames.USER_ACCOUNTS);    
+            }
+            rdfService.changeSetUpdate(changeSet);
+        } catch (RDFServiceException e) {
+            String message = modelToString(ruleData, isRemove);
+            log.error(message);
+            log.error(e,e);
+        }
+    }
+
+    private String modelToString(Model ruleData, boolean isRemove) {
+        StringWriter sw = new StringWriter();
+        ruleData.write(sw, "TTL");
+        String message = (isRemove ? "Removing from" : "Adding to") + " user accounts model \n" + sw.toString();
+        return message;
+    }
+
+    private void addRule(AccessRule rule) {
+        rule.addToSet(allRules);
+        addRuleToOperationSets(rule);
+        addRuleToObjectTypeSets(rule);
+        addRuleToObjectUriSets(rule);
+        debug("Added rule %s with %s attributes to store sets ", rule.getRuleUri(), rule.attributes.size());
+    }
+
+    private synchronized void addRuleToObjectUriSets(AccessRule rule) {
+        String uri = rule.getObjectUri();
+        Set<AccessRule> set;
+        if (ruleSetsByObjectUri.containsKey(uri)) {
+            set = ruleSetsByObjectUri.get(uri);
+        } else {
+            set = Collections.synchronizedSet(new HashSet<>());
+            ruleSetsByObjectUri.put(uri, set);
+        }
+        rule.addToSet(set);
+    }
+
+    private void addRuleToObjectTypeSets(AccessRule rule) {
+        AccessObjectType aot = rule.getObjectType();
+        Set<AccessRule> set = ruleSetsByObjectType.get(aot);
+        rule.addToSet(set);
+    }
+
+    private void addRuleToOperationSets(AccessRule rule) {
+        AccessOperation operation = rule.getOperation();
+        Set<AccessRule> set = ruleSetsByOperation.get(operation);
+        rule.addToSet(set);
+    }
+
+    private static void populateRule(AccessRule ar, QuerySolution qs) {
+        if (ar == null) {
+            return;
+        }
+        String attributeUri = qs.getResource(ATTRIBUTE).getURI();
+        if (ar.getAttributeUris().contains(attributeUri)) {
+            log.error("Attribute has already been processed. Shouldn't be here.");
+            return;
+        }
+        try {
+            ar.addAttribute(AttributeFactory.createAttribute(qs));
+        } catch (Exception e) {
+            log.error(e, e);
+        }
+    }
+
+    private static boolean isRuleContinues(AccessRule rule, QuerySolution qs) {
+        if (rule == null) {
+            return false;
+        }
+        return rule.getRuleUri().equals(qs.getResource(RULE).getURI());
+    }
+
+    private static boolean isInvalidRulesData(QuerySolution qs) {
+        if (!qs.contains(RULE) || !qs.get(RULE).isResource()) {
+            log.error("Rules data doesn't contain rule resource");
+            return true;
+        }
+        if (!qs.contains(ATTRIBUTE) || !qs.get(ATTRIBUTE).isResource()) {
+            log.error("Rules data doesn't contain attribute resource");
+            return true;
+        }
+        return false;
+    }
+
+    public Set<AccessRule> getFilteredRules(AuthorizationRequest ar) {
+        Set<Set<AccessRule>> ruleSets = new HashSet<>();
+        getFilteredByOperation(ar.getAccessOperation(), ruleSets);
+        AccessObject accessObject = ar.getAccessObject();
+        if (accessObject != null) {
+            getFilteredByObjectType(accessObject.getType(), ruleSets);
+            getFilteredByObjectUri(accessObject.getUri(), ruleSets);
+        }
+        return getIntersection(ruleSets);
+    }
+
+
+    private Set<AccessRule> getGrantedRoleRulesForEntityUri(String entityURI, AccessOperation operation) {
+        Set<Set<AccessRule>> ruleSets = new HashSet<>();
+        Set<AccessRule> filteredByObjectUri = ruleSetsByObjectUri.get(entityURI);
+        if (filteredByObjectUri == null) {
+            filteredByObjectUri = new HashSet<>();
+        }
+        filteredByObjectUri.addAll(ruleSetsByObjectUri.get(NO_URI_VALUE));
+        ruleSets.add(filteredByObjectUri); 
+        
+        Set<AccessRule> filteredByOperation = ruleSetsByOperation.get(operation);
+        if (filteredByOperation == null) {
+            filteredByOperation = new HashSet<>();
+        }
+        filteredByObjectUri.addAll(ruleSetsByOperation.get(AccessOperation.ANY));
+        ruleSets.add(filteredByOperation);
+
+        Set<AccessRule> ruleset = getIntersection(ruleSets);
+        return ruleset;
+    }
+    
+    private void getFilteredByObjectUri(String uri, Set<Set<AccessRule>> ruleSets) {
+        if (uri == null) {
+            return;
+        }
+        Set<AccessRule> filteredByObjectUri = ruleSetsByObjectUri.get(uri);
+        if (filteredByObjectUri != null) {
+            ruleSets.add(filteredByObjectUri);
+        }
+    }
+
+    private void getFilteredByObjectType(AccessObjectType aot, Set<Set<AccessRule>> ruleSets) {
+        if (aot == AccessObjectType.ANY) {
+            return;
+        }
+        Set<AccessRule> filteredByObjectType = ruleSetsByObjectType.get(aot);
+        if (filteredByObjectType != null) {
+            ruleSets.add(filteredByObjectType);
+        }
+    }
+
+    private void getFilteredByOperation(AccessOperation aop, Set<Set<AccessRule>> ruleSets) {
+        if (aop == null) {
+            log.error("Access operation is null in request " + aop);
+            return;
+        }
+        Set<AccessRule> filteredByOperation = ruleSetsByOperation.get(aop);
+        if (filteredByOperation != null) {
+            ruleSets.add(filteredByOperation);
+        }
+    }
+
+    private Set<AccessRule> getIntersection(Set<Set<AccessRule>> ruleSets) {
+        if (ruleSets.isEmpty()) {
+            return Collections.emptySet();
+        }
+        Set<AccessRule> intersection = new HashSet<>(findMinimalSet(ruleSets));
+        if (intersection.isEmpty()) {
+            return intersection;
+        }
+        for (Set<AccessRule> set : ruleSets) {
+            intersection.retainAll(set);
+            if (intersection.isEmpty()) {
+                return intersection;
+            }
+        }
+        return intersection;
+    }
+
+    private Set<AccessRule> findMinimalSet(Set<Set<AccessRule>> ruleSets) {
+        Set<AccessRule> min = ruleSets.iterator().next();
+        for (Set<AccessRule> set : ruleSets) {
+            if (set.size() < min.size()) {
+                min = set;
+            }
+        }
+        return min;
+    }
+
+    public void updateEntityRules(String entityUri, AccessObjectType aot, AccessOperation operation, Set<String> newRoleUris) {
+        debug("Update entity rules uri: %s object type %s operation %s roleUris %s", entityUri, aot, operation, newRoleUris);
+        Set<String> currentRoleUris = new HashSet<>(getGrantedRoleUris(entityUri, operation));
+        //remove already existing roles, now list contains roles to allow access.
+        Set<String> roleUrisToCreate = new HashSet<String>(newRoleUris);
+        roleUrisToCreate.removeAll(currentRoleUris);
+        debug("Going to create rules for objectUri: %s objectType: %s operation %s roles %s", entityUri, aot, operation, roleUrisToCreate);
+        for (String roleUri : roleUrisToCreate) {
+            createEntityRule(entityUri, aot, operation, roleUri);
+        }
+        Set<String> rolesUrisToRemove = new HashSet<String>(currentRoleUris);
+        rolesUrisToRemove.removeAll(newRoleUris);
+        debug("Going to remove rules for objectUri: %s objectType: %s operation %s roles %s", entityUri, aot, operation, rolesUrisToRemove);
+        for (String roleUri : rolesUrisToRemove) {
+            removeEntityRule(entityUri, aot, operation, roleUri);
+        }
+    }
+    
+    protected void removeEntityRule(String entityUri, AccessObjectType aot, AccessOperation operation, String roleUri) {
+        AccessObjectImpl ao = new AccessObjectImpl(entityUri, aot);
+        AuthorizationRequest ar = new SimpleAuthorizationRequest(ao, operation);
+        ar.setRoleUris(Collections.singletonList(roleUri));
+        Set<AccessRule> rules = getFilteredRules(ar);
+        for (AccessRule rule : rules) {
+            //Check number of attributes to avoid removing custom rules
+            if (rule.match(ar) && rule.getAttributesCount() == 4) {
+                rule.removeFromSets();
+                removeRuleFromModel(rule.getRuleUri());
+                debug("Removed rule for objectUri: %s objectType: %s operation %s role %s", entityUri, aot, operation, roleUri);
+            }
+            
+        }
+    }
+
+    protected void createEntityRule(String objectUri, AccessObjectType aot, AccessOperation operation, String roleUri) {
+        //create 4 attribute uris or get uris 
+        String equals = TestType.EQUALS.toString();
+        String ruleUri = generateRuleUri();
+        try {
+            String subjectRoleAtt = getAttributeUri(equals, AttributeType.SUBJECT_ROLE_URI.toString(), roleUri, false);
+            String operationAtt = getAttributeUri(equals, AttributeType.OPERATION.toString(), operation.toString(), true);
+            String objectUriAtt = getAttributeUri(equals,  AttributeType.OBJECT_URI.toString(), objectUri, true);
+            String objectTypeAtt = getAttributeUri(equals, AttributeType.OBJECT_TYPE.toString(), aot.toString(), true);
+            String ttl = generateEntityRuleData(ruleUri, subjectRoleAtt, operationAtt, objectUriAtt, objectTypeAtt);
+            debug("Going to load new rule for objectUri: %s objectType: %s operation %s role. TTL: %s \n %s", objectUri, aot, operation, roleUri, ttl);
+            Model ruleData = ModelFactory.createDefaultModel();
+            ruleData.read(IOUtils.toInputStream(ttl, "UTF-8"), null, "TTL");
+            updateUserAccountsModel(ruleData, false);
+            loadRule(ruleUri);
+        } catch (Exception e) {
+            log.error(e, e);
+        }
+    }
+
+    private String generateRuleUri() {
+        return "https://vivoweb.org/ontology/vitro-application/auth/individual/rule/" + generateUUID();
+    }
+    
+    private String generateAttributeUri(String testId, String typeId) {
+        return "https://vivoweb.org/ontology/vitro-application/auth/individual/attribute/"+ typeId + "/" + testId + "/" + generateUUID();
+    }
+
+    private String generateEntityRuleData(String ruleUri, String subjectRoleAttribute, String operationAttribute,
+            String objectUriAttribute, String objectTypeAttribute) {
+        String ttl = NO_URI_VALUE
+                + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
+                + "@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .\n"
+                + "@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .\n"
+                + "<" + ruleUri + "> rdf:type ao:Rule . \n"
+                + "<" + ruleUri + "> ao:attribute <" + subjectRoleAttribute + "> .\n"
+                + "<" + ruleUri + "> ao:attribute <" + operationAttribute + "> .\n"
+                + "<" + ruleUri + "> ao:attribute <" + objectUriAttribute + "> .\n"
+                + "<" + ruleUri + "> ao:attribute <" + objectTypeAttribute + "> .";
+        return ttl;
+    }
+
+    public List<String> getGrantedRoleUris(String entityUri, AccessOperation operation) {
+        if (StringUtils.isBlank(entityUri)) {
+            return Collections.emptyList();
+        }
+        Set<AccessRule> rulesWithGrantedRoles = getGrantedRoleRulesForEntityUri(entityUri, operation);
+        List<String> grantedUrisFromRules = getGrantedUrisFromRules(rulesWithGrantedRoles);
+        debug("Execute action %s on entity with uri %s found to be allowed to %s", entityUri, operation, grantedUrisFromRules);
+        return grantedUrisFromRules;
+    }
+
+
+    private void debug(String template, Object... objects) {
+        if (true) {
+            log.error(String.format(template, objects ));
+        }
+    }
+
+    private List<String> getGrantedUrisFromRules(Set<AccessRule> ruleset) {
+        List<String> roleUris = Collections.emptyList();
+        for (AccessRule ar : ruleset) {
+            Set<Attribute> atts = ar.getAttributesByType(AttributeType.SUBJECT_ROLE_URI);
+            if (!atts.isEmpty()) {
+                String uri = atts.iterator().next().getValues().iterator().next();
+                if (uri != null) {
+                    if(roleUris.isEmpty()) {
+                        roleUris = new LinkedList<>();
+                    }
+                    roleUris.add(uri);
+                }
+            }
+        }
+        return roleUris;
+    }
+
+    
+    public long getRulesCount() {
+        return allRules.size();
+    }
+    
+    public long getModelSize() {
+        return getUserAccountsModel().size();
+    }
+    
+    private ChangeSet makeChangeSet() {
+        ChangeSet cs = rdfService.manufactureChangeSet();
+        cs.addPreChangeEvent(new BulkUpdateEvent(null, true));
+        cs.addPostChangeEvent(new BulkUpdateEvent(null, false));
+        return cs;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/SimpleAccessRule.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/SimpleAccessRule.java
new file mode 100644
index 0000000000..c0ad23f594
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/SimpleAccessRule.java
@@ -0,0 +1,10 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.rules;
+
+/**
+ * A class of simple access rules.
+ */
+public class SimpleAccessRule extends AccessRule {
+    
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/BaseResourceBean.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/BaseResourceBean.java
index 9633414c3a..802a206cfb 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/BaseResourceBean.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/BaseResourceBean.java
@@ -2,18 +2,12 @@
 
 package edu.cornell.mannlib.vitro.webapp.beans;
 
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.apache.jena.rdf.model.Resource;
 import org.apache.jena.rdf.model.ResourceFactory;
 
-import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionSets;
 import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 
 public class BaseResourceBean implements ResourceBean {
@@ -25,94 +19,6 @@ public class BaseResourceBean implements ResourceBean {
     protected String localNameWithPrefix = null;
     protected String pickListName = null;
 
-    protected RoleLevel hiddenFromDisplayBelowRoleLevel = null;
-    protected RoleLevel prohibitedFromUpdateBelowRoleLevel = null;
-    protected RoleLevel hiddenFromPublishBelowRoleLevel = null;
-
-	public enum RoleLevel {
-		PUBLIC("http://vitro.mannlib.cornell.edu/ns/vitro/role#public",
-				"all users, including public", "all users who can log in",
-				"public"),
-
-		SELF("http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor",
-				"self-editor and above", "self-editor and above", "self"),
-
-		EDITOR("http://vitro.mannlib.cornell.edu/ns/vitro/role#editor",
-				"editor and above", "editor and above", "editor"),
-
-		CURATOR("http://vitro.mannlib.cornell.edu/ns/vitro/role#curator",
-				"curator and above", "curator and above", "curator"),
-
-		DB_ADMIN("http://vitro.mannlib.cornell.edu/ns/vitro/role#dbAdmin",
-				"site admin and root user", "site admin and root user",
-				"siteAdmin"),
-
-		NOBODY("http://vitro.mannlib.cornell.edu/ns/vitro/role#nobody",
-				"root user", "root user", "root");
-
-		private final String uri;
-		private final String displayLabel;
-		private final String updateLabel;
-		private final String shorthand;
-
-		private RoleLevel(String uri, String displayLabel, String updateLabel,
-				String shorthand) {
-			this.uri = uri;
-			this.displayLabel = displayLabel;
-			this.updateLabel = updateLabel;
-			this.shorthand = shorthand;
-		}
-
-		public String getURI() {
-			return uri;
-		}
-
-		public String getDisplayLabel() {
-			return displayLabel;
-		}
-
-		public String getUpdateLabel() {
-			return updateLabel;
-		}
-
-		public String getShorthand() {
-			return shorthand;
-		}
-
-		// Never returns null.
-		public static RoleLevel getRoleByUri(String uri2) {
-			if (uri2 == null)
-				return RoleLevel.values()[0];
-
-			for (RoleLevel role : RoleLevel.values()) {
-				if (role.uri.equals(uri2))
-					return role;
-			}
-			return RoleLevel.values()[0];
-		}
-
-		public static RoleLevel getRoleFromLoginStatus(HttpServletRequest req) {
-			UserAccount u = LoginStatusBean.getCurrentUser(req);
-			if (u == null) {
-				return PUBLIC;
-			}
-
-			Set<String> roles = u.getPermissionSetUris();
-			if (roles.contains(PermissionSets.URI_DBA)) {
-				return DB_ADMIN;
-			} else if (roles.contains(PermissionSets.URI_CURATOR)) {
-				return CURATOR;
-			} else if (roles.contains(PermissionSets.URI_EDITOR)) {
-				return EDITOR;
-			} else if (roles.contains(PermissionSets.URI_SELF_EDITOR)) {
-				return SELF;
-			} else {
-				// Logged in but with no recognized role? Make them SELF
-				return SELF;
-			}
-		}
-	}
-
 	public BaseResourceBean() {
 	    // default constructor
 	}
@@ -203,51 +109,6 @@ public void setPickListName(String pickListName) {
         this.pickListName = pickListName;
     }
 
-    @Override
-	public RoleLevel getHiddenFromDisplayBelowRoleLevel() {
-        return hiddenFromDisplayBelowRoleLevel;
-    }
-
-    @Override
-	public void setHiddenFromDisplayBelowRoleLevel(RoleLevel level) {
-        hiddenFromDisplayBelowRoleLevel = level;
-    }
-
-    @Override
-	public void setHiddenFromDisplayBelowRoleLevelUsingRoleUri(String roleUri) {
-        hiddenFromDisplayBelowRoleLevel = RoleLevel.getRoleByUri(roleUri);
-    }
-
-    @Override
-	public RoleLevel getProhibitedFromUpdateBelowRoleLevel() {
-        return prohibitedFromUpdateBelowRoleLevel;
-    }
-
-    @Override
-	public void setProhibitedFromUpdateBelowRoleLevel(RoleLevel level) {
-        prohibitedFromUpdateBelowRoleLevel = level;
-    }
-
-    @Override
-	public void setProhibitedFromUpdateBelowRoleLevelUsingRoleUri(String roleUri) {
-        prohibitedFromUpdateBelowRoleLevel = RoleLevel.getRoleByUri(roleUri);
-    }
-
-	@Override
-	public RoleLevel getHiddenFromPublishBelowRoleLevel() {
-        return hiddenFromPublishBelowRoleLevel;
-	}
-
-    @Override
-	public void setHiddenFromPublishBelowRoleLevel(RoleLevel level) {
-        hiddenFromPublishBelowRoleLevel = level;
-    }
-
-    @Override
-	public void setHiddenFromPublishBelowRoleLevelUsingRoleUri(String roleUri) {
-    	hiddenFromPublishBelowRoleLevel = BaseResourceBean.RoleLevel.getRoleByUri(roleUri);
-    }
-
 	@Override
 	public boolean equals(Object obj) {
 		if(obj == null )
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/DataProperty.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/DataProperty.java
index 05bc0396ac..4a39698beb 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/DataProperty.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/DataProperty.java
@@ -6,15 +6,13 @@
 import java.util.List;
 import java.util.LinkedList;
 
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.RoleRestrictedProperty;
-
 /**
  * class representing a property that relates an entity (object)
  * to a data literal
  * @author bjl23
  *
  */
-public class DataProperty extends Property implements Comparable<DataProperty>, ResourceBean, RoleRestrictedProperty {
+public class DataProperty extends Property implements Comparable<DataProperty>, ResourceBean {
 
     private String name = null;
     private String publicName = null;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/FauxProperty.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/FauxProperty.java
index cebc1d68b5..baa76aab5e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/FauxProperty.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/FauxProperty.java
@@ -8,14 +8,11 @@
 
 import org.apache.commons.lang3.StringUtils;
 
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.RoleRestrictedProperty;
-
 /**
  * Represents a specialization on an ObjectProperty, only meaningful for
  * display.
  */
-public class FauxProperty extends BaseResourceBean implements ResourceBean,
-		RoleRestrictedProperty {
+public class FauxProperty extends Property implements ResourceBean {
 	// Must be null on insert. Must not be null on update. Ignored on delete.
 	private String contextUri;
 	// Must be null on insert. Must not be null on update. Ignored on delete.
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/ObjectProperty.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/ObjectProperty.java
index 87cf27dfb4..b409494574 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/ObjectProperty.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/ObjectProperty.java
@@ -16,13 +16,11 @@
 
 import org.apache.jena.datatypes.xsd.XSDDatatype;
 
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.RoleRestrictedProperty;
-
 /**
  * a class representing an object property
  *
  */
-public class ObjectProperty extends Property implements Comparable<ObjectProperty>, ResourceBean, Cloneable, RoleRestrictedProperty
+public class ObjectProperty extends Property implements Comparable<ObjectProperty>, ResourceBean, Cloneable
 {
 	private static final Log log = LogFactory.getLog(ObjectProperty.class.getName());
 
@@ -631,8 +629,6 @@ public ObjectProperty clone()
         clone.setExample(this.getExample());
         clone.setFunctional(this.getFunctional());
         clone.setGroupURI(this.getGroupURI());
-        clone.setHiddenFromDisplayBelowRoleLevel(this.getHiddenFromDisplayBelowRoleLevel());
-        clone.setHiddenFromPublishBelowRoleLevel(this.getHiddenFromPublishBelowRoleLevel());
         clone.setInverseFunctional(this.getInverseFunctional());
         clone.setLabel(this.getLabel());
         clone.setLocalName(this.getLocalName());
@@ -644,7 +640,6 @@ public ObjectProperty clone()
         clone.setOfferCreateNewOption(this.getOfferCreateNewOption());
         clone.setParentURI(this.getParentURI());
         clone.setPickListName(this.getPickListName());
-        clone.setProhibitedFromUpdateBelowRoleLevel(this.getProhibitedFromUpdateBelowRoleLevel());
         clone.setPublicDescription(this.getPublicDescription());
         clone.setRangeDisplayLimit(this.getRangeDisplayLimit());
         clone.setRangeDisplayTier(this.getRangeDisplayTier());
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/ResourceBean.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/ResourceBean.java
index 1e8a2cdfbd..716cdfe55e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/ResourceBean.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/ResourceBean.java
@@ -2,8 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.beans;
 
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-
 /**
  * User: bdc34
  * Date: Oct 18, 2007
@@ -27,24 +25,6 @@ public interface ResourceBean {
 
     String getLabel();
 
-    public RoleLevel getHiddenFromDisplayBelowRoleLevel() ;
-
-    public void setHiddenFromDisplayBelowRoleLevel(RoleLevel eR) ;
-
-    public void setHiddenFromDisplayBelowRoleLevelUsingRoleUri(String roleUri) ;
-
-    public RoleLevel getProhibitedFromUpdateBelowRoleLevel() ;
-
-    public void setProhibitedFromUpdateBelowRoleLevel(RoleLevel eR) ;
-
-    public void setProhibitedFromUpdateBelowRoleLevelUsingRoleUri(String roleUri) ;
-
-    public RoleLevel getHiddenFromPublishBelowRoleLevel() ;
-
-    public void setHiddenFromPublishBelowRoleLevel(RoleLevel eR) ;
-
-    public void setHiddenFromPublishBelowRoleLevelUsingRoleUri(String roleUri) ;
-
     public String getPickListName();
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/SelfEditingConfiguration.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/SelfEditingConfiguration.java
index 06eab4472b..b9d8795c02 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/SelfEditingConfiguration.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/SelfEditingConfiguration.java
@@ -21,13 +21,22 @@
  * used methods on those properties.
  */
 public class SelfEditingConfiguration {
-	private static final Log log = LogFactory
-			.getLog(SelfEditingConfiguration.class);
+	private static final Log log = LogFactory.getLog(SelfEditingConfiguration.class);
 
-	private static final String BEAN_ATTRIBUTE = SelfEditingConfiguration.class
-			.getName();
+	private static SelfEditingConfiguration INSTANCE;
 
-	/**
+	public static SelfEditingConfiguration getInstance() {
+        if (INSTANCE != null) {
+            return INSTANCE;
+        }
+
+        SelfEditingConfiguration bean = buildBean();
+        log.debug("Created a bean: " + bean);
+        INSTANCE = bean;
+        return bean;
+    }
+
+    /**
 	 * This configuration property tells us which data property on the
 	 * Individual is used to associate it with a net ID.
 	 */
@@ -65,20 +74,11 @@ public static SelfEditingConfiguration getBean(ServletRequest request) {
 	 * Never returns null.
 	 */
 	public static SelfEditingConfiguration getBean(ServletContext ctx) {
-		Object attr = ctx.getAttribute(BEAN_ATTRIBUTE);
-		if (attr instanceof SelfEditingConfiguration) {
-			log.debug("Found a bean: " + attr);
-			return (SelfEditingConfiguration) attr;
-		}
-
-		SelfEditingConfiguration bean = buildBean(ctx);
-		log.debug("Created a bean: " + bean);
-		ctx.setAttribute(BEAN_ATTRIBUTE, bean);
-		return bean;
+		return getInstance();
 	}
 
-	private static SelfEditingConfiguration buildBean(ServletContext ctx) {
-		ConfigurationProperties config = ConfigurationProperties.getBean(ctx);
+	private static SelfEditingConfiguration buildBean() {
+		ConfigurationProperties config = ConfigurationProperties.getInstance();
 		String selfEditingIdMatchingProperty = config
 				.getProperty(PROPERTY_SELF_EDITING_ID_MATCHING_PROPERTY);
 		return new SelfEditingConfiguration(selfEditingIdMatchingProperty);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/config/ConfigurationProperties.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/config/ConfigurationProperties.java
index ee27feef38..e8e6f950a8 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/config/ConfigurationProperties.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/config/ConfigurationProperties.java
@@ -9,7 +9,6 @@
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
@@ -26,98 +25,69 @@
 public abstract class ConfigurationProperties {
 	private static final Log log = LogFactory
 			.getLog(ConfigurationProperties.class);
-
-	/** The bean is attached to the session by this name. */
-	private static final String ATTRIBUTE_NAME = ConfigurationProperties.class
-			.getName();
-
+	
 	/** If they ask for a bean before one has been set, they get this. */
 	private static final ConfigurationProperties DUMMY_PROPERTIES = new DummyConfigurationProperties();
 
+    private static ConfigurationProperties INSTANCE = DUMMY_PROPERTIES;
+
+    public static ConfigurationProperties getInstance() {
+        if (INSTANCE == DUMMY_PROPERTIES) {
+            log.error("ConfigurationProperties bean has not been set.");
+        }
+        return INSTANCE;
+    }
+
+    public static void setInstance(ConfigurationProperties props) {
+        INSTANCE = props;
+    }
 	// ----------------------------------------------------------------------
 	// static methods
 	// ----------------------------------------------------------------------
 
+    @Deprecated
 	public static ConfigurationProperties getBean(ServletRequest request) {
-		if (request == null) {
-			throw new NullPointerException("request may not be null.");
-		}
-		if (!(request instanceof HttpServletRequest)) {
-			throw new IllegalArgumentException(
-					"request must be an HttpServletRequest");
-		}
-		HttpServletRequest httpRequest = (HttpServletRequest) request;
-		return getBean(httpRequest.getSession());
-	}
+        return getInstance();
 
-	public static ConfigurationProperties getBean(HttpSession session) {
-		if (session == null) {
-			throw new NullPointerException("session may not be null.");
-		}
-		return getBean(session.getServletContext());
 	}
+    @Deprecated
+	public static ConfigurationProperties getBean(HttpSession session) {
+        return getInstance();
 
-	public static ConfigurationProperties getBean(HttpServlet servlet) {
-		if (servlet == null) {
-			throw new NullPointerException("servlet may not be null.");
-		}
-		return getBean(servlet.getServletContext());
 	}
+    @Deprecated
+	public static ConfigurationProperties getBean(HttpServlet servlet) {
+        return getInstance();
 
-	public static ConfigurationProperties getBean(ServletContextEvent sce) {
-		if (sce == null) {
-			throw new NullPointerException("sce may not be null.");
-		}
-		return getBean(sce.getServletContext());
 	}
+    @Deprecated
+	public static ConfigurationProperties getBean(ServletContextEvent sce) {
+        return getInstance();
 
-	public static ConfigurationProperties getBean(ServletConfig servletConfig) {
-		if (servletConfig == null) {
-			throw new NullPointerException("servletConfig may not be null.");
-		}
-		return getBean(servletConfig.getServletContext());
 	}
+    @Deprecated
+	public static ConfigurationProperties getBean(ServletConfig servletConfig) {
+        return getInstance();
 
+	}
+    @Deprecated
 	public static ConfigurationProperties getBean(ServletContext context) {
-		if (context == null) {
-			throw new NullPointerException("context may not be null.");
-		}
-
-		Object o = context.getAttribute(ATTRIBUTE_NAME);
-		if (o == null) {
-			log.error("ConfigurationProperties bean has not been set.");
-			return DUMMY_PROPERTIES;
-		} else if (!(o instanceof ConfigurationProperties)) {
-			log.error("Error: ConfigurationProperties was set to an "
-					+ "invalid object: " + o);
-			return DUMMY_PROPERTIES;
-		}
-
-		return (ConfigurationProperties) o;
+		return getInstance();
 	}
 
 	/**
 	 * Protected access, so the Stub class can call it for unit tests.
 	 * Otherwise, this should only be called by ConfigurationPropertiesSetup.
 	 */
-	protected static void setBean(ServletContext context,
-			ConfigurationProperties bean) {
-		if (context == null) {
-			throw new NullPointerException("context may not be null.");
-		}
-		if (bean == null) {
-			throw new NullPointerException("bean may not be null.");
-		}
-		context.setAttribute(ATTRIBUTE_NAME, bean);
-		log.debug(bean);
+    @Deprecated
+	protected static void setBean(ConfigurationProperties bean) {
+	    setInstance(bean);
 	}
 
+    @Deprecated
 	/** Package access, so unit tests can call it. */
 	static void removeBean(ServletContext context) {
-		if (context == null) {
-			throw new NullPointerException("context may not be null.");
-		}
-		context.removeAttribute(ATTRIBUTE_NAME);
+	    INSTANCE = DUMMY_PROPERTIES;
 	}
 
 	// ----------------------------------------------------------------------
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/config/ConfigurationPropertiesSetup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/config/ConfigurationPropertiesSetup.java
index 54d0ac90d0..8f420cf244 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/config/ConfigurationPropertiesSetup.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/config/ConfigurationPropertiesSetup.java
@@ -82,7 +82,7 @@ public void contextInitialized(ServletContextEvent sce) {
 				ConfigurationPropertiesImpl bean = new ConfigurationPropertiesImpl(
 						stream, preempts, new BuildProperties(ctx).getMap());
 
-				ConfigurationProperties.setBean(ctx, bean);
+				ConfigurationProperties.setBean(bean);
 				ss.info(this, "Loaded " + bean.getPropertyMap().size()
 						+ " properties.");
 			} finally {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/IndividualListRdfController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/IndividualListRdfController.java
index 06ce8c50e4..5f99497d95 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/IndividualListRdfController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/IndividualListRdfController.java
@@ -23,9 +23,10 @@
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish.PublishObjectPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.controller.api.VitroApiServlet;
 import edu.cornell.mannlib.vitro.webapp.controller.api.sparqlquery.InvalidQueryTypeException;
@@ -96,10 +97,10 @@ private RdfResultMediaType parseAcceptHeader(HttpServletRequest req)
 	private boolean isVclassRestricted(String vclassUri, HttpServletRequest req) {
 		ObjectProperty property = new ObjectProperty();
 		property.setURI(RDF_TYPE);
-		RequestedAction dops = new PublishObjectPropertyStatement(ModelAccess
-				.on(req).getOntModel(FULL_ASSERTIONS), RequestedAction.SOME_URI, property,
+		AccessObject dops = new ObjectPropertyStatementAccessObject(ModelAccess
+				.on(req).getOntModel(FULL_ASSERTIONS), AccessObject.SOME_URI, property,
 				vclassUri);
-		return !PolicyHelper.isAuthorizedForActions(req, dops);
+		return !PolicyHelper.isAuthorizedForActions(req, dops, AccessOperation.PUBLISH);
 	}
 
 	private void sendEmptyModel(RdfResultMediaType mediaType,
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryBuilderServlet.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryBuilderServlet.java
index 2879af9dd0..f5e761ae96 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryBuilderServlet.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryBuilderServlet.java
@@ -11,6 +11,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.utils.JSPPageHandler;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -20,7 +21,6 @@
 import org.apache.jena.sparql.resultset.ResultsFormat;
 
 import edu.cornell.mannlib.vedit.controller.BaseEditController;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 
 /**
  *  This servlet works as a RequestDispatcher to direct to the sparl query builder page.
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java
index 0d0c3453e4..90205db49d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java
@@ -2,8 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.controller;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
-
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URLEncoder;
@@ -12,7 +10,6 @@
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.Comparator;
 import java.util.Enumeration;
 import java.util.List;
@@ -120,7 +117,7 @@ protected void doPost(HttpServletRequest request,
 	protected boolean isAuthorizedToDisplayPage(HttpServletRequest request,
 			HttpServletResponse response, AuthorizationRequest actions) {
 		// Record restricted pages so we won't return to them on logout
-		if (actions != AUTHORIZED) {
+		if (actions != AuthorizationRequest.AUTHORIZED) {
 			LogoutRedirector.recordRestrictedPageUri(request);
 		}
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsDeleter.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsDeleter.java
index 70d52bead2..9fbe7001a6 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsDeleter.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsDeleter.java
@@ -12,8 +12,9 @@
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.RootAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageRootAccount;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.accounts.UserAccountsPage;
@@ -75,7 +76,7 @@ private void validateInputUris() {
 
 			if (u.isRootUser()
 					&& (!PolicyHelper.isAuthorizedForActions(vreq,
-							new ManageRootAccount()))) {
+							new RootAccessObject(), AccessOperation.DROP))) {
 				log.warn("Attempting to delete the root account, "
 						+ "but not authorized. Logged in as "
 						+ LoginStatusBean.getCurrentUser(vreq));
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsEditPage.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsEditPage.java
index 13e1ab0dd4..e93f211519 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsEditPage.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsEditPage.java
@@ -15,8 +15,9 @@
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.RootAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageRootAccount;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
@@ -122,7 +123,7 @@ private void validateUserAccountInfo() {
 		}
 		if (userAccount.isRootUser()) {
 			if (!PolicyHelper.isAuthorizedForActions(vreq,
-					new ManageRootAccount())) {
+					new RootAccessObject(), AccessOperation.EDIT)) {
 				log.warn("User is attempting to edit the root account, "
 						+ "but is not authorized to do so. Logged in as: "
 						+ LoginStatusBean.getCurrentUser(vreq));
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsListPage.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsListPage.java
index f02e17b8e4..1347e1eb55 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsListPage.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsListPage.java
@@ -19,8 +19,9 @@
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.RootAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageRootAccount;
 import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount.Status;
@@ -198,7 +199,7 @@ private boolean permittedToEdit(UserAccount account) {
 		if (!account.isRootUser()) {
 			return true;
 		}
-		if (PolicyHelper.isAuthorizedForActions(vreq, new ManageRootAccount())) {
+		if (PolicyHelper.isAuthorizedForActions(vreq, new RootAccessObject(), AccessOperation.EDIT)) {
 			return true;
 		}
 		return false;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/ManageProxiesAjaxController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/ManageProxiesAjaxController.java
index 97d2e1ce2b..40b27ddc85 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/ManageProxiesAjaxController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/ManageProxiesAjaxController.java
@@ -12,6 +12,7 @@
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
@@ -28,8 +29,9 @@ public class ManageProxiesAjaxController extends VitroAjaxController {
 
 	@Override
 	protected AuthorizationRequest requiredActions(VitroRequest vreq) {
-		return SimplePermission.MANAGE_OWN_PROXIES.ACTION
-				.or(SimplePermission.MANAGE_PROXIES.ACTION);
+		return AuthHelper.logicOr(
+		        SimplePermission.MANAGE_OWN_PROXIES.ACTION
+				,SimplePermission.MANAGE_PROXIES.ACTION);
 	}
 
 	@Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java
index 45be8f5531..9abe5f2698 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java
@@ -3,7 +3,6 @@
 package edu.cornell.mannlib.vitro.webapp.controller.accounts.user;
 
 import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource.EXTERNAL;
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
 
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -11,8 +10,8 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.beans.DisplayMessage;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@@ -44,7 +43,7 @@ protected AuthorizationRequest requiredActions(VitroRequest vreq) {
 		if (ACTION_MY_ACCOUNT.equals(action)) {
 			return SimplePermission.EDIT_OWN_ACCOUNT.ACTION;
 		} else {
-			return AUTHORIZED;
+			return AuthorizationRequest.AUTHORIZED;
 		}
 	}
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java
index b3ee6af2d4..876477be54 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java
@@ -2,9 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.controller.admin;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_PREDICATE;
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_URI;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_PREDICATE;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
 
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -12,20 +11,20 @@
 import java.util.Map;
 import java.util.TreeMap;
 
-import javax.servlet.ServletContext;
 import javax.servlet.annotation.WebServlet;
 
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.RequestIdentifiers;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasAssociatedIndividual;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyStore;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
@@ -42,7 +41,7 @@ public class ShowAuthController extends FreemarkerHttpServlet {
 
 	@Override
 	protected AuthorizationRequest requiredActions(VitroRequest vreq) {
-		return AUTHORIZED;
+		return AuthorizationRequest.AUTHORIZED;
 	}
 
 	@Override
@@ -53,8 +52,8 @@ protected ResponseValues processRequest(VitroRequest vreq) {
 		body.put("identifiers", getSortedIdentifiers(vreq));
 		body.put("currentUser", LoginStatusBean.getCurrentUser(vreq));
 		body.put("associatedIndividuals", getAssociatedIndividuals(vreq));
-		body.put("factories", getIdentifierFactoryNames(vreq));
-		body.put("policies", ServletPolicyList.getPolicies(vreq));
+		body.put("factories", ActiveIdentifierBundleFactories.getFactoryNames());
+		body.put("policies", PolicyStore.getInstance().getUris());
 		body.put("matchingProperty", getMatchingProperty(vreq));
 		body.put("authenticator", Authenticator.getInstance(vreq));
 
@@ -69,11 +68,6 @@ private List<Identifier> getSortedIdentifiers(VitroRequest vreq) {
 		return new ArrayList<Identifier>(idMap.values());
 	}
 
-	private List<String> getIdentifierFactoryNames(VitroRequest vreq) {
-		ServletContext ctx = vreq.getSession().getServletContext();
-		return ActiveIdentifierBundleFactories.getFactoryNames(ctx);
-	}
-
 	private String getMatchingProperty(VitroRequest vreq) {
 		return ConfigurationProperties.getBean(vreq).getProperty(
 				"selfEditing.idMatchingProperty", "");
@@ -94,10 +88,10 @@ private List<AssociatedIndividual> getAssociatedIndividuals(
 	 * this individual?
 	 */
 	private boolean mayEditIndividual(VitroRequest vreq, String individualUri) {
-		RequestedAction action = new EditObjectPropertyStatement(
+		AccessObject action = new ObjectPropertyStatementAccessObject(
 				vreq.getJenaOntModel(), individualUri,
 				SOME_PREDICATE, SOME_URI);
-		return PolicyHelper.isAuthorizedForActions(vreq, action);
+		return PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.EDIT);
 	}
 
 	public class AssociatedIndividual {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowSourcesController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowSourcesController.java
index c0d5e3fc3a..bf235be28c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowSourcesController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowSourcesController.java
@@ -2,7 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.controller.admin;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
 import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess.LanguageOption.LANGUAGE_NEUTRAL;
 import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess.WhichService.CONFIGURATION;
 import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess.WhichService.CONTENT;
@@ -112,7 +111,7 @@ public class ShowSourcesController extends FreemarkerHttpServlet {
 
 	@Override
 	protected AuthorizationRequest requiredActions(VitroRequest vreq) {
-		return AUTHORIZED;
+		return AuthorizationRequest.AUTHORIZED;
 	}
 
 	@Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/ajax/VitroAjaxController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/ajax/VitroAjaxController.java
index 51a68e602a..3c0daf4e76 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/ajax/VitroAjaxController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/ajax/VitroAjaxController.java
@@ -2,8 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.controller.ajax;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
-
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.Map;
@@ -68,7 +66,7 @@ protected final void doPost(HttpServletRequest req, HttpServletResponse resp)
      */
     @SuppressWarnings("unused")
 	protected AuthorizationRequest requiredActions(VitroRequest vreq) {
-		return AUTHORIZED;
+		return AuthorizationRequest.AUTHORIZED;
 	}
 
 	/**
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/api/VitroApiServlet.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/api/VitroApiServlet.java
index 47bcdfd21a..52951a8a92 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/api/VitroApiServlet.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/api/VitroApiServlet.java
@@ -41,7 +41,7 @@ public class VitroApiServlet extends HttpServlet {
 	 * them for this action, throw an AuthException.
 	 */
 	protected void confirmAuthorization(HttpServletRequest req,
-			AuthorizationRequest requiredActions) throws AuthException {
+	        AuthorizationRequest requiredActions) throws AuthException {
 		String email = req.getParameter("email");
 		String password = req.getParameter("password");
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AdminLoginController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AdminLoginController.java
index 36a7601b23..da13d5867e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AdminLoginController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AdminLoginController.java
@@ -3,7 +3,6 @@
 package edu.cornell.mannlib.vitro.webapp.controller.authenticate;
 
 import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource.INTERNAL;
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
 import static edu.cornell.mannlib.vitro.webapp.beans.UserAccount.MAX_PASSWORD_LENGTH;
 import static edu.cornell.mannlib.vitro.webapp.beans.UserAccount.MIN_PASSWORD_LENGTH;
 
@@ -58,7 +57,7 @@ public class AdminLoginController extends FreemarkerHttpServlet {
 
 	@Override
 	protected AuthorizationRequest requiredActions(VitroRequest vreq) {
-		return AUTHORIZED; // No requirements to use this page.
+		return AuthorizationRequest.AUTHORIZED; // No requirements to use this page.
 	}
 
 	@Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java
index e8bbec5167..ec1230313b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java
@@ -266,10 +266,8 @@ public static boolean isValidEmailAddress(String emailAddress) {
 	 * Get the IDs that would be created for this userAccount, if this user were
 	 * to log in.
 	 */
-	public static IdentifierBundle getIdsForUserAccount(HttpServletRequest req,
-			UserAccount userAccount) {
-		return ActiveIdentifierBundleFactories.getUserIdentifierBundle(req,
-				userAccount);
+	public static IdentifierBundle getIdsForUserAccount(UserAccount userAccount) {
+		return ActiveIdentifierBundleFactories.getUserIdentifierBundle(userAccount);
 	}
 
 	// ----------------------------------------------------------------------
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
index 34fc6a01d6..19795a9fcc 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
@@ -2,14 +2,10 @@
 
 package edu.cornell.mannlib.vitro.webapp.controller.authenticate;
 
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.Map;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
+import edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionSets;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -18,7 +14,6 @@
 import edu.cornell.mannlib.vitro.webapp.application.ApplicationUtils;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.RequestIdentifiers;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsRootUser;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
@@ -33,6 +28,12 @@
 import edu.cornell.mannlib.vitro.webapp.modules.searchEngine.SearchEngine;
 import edu.cornell.mannlib.vitro.webapp.modules.searchEngine.SearchEngineException;
 
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
 /**
  * The "standard" implementation of Authenticator.
  */
@@ -228,17 +229,20 @@ private void createLoginStatusBean(String userUri,
 	/**
 	 * Editors and other privileged users get a longer timeout interval.
 	 */
-	private void setSessionTimeoutLimit(UserAccount userAccount,
-			HttpSession session) {
-		RoleLevel role = RoleLevel.getRoleFromLoginStatus(request);
-		if (role == RoleLevel.EDITOR || role == RoleLevel.CURATOR
-				|| role == RoleLevel.DB_ADMIN) {
-			session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
-		} else if (userAccount.isRootUser()) {
-			session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
+	private void setSessionTimeoutLimit(UserAccount userAccount, HttpSession session) {
+		int interval = LOGGED_IN_TIMEOUT_INTERVAL;
+		if (userAccount.isRootUser()) {
+			interval = PRIVILEGED_TIMEOUT_INTERVAL;
 		} else {
-			session.setMaxInactiveInterval(LOGGED_IN_TIMEOUT_INTERVAL);
+			Set<String> permissions = userAccount.getPermissionSetUris();
+			for (String uri : permissions) {
+				if (!uri.equals(PermissionSets.URI_SELF_EDITOR)) {
+					interval = PRIVILEGED_TIMEOUT_INTERVAL;
+				}
+			}
 		}
+
+		session.setMaxInactiveInterval(interval);
 	}
 
 	/**
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/LoginRedirector.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/LoginRedirector.java
index 65b8a2310f..ca4ba5056e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/LoginRedirector.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/LoginRedirector.java
@@ -74,15 +74,17 @@ public String getRedirectionUriForLoggedInUser() {
 			return getAssociatedIndividualHomePage();
 		}
 
-		if (!canSeeSiteAdminPage()) {
-			log.debug("User not recognized. Going to application home.");
-			return getApplicationHomePageUrl();
-		}
+		if (null != afterLoginPage) {
+			if (isLoginPage(afterLoginPage)) {
+				if (canSeeSiteAdminPage()) {
+					log.debug("Coming from /login. Going to site admin page.");
+					return getSiteAdminPageUrl();
+				} else {
+					log.debug("User not recognized. Going to application home.");
+					return getApplicationHomePageUrl();
+				}
+			}
 
-		if (isLoginPage(afterLoginPage)) {
-			log.debug("Coming from /login. Going to site admin page.");
-			return getSiteAdminPageUrl();
-		} else if (null != afterLoginPage) {
 			log.debug("Returning to requested page: " + afterLoginPage);
 			return afterLoginPage;
 		} else {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/RestrictedAuthenticator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/RestrictedAuthenticator.java
index bb4fb6322f..783acd1405 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/RestrictedAuthenticator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/RestrictedAuthenticator.java
@@ -11,7 +11,6 @@
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.RequestIdentifiers;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 
 /**
@@ -49,12 +48,10 @@ public boolean isUserPermittedToLogin(UserAccount userAccount) {
 		}
 
 		ArrayIdentifierBundle ids = new ArrayIdentifierBundle();
-		ids.addAll(getIdsForUserAccount(req, userAccount));
+		ids.addAll(getIdsForUserAccount(userAccount));
 		ids.addAll(RequestIdentifiers.getIdBundleForRequest(req));
 
-		return PolicyHelper.isAuthorizedForActions(ids,
-				ServletPolicyList.getPolicies(req),
-				SimplePermission.LOGIN_DURING_MAINTENANCE.ACTION);
+		return PolicyHelper.isAuthorizedForActions(ids, SimplePermission.LOGIN_DURING_MAINTENANCE.ACTION);
 	}
 
 	@Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/datatools/dumprestore/DumpRestoreController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/datatools/dumprestore/DumpRestoreController.java
index 77f22b3755..0f5e427854 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/datatools/dumprestore/DumpRestoreController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/datatools/dumprestore/DumpRestoreController.java
@@ -15,7 +15,7 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
@@ -37,7 +37,7 @@
 @WebServlet(name = "DumpRestoreController", urlPatterns = {"/dumpRestore/*"} )
 public class DumpRestoreController extends FreemarkerHttpServlet {
 
-	private static final RequestedAction REQUIRED_ACTION = SimplePermission.USE_ADVANCED_DATA_TOOLS_PAGES.ACTION;
+	private static final AuthorizationRequest REQUIRED_ACTION = SimplePermission.USE_ADVANCED_DATA_TOOLS_PAGES.ACTION;
 
 	static final String ACTION_DUMP = "/dump";
 	static final String ACTION_RESTORE = "/restore";
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropEditController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropEditController.java
index 4028c0aec3..9e1d36b43d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropEditController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropEditController.java
@@ -43,7 +43,7 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
 
     	VitroRequest vreq = new VitroRequest(request);
 
-        final int NUM_COLS=19;
+        final int NUM_COLS=15;
 
         String datapropURI = request.getParameter("uri");
 
@@ -69,14 +69,10 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
         results.add("public description");    // column 9
         results.add("example");               // column 10
         results.add("editor description");    // column 11
-        results.add("display level");         // column 12
-        results.add("update level");          // column 13
-        results.add("display tier");          // column 14
-        results.add("display limit");         // column 15
-        results.add("custom entry form");     // column 16
-        results.add("editing");               // column 17
-        results.add("URI");                   // column 18
-        results.add("publish level");         // column 19
+        results.add("display tier");          // column 12
+        results.add("display limit");         // column 13
+        results.add("custom entry form");     // column 14
+        results.add("URI");                   // column 15
 
         results.add(dp.getPickListName()); // column 1
         results.add(dp.getPublicName() == null ? "(no public label)" : dp.getPublicName()); // column 2
@@ -137,17 +133,10 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
         String descriptionStr = (dp.getDescription() == null) ? "" : dp.getDescription();  // column 11
         results.add(descriptionStr);
 
-		results.add(dp.getHiddenFromDisplayBelowRoleLevel() == null ? "(unspecified)"
-				: dp.getHiddenFromDisplayBelowRoleLevel().getDisplayLabel()); // column 12
-		results.add(dp.getProhibitedFromUpdateBelowRoleLevel() == null ? "(unspecified)"
-				: dp.getProhibitedFromUpdateBelowRoleLevel().getUpdateLabel()); // column 13
-        results.add(String.valueOf(dp.getDisplayTier()));  // column 14
-        results.add(String.valueOf(dp.getDisplayLimit()));  // column 15
-        results.add(dp.getCustomEntryForm() == null ? "(unspecified)" : dp.getCustomEntryForm());  // column 16
-        results.add(dp.getEditing() == null ? "" : dp.getEditing()); // column 17
-        results.add(dp.getURI() == null ? "" : dp.getURI()); // column 18
-		results.add(dp.getHiddenFromPublishBelowRoleLevel() == null ? "(unspecified)"
-				: dp.getHiddenFromPublishBelowRoleLevel().getDisplayLabel()); // column 19
+        results.add(String.valueOf(dp.getDisplayTier()));  // column 12
+        results.add(String.valueOf(dp.getDisplayLimit()));  // column 13
+        results.add(dp.getCustomEntryForm() == null ? "(unspecified)" : dp.getCustomEntryForm());  // column 14
+        results.add(dp.getURI() == null ? "" : dp.getURI()); // column 15
         request.setAttribute("results",results);
         request.setAttribute("columncount",NUM_COLS);
         request.setAttribute("suppressquery","true");
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java
index 70d47a80a7..3fd3fda43e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java
@@ -25,12 +25,12 @@
 import edu.cornell.mannlib.vedit.util.FormUtils;
 import edu.cornell.mannlib.vedit.validator.impl.IntValidator;
 import edu.cornell.mannlib.vedit.validator.impl.XMLNameValidator;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionListener;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.VClass;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
-import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup;
 import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDao;
 import edu.cornell.mannlib.vitro.webapp.dao.DatatypeDao;
 import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao;
@@ -165,23 +165,6 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
         groupOptList.add(0,new Option("","none"));
         optionMap.put("GroupURI", groupOptList);
 
-        optionMap.put("HiddenFromDisplayBelowRoleLevelUsingRoleUri",RoleLevelOptionsSetup.getDisplayOptionsList(objectForEditing));
-        optionMap.put("ProhibitedFromUpdateBelowRoleLevelUsingRoleUri",RoleLevelOptionsSetup.getUpdateOptionsList(objectForEditing));
-        optionMap.put("HiddenFromPublishBelowRoleLevelUsingRoleUri",RoleLevelOptionsSetup.getPublishOptionsList(objectForEditing));
-
-        // Set the value of the editing parameter (as defined in VitroVocabulary.java). 
-        // Use value to control form types as in defaultDataPropertyForm.ftl
-        String editingVal = objectForEditing.getEditing();
-        List<Option> editingOptList = new ArrayList<Option>();
-        editingOptList.add(0,new Option("","plaintext"));
-        editingOptList.add(1,new Option("HTML","rich text"));
-        for (Option val : editingOptList) {
-            if(editingVal != null && editingVal.equals(val.getValue())) {
-                val.setSelected(true);
-            }
-        }
-        optionMap.put("Editing", editingOptList);
-
         foo.setOptionLists(optionMap);
 
         request.setAttribute("functional",objectForEditing.getFunctional());
@@ -199,6 +182,8 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
         request.setAttribute("title","Data Property Editing Form");
         request.setAttribute("_action",action);
         request.setAttribute("unqualifiedClassName","DatatypeProperty");
+
+        addAccessAttributes(request, objectForEditing.getURI(), AccessObjectType.DATA_PROPERTY);
         setRequestAttributes(request,epo);
 
         try {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/EntityEditController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/EntityEditController.java
index 87735d417c..d2738b0211 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/EntityEditController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/EntityEditController.java
@@ -74,14 +74,8 @@ public void doGet (HttpServletRequest request, HttpServletResponse response) {
         int colCount = 4;
         results.add("Name");
         results.add("class");
-        results.add("display level");
-        results.add("edit level");
         results.add("last updated");
-        colCount++;
         results.add("URI");
-        colCount++;
-        results.add("publish level");
-        colCount++;
 
         String rName = null;
         if (ent.getName() != null && ent.getName().length() > 0) {
@@ -117,16 +111,9 @@ public void doGet (HttpServletRequest request, HttpServletResponse response) {
         }
         results.add(classStr.toString());
 
-		results.add(ent.getHiddenFromDisplayBelowRoleLevel() == null ? "unspecified"
-				: ent.getHiddenFromDisplayBelowRoleLevel().getDisplayLabel());
-		results.add(ent.getProhibitedFromUpdateBelowRoleLevel() == null ? "unspecified"
-				: ent.getProhibitedFromUpdateBelowRoleLevel().getUpdateLabel());
-
         String rModTime = (ent.getModTime()==null) ? "" : publicDateFormat.format(ent.getModTime());
         results.add(rModTime);
         results.add( (ent.getURI() == null) ? "[anonymous individual]" : ent.getURI() );
-		results.add(ent.getHiddenFromPublishBelowRoleLevel() == null ? "unspecified"
-				: ent.getHiddenFromPublishBelowRoleLevel().getDisplayLabel());
         request.setAttribute("results",results);
         request.setAttribute("columncount", colCount);
         request.setAttribute("suppressquery","true");
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/EntityRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/EntityRetryController.java
index a385f36bae..ea8c0f69b4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/EntityRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/EntityRetryController.java
@@ -47,7 +47,6 @@
 import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup;
 import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
-import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup;
 import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDao;
 import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
 import edu.cornell.mannlib.vitro.webapp.dao.VClassDao;
@@ -173,10 +172,6 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
 			hash.put("VClassURI", optList);
         }
 
-        hash.put("HiddenFromDisplayBelowRoleLevelUsingRoleUri",RoleLevelOptionsSetup.getDisplayOptionsList(individualForEditing));
-        hash.put("ProhibitedFromUpdateBelowRoleLevelUsingRoleUri",RoleLevelOptionsSetup.getUpdateOptionsList(individualForEditing));
-        hash.put("HiddenFromPublishBelowRoleLevelUsingRoleUri",RoleLevelOptionsSetup.getPublishOptionsList(individualForEditing));
-
         FormObject foo = new FormObject();
         foo.setOptionLists(hash);
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java
index 36cfbf6284..ae43c4519f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java
@@ -30,6 +30,7 @@
 import edu.cornell.mannlib.vedit.util.FormUtils;
 import edu.cornell.mannlib.vedit.validator.Validator;
 import edu.cornell.mannlib.vedit.validator.impl.RequiredFieldValidator;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionListener;
 import edu.cornell.mannlib.vitro.webapp.beans.Datatype;
@@ -38,7 +39,6 @@
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.beans.PropertyGroup;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
-import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup;
 import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDao;
 import edu.cornell.mannlib.vitro.webapp.dao.FauxPropertyDao;
 import edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDao;
@@ -72,6 +72,9 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) {
 		req.setAttribute("scripts", "/templates/edit/formBasic.js");
 		req.setAttribute("title", "Faux Property Editing Form");
 		req.setAttribute("_action", epo.getAction());
+
+		addAccessAttributes(req, populator.beanForEditing.getConfigUri(), AccessObjectType.FAUX_PROPERTY);
+
 		setRequestAttributes(req, epo);
 
 		try {
@@ -195,12 +198,6 @@ private FauxProperty newFauxProperty(String baseUri) {
 			fp.setGroupURI(base.getGroupURI());
 			fp.setRangeURI(base.getRangeVClassURI());
 			fp.setDomainURI(base.getDomainVClassURI());
-			fp.setHiddenFromDisplayBelowRoleLevel(base
-					.getHiddenFromDisplayBelowRoleLevel());
-			fp.setHiddenFromPublishBelowRoleLevel(base
-					.getHiddenFromPublishBelowRoleLevel());
-			fp.setProhibitedFromUpdateBelowRoleLevel(base
-					.getProhibitedFromUpdateBelowRoleLevel());
 			fp.setCustomEntryForm(base.getCustomEntryForm());
 			log.debug("Created new FauxProperty: " + fp);
 			return fp;
@@ -257,12 +254,7 @@ private Map<String, List<Option>> createOptionsMap() {
 			map.put("GroupURI", createClassGroupOptionList());
 			map.put("DomainURI", buildDomainOptionList());
 			map.put("RangeURI", buildRangeOptionList());
-			map.put("HiddenFromDisplayBelowRoleLevelUsingRoleUri",
-					RoleLevelOptionsSetup.getDisplayOptionsList(beanForEditing));
-			map.put("ProhibitedFromUpdateBelowRoleLevelUsingRoleUri",
-					RoleLevelOptionsSetup.getUpdateOptionsList(beanForEditing));
-			map.put("HiddenFromPublishBelowRoleLevelUsingRoleUri",
-					RoleLevelOptionsSetup.getPublishOptionsList(beanForEditing));
+
 			return map;
 		}
 
@@ -414,5 +406,4 @@ public int compare(Option o1, Option o2) {
 		}
 
 	}
-
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/NamespacePrefixRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/NamespacePrefixRetryController.java
index 525fa7976d..29ab42a6c1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/NamespacePrefixRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/NamespacePrefixRetryController.java
@@ -5,13 +5,13 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.utils.JSPPageHandler;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vedit.beans.EditProcessObject;
 import edu.cornell.mannlib.vedit.controller.BaseEditController;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 
 public class NamespacePrefixRetryController extends BaseEditController {
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyEditController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyEditController.java
index 52e271291f..e8e62490f8 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyEditController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyEditController.java
@@ -43,7 +43,7 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
         	return;
         }
 
-        final int NUM_COLS=26;
+        final int NUM_COLS=23;
 
         VitroRequest vreq = new VitroRequest(request);
 
@@ -72,17 +72,14 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
         results.add("public description");    // column 13
         results.add("example");               // column 14
         results.add("editor description");    // column 15
-        results.add("display level");         // column 16
-        results.add("update level");          // column 17
-        results.add("display tier");          // column 18
-        results.add("display limit");         // column 15
-        results.add("collate by subclass");   // column 19
-        results.add("custom entry form");     // column 20
-        results.add("select from existing");  // column 21
-        results.add("offer create new");      // column 22
-        results.add("sort direction");        // column 23
-        results.add("URI");                   // column 24
-        results.add("publish level");         // column 25
+        results.add("display tier");          // column 16
+        results.add("display limit");         // column 17
+        results.add("collate by subclass");   // column 18
+        results.add("custom entry form");     // column 19
+        results.add("select from existing");  // column 20
+        results.add("offer create new");      // column 21
+        results.add("sort direction");        // column 22
+        results.add("URI");                   // column 23
 
         results.add(p.getPickListName()); // column 1
 
@@ -170,25 +167,18 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
         results.add(exampleStr);               // column 14
         String descriptionStr = (p.getDescription() == null) ? "" : p.getDescription();
         results.add(descriptionStr);           // column 15
+        
+        results.add("property: "+p.getDomainDisplayTier() + ", inverse: "+p.getRangeDisplayTier()); // column 16
+        results.add("property: "+p.getDomainDisplayLimitInteger() + ", inverse: "+p.getRangeDisplayLimit()); // column 17
+        results.add(p.getCollateBySubclass() ? "true" : "false"); // column 18
 
-		results.add(p.getHiddenFromDisplayBelowRoleLevel() == null ? "(unspecified)"
-				: p.getHiddenFromDisplayBelowRoleLevel().getDisplayLabel()); // column 16
-		results.add(p.getProhibitedFromUpdateBelowRoleLevel() == null ? "(unspecified)"
-				: p.getProhibitedFromUpdateBelowRoleLevel().getUpdateLabel()); // column 17
+        results.add(p.getCustomEntryForm() == null ? "(unspecified)" : p.getCustomEntryForm()); // column 19
+        results.add(p.getSelectFromExisting() ? "true" : "false");   // column 20
+        results.add(p.getOfferCreateNewOption() ? "true" : "false"); // column 21
 
-        results.add("property: "+p.getDomainDisplayTier() + ", inverse: "+p.getRangeDisplayTier()); // column 18
-        results.add("property: "+p.getDomainDisplayLimitInteger() + ", inverse: "+p.getRangeDisplayLimit());
-        results.add(p.getCollateBySubclass() ? "true" : "false"); // column 19
+        results.add(p.getDomainEntitySortDirection() == null ? "ascending" : p.getDomainEntitySortDirection()); // column 22
 
-        results.add(p.getCustomEntryForm() == null ? "(unspecified)" : p.getCustomEntryForm()); // column 20
-        results.add(p.getSelectFromExisting() ? "true" : "false");   // column 21
-        results.add(p.getOfferCreateNewOption() ? "true" : "false"); // column 22
-
-        results.add(p.getDomainEntitySortDirection() == null ? "ascending" : p.getDomainEntitySortDirection()); // column 23
-
-        results.add(p.getURI()); // column 24
-		results.add(p.getHiddenFromPublishBelowRoleLevel() == null ? "(unspecified)"
-				: p.getHiddenFromPublishBelowRoleLevel().getDisplayLabel()); // column 25
+        results.add(p.getURI()); // column 23
         request.setAttribute("results",results);
         request.setAttribute("columncount",NUM_COLS);
         request.setAttribute("suppressquery","true");
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java
index 909ebeff98..598705d16c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java
@@ -27,11 +27,11 @@
 import edu.cornell.mannlib.vedit.validator.Validator;
 import edu.cornell.mannlib.vedit.validator.impl.IntValidator;
 import edu.cornell.mannlib.vedit.validator.impl.XMLNameValidator;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionListener;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
-import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup;
 import edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDao;
 import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
@@ -143,10 +143,6 @@ public void doPost (HttpServletRequest req, HttpServletResponse response) {
             throw new RuntimeException(e);
         }
 
-        optionMap.put("HiddenFromDisplayBelowRoleLevelUsingRoleUri",RoleLevelOptionsSetup.getDisplayOptionsList(propertyForEditing));
-        optionMap.put("ProhibitedFromUpdateBelowRoleLevelUsingRoleUri",RoleLevelOptionsSetup.getUpdateOptionsList(propertyForEditing));
-        optionMap.put("HiddenFromPublishBelowRoleLevelUsingRoleUri",RoleLevelOptionsSetup.getPublishOptionsList(propertyForEditing));
-
         List<Option> groupOptList = FormUtils.makeOptionListFromBeans(request.getUnfilteredWebappDaoFactory().getPropertyGroupDao().getPublicGroups(true),"URI","Name", ((propertyForEditing.getGroupURI()==null) ? "" : propertyForEditing.getGroupURI()), null, (propertyForEditing.getGroupURI()!=null));
         HashMap<String,Option> hashMap = new HashMap<String,Option>();
         groupOptList = getSortedList(hashMap,groupOptList,request);
@@ -186,6 +182,8 @@ public void doPost (HttpServletRequest req, HttpServletResponse response) {
         request.setAttribute("scripts","/templates/edit/formBasic.js");
         request.setAttribute("title","Property Editing Form");
         request.setAttribute("_action",action);
+
+        addAccessAttributes(request, propertyForEditing.getURI(), AccessObjectType.OBJECT_PROPERTY);
         setRequestAttributes(request,epo);
 
         try {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/VclassEditController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/VclassEditController.java
index a9b018670f..efdbc6fdff 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/VclassEditController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/VclassEditController.java
@@ -36,7 +36,7 @@
 public class VclassEditController extends BaseEditController {
 
 	private static final Log log = LogFactory.getLog(VclassEditController.class.getName());
-	private static final int NUM_COLS = 14;
+	private static final int NUM_COLS = 11;
 
     public void doPost (HttpServletRequest req, HttpServletResponse response) {
         if (!isAuthorizedToDisplayPage(req, response, SimplePermission.EDIT_ONTOLOGY.ACTION)) {
@@ -67,13 +67,10 @@ public void doPost (HttpServletRequest req, HttpServletResponse response) {
         results.add("short definition");     // 6
         results.add("example");              // 7
         results.add("editor description");   // 8
-        //results.add("curator comments");
-        results.add("display level");        // 9
-        results.add("update level");         // 10
-        results.add("display rank");         // 11
-        results.add("custom entry form");    // 12
-        results.add("URI");                  // 13
-        results.add("publish level");        // 14
+        //results.add("curator comments"); 
+        results.add("display rank");         // 9
+        results.add("custom entry form");    // 10
+        results.add("URI");                  // 11
 
         String ontologyName = null;
         if (vcl.getNamespace() != null) {
@@ -111,14 +108,6 @@ public void doPost (HttpServletRequest req, HttpServletResponse response) {
             commSb = new StringBuffer("no comments yet");
         }
 
-		String hiddenFromDisplay = (vcl.getHiddenFromDisplayBelowRoleLevel() == null ? "(unspecified)"
-				: vcl.getHiddenFromDisplayBelowRoleLevel().getDisplayLabel());
-		String ProhibitedFromUpdate = (vcl
-				.getProhibitedFromUpdateBelowRoleLevel() == null ? "(unspecified)"
-				: vcl.getProhibitedFromUpdateBelowRoleLevel().getUpdateLabel());
-		String hiddenFromPublish = (vcl.getHiddenFromPublishBelowRoleLevel() == null ? "(unspecified)"
-				: vcl.getHiddenFromPublishBelowRoleLevel().getDisplayLabel());
-
         String customEntryForm = (vcl.getCustomEntryForm() == null ? "(unspecified)" : vcl.getCustomEntryForm());
 
        //String lastModified = "<i>not implemented yet</i>"; // TODO
@@ -133,13 +122,10 @@ public void doPost (HttpServletRequest req, HttpServletResponse response) {
         results.add(shortDef);               // 6
         results.add(example);                // 7
         results.add(description);            // 8
-        //results.add(commSb.toString());    //
-        results.add(hiddenFromDisplay);      // 9
-        results.add(ProhibitedFromUpdate);   // 10
-        results.add(String.valueOf(vcl.getDisplayRank())); // 11
-        results.add(customEntryForm);        // 12
-        results.add(uri);                    // 13
-        results.add(hiddenFromPublish);      // 14
+        //results.add(commSb.toString());    // 
+        results.add(String.valueOf(vcl.getDisplayRank())); // 9
+        results.add(customEntryForm);        // 10
+        results.add(uri);                    // 11
         request.setAttribute("results", results);
         request.setAttribute("columncount", NUM_COLS);
         request.setAttribute("suppressquery", "true");
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/VclassRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/VclassRetryController.java
index 326b4fb1db..0ba8117966 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/VclassRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/VclassRetryController.java
@@ -26,11 +26,11 @@
 import edu.cornell.mannlib.vedit.listener.ChangeListener;
 import edu.cornell.mannlib.vedit.util.FormUtils;
 import edu.cornell.mannlib.vedit.validator.impl.XMLNameValidator;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.beans.Classes2Classes;
 import edu.cornell.mannlib.vitro.webapp.beans.VClass;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
-import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup;
 import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao;
 import edu.cornell.mannlib.vitro.webapp.dao.VClassDao;
 import edu.cornell.mannlib.vitro.webapp.dao.VClassGroupDao;
@@ -145,10 +145,6 @@ public void doPost (HttpServletRequest req, HttpServletResponse response) {
             log.error(this.getClass().getName() + "unable to create Namespace option list");
         }
 
-        optionMap.put("HiddenFromDisplayBelowRoleLevelUsingRoleUri",RoleLevelOptionsSetup.getDisplayOptionsList(vclassForEditing));
-        optionMap.put("ProhibitedFromUpdateBelowRoleLevelUsingRoleUri",RoleLevelOptionsSetup.getUpdateOptionsList(vclassForEditing));
-        optionMap.put("HiddenFromPublishBelowRoleLevelUsingRoleUri",RoleLevelOptionsSetup.getPublishOptionsList(vclassForEditing));
-
         FormObject foo = new FormObject();
         foo.setErrorMap(epo.getErrMsgMap());
         foo.setOptionLists(optionMap);
@@ -165,6 +161,8 @@ public void doPost (HttpServletRequest req, HttpServletResponse response) {
         request.setAttribute("title","Class Editing Form");
         request.setAttribute("_action",action);
         request.setAttribute("unqualifiedClassName","VClass");
+
+        addAccessAttributes(request, vclassForEditing.getURI(), AccessObjectType.CLASS);
         setRequestAttributes(request,epo);
 
         try {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/utils/RoleLevelOptionsSetup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/utils/RoleLevelOptionsSetup.java
deleted file mode 100644
index c460e43eab..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/utils/RoleLevelOptionsSetup.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.controller.edit.utils;
-
-import java.util.LinkedList;
-import java.util.List;
-
-import edu.cornell.mannlib.vedit.beans.Option;
-import edu.cornell.mannlib.vitro.webapp.beans.ResourceBean;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-public class RoleLevelOptionsSetup {
-    private static final Log log = LogFactory.getLog(RoleLevelOptionsSetup.class.getName());
-
-    public static List<Option> getDisplayOptionsList(ResourceBean b) {
-        List<Option> hiddenFromDisplayList = new LinkedList<Option>();
-        try {
-            BaseResourceBean.RoleLevel currentLevel = b.getHiddenFromDisplayBelowRoleLevel();
-            BaseResourceBean.RoleLevel roles[] = BaseResourceBean.RoleLevel.values();
-            boolean someLevelSet=false;
-            Option publicOption = null;
-            for (BaseResourceBean.RoleLevel level : roles) {
-                Option option = new Option (level.getURI(),level.getDisplayLabel(),false);
-                if (level==BaseResourceBean.RoleLevel.PUBLIC) {
-                    publicOption = option;
-                }
-                if (level==currentLevel) {
-                    option.setSelected(true);
-                    someLevelSet=true;
-                }
-                hiddenFromDisplayList.add(option);
-            }
-            if (!someLevelSet) {
-                publicOption.setSelected(true);
-            }
-        } catch (Exception ex) {
-            log.error("cannot create HiddenFromDisplayBelowRoleLevel options");
-        }
-        return hiddenFromDisplayList;
-    }
-
-    public static List<Option> getUpdateOptionsList(ResourceBean b) {
-        List<Option> prohibitedFromUpdateList = new LinkedList<Option>();
-        try {
-            BaseResourceBean.RoleLevel currentLevel = b.getProhibitedFromUpdateBelowRoleLevel();
-            BaseResourceBean.RoleLevel roles[] = BaseResourceBean.RoleLevel.values();
-            boolean someLevelSet=false;
-            Option publicOption = null;
-            for (BaseResourceBean.RoleLevel level : roles) {
-                Option option = new Option (level.getURI(),level.getUpdateLabel(),false);
-                if (level==BaseResourceBean.RoleLevel.PUBLIC) {
-                    publicOption = option;
-                }
-                if (level==currentLevel) {
-                    option.setSelected(true);
-                    someLevelSet=true;
-                }
-                prohibitedFromUpdateList.add(option);
-            }
-            if (!someLevelSet) {
-                publicOption.setSelected(true);
-            }
-        } catch (Exception ex) {
-            log.error("cannot create ProhibitedFromUpdateBelowRoleLevel options");
-        }
-        return prohibitedFromUpdateList;
-    }
-
-    public static List<Option> getPublishOptionsList(ResourceBean b) {
-        List<Option> hiddenFromPublishList = new LinkedList<Option>();
-        try {
-            BaseResourceBean.RoleLevel currentLevel = b.getHiddenFromPublishBelowRoleLevel();
-            BaseResourceBean.RoleLevel roles[] = BaseResourceBean.RoleLevel.values();
-            boolean someLevelSet=false;
-            Option publicOption = null;
-            for (BaseResourceBean.RoleLevel level : roles) {
-                Option option = new Option (level.getURI(),level.getDisplayLabel(),false);
-                if (level==BaseResourceBean.RoleLevel.PUBLIC) {
-                    publicOption = option;
-                }
-                if (level==currentLevel) {
-                    option.setSelected(true);
-                    someLevelSet=true;
-                }
-                hiddenFromPublishList.add(option);
-            }
-            if (!someLevelSet) {
-                publicOption.setSelected(true);
-            }
-        } catch (Exception ex) {
-            log.error("cannot create HiddenFromPublishBelowRoleLevel options");
-        }
-        return hiddenFromPublishList;
-    }
-
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FileUploadController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FileUploadController.java
index 297e29dbf3..8ebcaedf49 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FileUploadController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FileUploadController.java
@@ -1,6 +1,5 @@
 package edu.cornell.mannlib.vitro.webapp.controller.freemarker;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.UNAUTHORIZED;
 import static edu.cornell.mannlib.vitro.webapp.controller.freemarker.ImageUploadController.PARAMETER_UPLOADED_FILE;
 
 import java.io.IOException;
@@ -29,10 +28,11 @@
 import org.apache.tika.mime.MimeTypes;
 
 import edu.cornell.mannlib.vitro.webapp.application.ApplicationUtils;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
@@ -86,19 +86,22 @@ public void init() throws ServletException {
 
 	@Override
 	protected AuthorizationRequest requiredActions(VitroRequest vreq) {
-		RequestedAction ra;
+		AccessObject ra;
+		AccessOperation ao;
 		try {
 			Property predicate = new Property(getPredicateUri(vreq));
 			final OntModel jenaOntModel = vreq.getJenaOntModel();
 			final String subject = getSubjectUri(vreq);
 			if (isUpload(vreq)) {
-				ra = new AddObjectPropertyStatement(jenaOntModel, subject, predicate,RequestedAction.SOME_URI);
+				ra = new ObjectPropertyStatementAccessObject(jenaOntModel, subject, predicate,AccessObject.SOME_URI);
+				ao = AccessOperation.ADD;
 			} else { // delete
-				ra = new DropObjectPropertyStatement(jenaOntModel, subject, predicate, getFileUri(vreq));
+				ra = new ObjectPropertyStatementAccessObject(jenaOntModel, subject, predicate, getFileUri(vreq));
+				ao = AccessOperation.DROP;
 			}
-			return ra;
+			return new SimpleAuthorizationRequest(ra, ao);
 		} catch (Exception e) {
-			return UNAUTHORIZED;
+			return AuthorizationRequest.UNAUTHORIZED;
 		}
 	}
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
index cd416b931c..e9a38008a9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
@@ -2,7 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.controller.freemarker;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
 import static javax.mail.Message.RecipientType.TO;
 
 import java.io.IOException;
@@ -22,6 +21,9 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.QueryResultsMapCache;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.ProximityChecker;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
@@ -100,7 +102,7 @@ public void doGet( HttpServletRequest request, HttpServletResponse response )
         VitroRequest vreq = new VitroRequest(request);
         ResponseValues responseValues = null;
 
-    	try {
+    	try(QueryResultsMapCache personResourceCache = new QueryResultsMapCache()) {
 
             // This method does a redirect if the required authorizations are not met, so just return.
             if (!isAuthorizedToDisplayPage(request, response, requiredActions(vreq))) {
@@ -119,7 +121,7 @@ public void doGet( HttpServletRequest request, HttpServletResponse response )
                 }
     	    }
     	    handleException(vreq, response, e);
-    	}
+    	} 
     }
 
     /** In case of a processing error, display an error page. To an authorized user, the page displays
@@ -227,7 +229,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
      *
      */
     protected AuthorizationRequest requiredActions(VitroRequest vreq) {
-        return AUTHORIZED;
+        return AuthorizationRequest.AUTHORIZED;
     }
 
     // Subclasses will override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java
index 326e4d3ed1..2af9bd0428 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java
@@ -2,8 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.controller.freemarker;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.UNAUTHORIZED;
-
 import javax.servlet.ServletException;
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -13,11 +11,11 @@
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vitro.webapp.application.ApplicationUtils;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
@@ -148,24 +146,28 @@ protected AuthorizationRequest requiredActions(VitroRequest vreq) {
 			Property indMainImage = new Property();
 			indMainImage.setURI(VitroVocabulary.IND_MAIN_IMAGE);
 
-			RequestedAction ra;
+			AccessObject ra;
+			AccessOperation ao;
 			if (ACTION_DELETE.equals(action)
 					|| ACTION_DELETE_EDIT.equals(action)) {
-				ra = new DropObjectPropertyStatement(vreq.getJenaOntModel(),
+			    ao = AccessOperation.DROP;
+				ra = new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(),
 						entity.getURI(), indMainImage,
 						imageUri);
 			} else if (imageUri != null) {
-				ra = new EditObjectPropertyStatement(vreq.getJenaOntModel(),
+			    ao = AccessOperation.EDIT;
+				ra = new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(),
 						entity.getURI(), indMainImage,
 						imageUri);
 			} else {
-				ra = new AddObjectPropertyStatement(vreq.getJenaOntModel(),
+			    ao = AccessOperation.ADD;
+				ra = new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(),
 						entity.getURI(), indMainImage,
-						RequestedAction.SOME_URI);
+						AccessObject.SOME_URI);
 			}
-			return ra;
+			return new SimpleAuthorizationRequest(ra, ao);
 		} catch (UserMistakeException e) {
-			return UNAUTHORIZED;
+			return AuthorizationRequest.UNAUTHORIZED;
 		}
 	}
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ListVClassWebappsController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ListVClassWebappsController.java
index 6c5b622bdd..061f947361 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ListVClassWebappsController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ListVClassWebappsController.java
@@ -4,7 +4,6 @@
 
 import java.net.URLEncoder;
 import java.util.HashMap;
-import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java
index 4d0a62cbc2..1f48adcee9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java
@@ -3,9 +3,6 @@
 package edu.cornell.mannlib.vitro.webapp.controller.freemarker;
 
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.UNAUTHORIZED;
-
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -22,8 +19,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleRequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequiresActions;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
@@ -57,11 +53,10 @@ public class PageController extends FreemarkerHttpServlet{
     @Override
     protected AuthorizationRequest requiredActions(VitroRequest vreq) {
         try {
-			return AUTHORIZED.and(getActionsForPage(vreq)).and(
-					getActionsForDataGetters(vreq));
+			return getActionsForPage(vreq);
         } catch (Exception e) {
             log.warn(e);
-            return UNAUTHORIZED;
+            return AuthorizationRequest.UNAUTHORIZED;
         }
     }
 
@@ -69,36 +64,11 @@ protected AuthorizationRequest requiredActions(VitroRequest vreq) {
      * Get all the required actions directly required for the page.
      */
     private AuthorizationRequest getActionsForPage( VitroRequest vreq ) throws Exception{
-        List<String> simplePremUris = vreq.getWebappDaoFactory().getPageDao()
-            .getRequiredActions( getPageUri(vreq) );
-
-        AuthorizationRequest auth = AUTHORIZED;
-        for( String uri : simplePremUris ){
-            auth = auth.and( new SimpleRequestedAction(uri) );
-        }
-        return auth;
-    }
-
-    /**
-     * Get Actions object for the data getters for the page.
-     */
-    private AuthorizationRequest getActionsForDataGetters(VitroRequest vreq ){
-        try {
-            List<DataGetter> dgList =
-                DataGetterUtils.getDataGettersForPage(
-                    vreq, vreq.getDisplayModel(), getPageUri(vreq));
-
-            AuthorizationRequest auth = AUTHORIZED;
-            for( DataGetter dg : dgList){
-                if( dg instanceof RequiresActions ){
-                    auth = auth.and(((RequiresActions) dg).requiredActions(vreq));
-                }
-            }
-            return auth;
-        } catch (Exception e) {
-            log.debug(e);
-            return UNAUTHORIZED;
+        String uri = vreq.getWebappDaoFactory().getPageDao().getRequiredActions( getPageUri(vreq) );
+        if (StringUtils.isBlank(uri)) {
+            return AuthorizationRequest.AUTHORIZED;
         }
+        return new SimpleAuthorizationRequest(uri);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/responsevalues/NotAuthorizedResponseValues.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/responsevalues/NotAuthorizedResponseValues.java
index 0231da9fbf..4848363266 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/responsevalues/NotAuthorizedResponseValues.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/responsevalues/NotAuthorizedResponseValues.java
@@ -2,7 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues;
 
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ForbiddenAuthorizationRequest;
 
 /**
  * This allows processRequest() in sub-classes of FreemarkerHttpServlet to
@@ -20,8 +21,8 @@ public NotAuthorizedResponseValues(String logMessage) {
 		this.logMessage = logMessage;
 	}
 
-	public RequestedAction getUnauthorizedAction() {
-		return new RequestedAction() {
+	public AuthorizationRequest getUnauthorizedAction() {
+		return new ForbiddenAuthorizationRequest() {
 			@Override
 			public String toString() {
 				return "Servlet not authorized: " + logMessage;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/individual/IndividualRdfAssembler.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/individual/IndividualRdfAssembler.java
index 90e5608c2b..0091049a5b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/individual/IndividualRdfAssembler.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/individual/IndividualRdfAssembler.java
@@ -28,12 +28,14 @@
 import org.apache.jena.vocabulary.RDF;
 import org.apache.jena.vocabulary.RDFS;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish.PublishDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish.PublishObjectPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
+import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.RdfResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
@@ -205,16 +207,19 @@ private void removeProhibitedTriples(OntModel o) {
 				String value = stmt.getObject().asLiteral().getString();
 				DataPropertyStatement dps = new DataPropertyStatementImpl(
 						subjectUri, predicateUri, value);
-				RequestedAction pdps = new PublishDataPropertyStatement(o, dps);
-				if (!PolicyHelper.isAuthorizedForActions(vreq, pdps)) {
+				AccessObject pdps = new DataPropertyStatementAccessObject(o, dps);
+				if (!PolicyHelper.isAuthorizedForActions(vreq, pdps, AccessOperation.PUBLISH)) {
 					log.debug("not authorized: " + pdps);
 					stmts.remove();
 				}
 			} else if (stmt.getObject().isURIResource()) {
 				String objectUri = stmt.getObject().asResource().getURI();
-				RequestedAction pops = new PublishObjectPropertyStatement(o,
-						subjectUri, predicateUri, objectUri);
-				if (!PolicyHelper.isAuthorizedForActions(vreq, pops)) {
+				 /** We don't need to know range and domain because publishing never involves faux properties. */
+				Property prop = new Property(predicateUri);
+		        prop.setDomainVClassURI("?SOME_URI");
+		        prop.setRangeVClassURI("?SOME_URI");
+				AccessObject pops = new ObjectPropertyStatementAccessObject(o, subjectUri, prop, objectUri);
+				if (!PolicyHelper.isAuthorizedForActions(vreq, pops, AccessOperation.PUBLISH)) {
 					log.debug("not authorized: " + pops);
 					stmts.remove();
 				}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java
index b6cfe8711b..663d84d713 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java
@@ -32,6 +32,7 @@
 
 import edu.cornell.mannlib.vedit.controller.BaseEditController;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@@ -44,8 +45,10 @@
 
 @WebServlet(name = "JenaExportController", urlPatterns = {"/export/*"} )
 public class JenaExportController extends BaseEditController {
-	private static final AuthorizationRequest REQUIRED_ACTIONS = SimplePermission.USE_ADVANCED_DATA_TOOLS_PAGES.ACTION
-			.or(SimplePermission.EDIT_ONTOLOGY.ACTION);
+	private static final AuthorizationRequest REQUIRED_ACTIONS = 
+	        AuthHelper.logicOr(
+	        SimplePermission.USE_ADVANCED_DATA_TOOLS_PAGES.ACTION,
+			SimplePermission.EDIT_ONTOLOGY.ACTION);
 
 
 	private static final Log log = LogFactory.getLog(JenaExportController.class);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/json/JsonServlet.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/json/JsonServlet.java
index cdaa4191bf..5439c08b42 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/json/JsonServlet.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/json/JsonServlet.java
@@ -15,6 +15,7 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.QueryResultsMapCache;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
@@ -50,34 +51,37 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
         log.debug(LogUtils.formatRequestProperties(log, "debug", req));
 
         VitroRequest vreq = new VitroRequest(req);
-        if (vreq.getParameter("getEntitiesByVClass") != null) {
-            if( vreq.getParameter("resultKey") == null) {
-                new GetEntitiesByVClass(vreq).process(resp);
-            } else {
-            	new GetEntitiesByVClassContinuation(vreq).process(resp);
-            }
-        }else if( vreq.getParameter("getN3EditOptionList") != null ){
-        	throw new IllegalArgumentException("The call invoked deprecated classes " +
-        			"and the parameter for this call appeared nowhere in the code base, " +
-        			"so it was removed in May, 2012.");
-        }else if( vreq.getParameter("getSearchIndividualsByVClass") != null ){
-            new GetSearchIndividualsByVClass(vreq).process(resp);
-        }else if( vreq.getParameter("getVClassesForVClassGroup") != null ){
-            new GetVClassesForVClassGroup(vreq).process(resp);
-        } else if( vreq.getParameter("getSearchIndividualsByVClasses") != null ){
-        	log.debug("AJAX request to retrieve individuals by vclasses");
-        	new	GetSearchIndividualsByVClasses(vreq).process(resp);
-        } else if( vreq.getParameter("getDataForPage") != null ){
-            throw new IllegalArgumentException("The call invoked deprecated classes " +
-                    "and the parameter for this call appeared nowhere in the code base, " +
-                    "so it was removed in Aug 5th 2013.");
-        }else if( vreq.getParameter("getRenderedSearchIndividualsByVClass") != null ){
-            new GetRenderedSearchIndividualsByVClass(vreq).process(resp);
-        }else if( vreq.getParameter("getRandomSearchIndividualsByVClass") != null ){
-            new GetRandomSearchIndividualsByVClass(vreq).process(resp);
-        } else if( vreq.getParameter("getAllVClasses") != null ){
-            new GetAllVClasses(vreq).process(resp);
-        }
+    	try(QueryResultsMapCache personResourceCache = new QueryResultsMapCache()){
+	        if (vreq.getParameter("getEntitiesByVClass") != null) {
+	            if( vreq.getParameter("resultKey") == null) {
+	                new GetEntitiesByVClass(vreq).process(resp);
+	            } else {
+	            	new GetEntitiesByVClassContinuation(vreq).process(resp);
+	            }
+	        }else if( vreq.getParameter("getN3EditOptionList") != null ){
+	        	throw new IllegalArgumentException("The call invoked deprecated classes " +
+	        			"and the parameter for this call appeared nowhere in the code base, " +
+	        			"so it was removed in May, 2012.");
+	        }else if( vreq.getParameter("getSearchIndividualsByVClass") != null ){
+	            new GetSearchIndividualsByVClass(vreq).process(resp);
+	        }else if( vreq.getParameter("getVClassesForVClassGroup") != null ){
+	            new GetVClassesForVClassGroup(vreq).process(resp);
+	        } else if( vreq.getParameter("getSearchIndividualsByVClasses") != null ){
+	        	log.debug("AJAX request to retrieve individuals by vclasses");
+	        	new	GetSearchIndividualsByVClasses(vreq).process(resp);
+	        } else if( vreq.getParameter("getDataForPage") != null ){
+	            throw new IllegalArgumentException("The call invoked deprecated classes " +
+	                    "and the parameter for this call appeared nowhere in the code base, " +
+	                    "so it was removed in Aug 5th 2013.");
+	        }else if( vreq.getParameter("getRenderedSearchIndividualsByVClass") != null ){
+	        		new GetRenderedSearchIndividualsByVClass(vreq).process(resp);	
+	
+	        }else if( vreq.getParameter("getRandomSearchIndividualsByVClass") != null ){
+	            new GetRandomSearchIndividualsByVClass(vreq).process(resp);
+	        } else if( vreq.getParameter("getAllVClasses") != null ){
+	            new GetAllVClasses(vreq).process(resp);
+	        }
+    	}
 
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/PageDao.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/PageDao.java
index d1651ee618..2688d96004 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/PageDao.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/PageDao.java
@@ -31,5 +31,5 @@ public interface PageDao {
      * Does not get required actions for any data getters that are
      * related to the page.
      */
-    List<String> getRequiredActions(String pageUri);
+    String getRequiredActions(String pageUri);
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/PropertyDao.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/PropertyDao.java
index f4cd92b5f7..a4c9c8993f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/PropertyDao.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/PropertyDao.java
@@ -7,7 +7,6 @@
 
 import org.apache.jena.vocabulary.OWL;
 
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.RoleRestrictedProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.beans.VClass;
 
@@ -77,10 +76,6 @@ public FullPropertyKey(Property p) {
 			this(p.getDomainVClassURI(), p.getURI(), p.getRangeVClassURI());
 		}
 
-		public FullPropertyKey(RoleRestrictedProperty p) {
-			this(p.getDomainVClassURI(), p.getURI(), p.getRangeVClassURI());
-		}
-
 		public FullPropertyKey(String domainUri, String propertyUri,
 				String rangeUri) {
 			this.propertyUri = Objects.requireNonNull(propertyUri,
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/VitroVocabulary.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/VitroVocabulary.java
index a150b5b5ab..8ed597ed29 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/VitroVocabulary.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/VitroVocabulary.java
@@ -52,20 +52,8 @@ public class VitroVocabulary {
     public static final String EXTERNALID = vitroURI+"externalId";
     public static final String DATAPROPERTY_ISEXTERNALID = vitroURI+"isExternalId";
 
-    public static final String HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT = vitroURI+"hiddenFromDisplayBelowRoleLevelAnnot";
-    public static final String PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT = vitroURI+"prohibitedFromUpdateBelowRoleLevelAnnot";
-	public static final String HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT = vitroURI+"hiddenFromPublishBelowRoleLevelAnnot";
-
     public static final String MOST_SPECIFIC_TYPE = vitroURI + "mostSpecificType";
 
-    // roles
-    public static final String PUBLIC = "http://vitro.mannlib.cornell.edu/ns/vitro/role#public";
-    public static final String SELF = "http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor";
-    public static final String EDITOR = "http://vitro.mannlib.cornell.edu/ns/vitro/role#editor";
-    public static final String CURATOR = "http://vitro.mannlib.cornell.edu/ns/vitro/role#curator";
-    public static final String DB_ADMIN = "http://vitro.mannlib.cornell.edu/ns/vitro/role#dbAdmin";
-    public static final String NOBODY = "http://vitro.mannlib.cornell.edu/ns/vitro/role#nobody";
-
     public static final String SEARCH_BOOST_ANNOT = vitroURI + "searchBoostAnnot";
 
     public static final String DEPENDENT_RESORUCE = "http://vivoweb.org/ontology/core#DependentResource";
@@ -169,6 +157,8 @@ public class VitroVocabulary {
 
     public static final String PERMISSION = VITRO_AUTH + "Permission";
 
+    public static final String PERMISSION_FOR_ENTITY = VITRO_AUTH + "forEntity";
+
     // =============== model auditing vocabulary =============================
 
     public static final String STATEMENT_EVENT = vitroURI+"StatementEvent";
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/DataPropertyDaoFiltering.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/DataPropertyDaoFiltering.java
index 9028f3c933..e2198c0d30 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/DataPropertyDaoFiltering.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/DataPropertyDaoFiltering.java
@@ -2,7 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.dao.filtering;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_LITERAL;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_LITERAL;
 
 import java.util.ArrayList;
 import java.util.Collection;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/DataPropertyFiltering.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/DataPropertyFiltering.java
index 74163e45f8..2dc718e21c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/DataPropertyFiltering.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/DataPropertyFiltering.java
@@ -6,7 +6,6 @@
 import java.util.List;
 
 import net.sf.jga.algorithms.Filter;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.dao.filtering.filters.VitroFilters;
@@ -91,21 +90,6 @@ public String getGroupURI() {
         return innerDataProperty.getGroupURI();
     }
 
-    @Override
-    public RoleLevel getHiddenFromDisplayBelowRoleLevel() {
-        return innerDataProperty.getHiddenFromDisplayBelowRoleLevel();
-    }
-
-    @Override
-    public RoleLevel getProhibitedFromUpdateBelowRoleLevel() {
-        return innerDataProperty.getProhibitedFromUpdateBelowRoleLevel();
-    }
-
-    @Override
-    public RoleLevel getHiddenFromPublishBelowRoleLevel() {
-        return innerDataProperty.getHiddenFromPublishBelowRoleLevel();
-    }
-
     @Override
     public String getLocalName() {
         return innerDataProperty.getLocalName();
@@ -181,36 +165,6 @@ public void setGroupURI(String in) {
         innerDataProperty.setGroupURI(in);
     }
 
-    @Override
-    public void setHiddenFromDisplayBelowRoleLevel(RoleLevel eR) {
-        innerDataProperty.setHiddenFromDisplayBelowRoleLevel(eR);
-    }
-
-    @Override
-    public void setHiddenFromDisplayBelowRoleLevelUsingRoleUri(String roleUri) {
-        innerDataProperty.setHiddenFromDisplayBelowRoleLevel(BaseResourceBean.RoleLevel.getRoleByUri(roleUri));
-    }
-
-    @Override
-    public void setProhibitedFromUpdateBelowRoleLevel(RoleLevel eR) {
-        innerDataProperty.setProhibitedFromUpdateBelowRoleLevel(eR);
-    }
-
-    @Override
-    public void setProhibitedFromUpdateBelowRoleLevelUsingRoleUri(String roleUri) {
-        innerDataProperty.setProhibitedFromUpdateBelowRoleLevel(BaseResourceBean.RoleLevel.getRoleByUri(roleUri));
-    }
-
-    @Override
-    public void setHiddenFromPublishBelowRoleLevel(RoleLevel eR) {
-        innerDataProperty.setHiddenFromPublishBelowRoleLevel(eR);
-    }
-
-    @Override
-    public void setHiddenFromPublishBelowRoleLevelUsingRoleUri(String roleUri) {
-        innerDataProperty.setHiddenFromPublishBelowRoleLevel(BaseResourceBean.RoleLevel.getRoleByUri(roleUri));
-    }
-
     @Override
     public void setLocalName(String localName) {
         innerDataProperty.setLocalName(localName);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/IndividualFiltering.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/IndividualFiltering.java
index 474814878c..8048e67326 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/IndividualFiltering.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/IndividualFiltering.java
@@ -2,7 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.dao.filtering;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_LITERAL;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_LITERAL;
 
 import java.sql.Timestamp;
 import java.util.ArrayList;
@@ -19,15 +19,12 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatementImpl;
 import edu.cornell.mannlib.vitro.webapp.beans.VClass;
 import edu.cornell.mannlib.vitro.webapp.dao.filtering.filters.VitroFilters;
 
@@ -84,13 +81,14 @@ public List<DataProperty> getPopulatedDataPropertyList() {
 		// the DataProperty with statements. - jblake
         List<DataProperty> outdProps = new ArrayList<DataProperty>();
         List<DataProperty> dprops = _innerIndividual.getPopulatedDataPropertyList();
-        if( dprops == null )
-            return outdProps;
-		for (DataProperty dp: dprops) {
-			if (_filters.getDataPropertyStatementFilter().fn(
-					new DataPropertyStatementImpl(this._innerIndividual.getURI(), dp.getURI(), SOME_LITERAL))) {
-				outdProps.add(dp);
-			}
+		/*
+		 * if( dprops == null ) return outdProps; for (DataProperty dp: dprops) { if
+		 * (_filters.getDataPropertyStatementFilter().fn( new
+		 * DataPropertyStatementImpl(this._innerIndividual.getURI(), dp.getURI(),
+		 * SOME_LITERAL))) { outdProps.add(dp); } }
+		 */
+        if (dprops != null) {
+        	outdProps.addAll(dprops);
         }
         return outdProps;
     }
@@ -427,51 +425,6 @@ public JsonNode toJSON() {
         return _innerIndividual.toJSON();
     }
 
-    @Override
-    public RoleLevel getHiddenFromDisplayBelowRoleLevel() {
-        return _innerIndividual.getHiddenFromDisplayBelowRoleLevel();
-    }
-
-    @Override
-    public void setHiddenFromDisplayBelowRoleLevel(RoleLevel eR) {
-        _innerIndividual.setHiddenFromDisplayBelowRoleLevel(eR);
-    }
-
-    @Override
-    public void setHiddenFromDisplayBelowRoleLevelUsingRoleUri(String roleUri) {
-        _innerIndividual.setHiddenFromDisplayBelowRoleLevel(BaseResourceBean.RoleLevel.getRoleByUri(roleUri));
-    }
-
-    @Override
-    public RoleLevel getProhibitedFromUpdateBelowRoleLevel() {
-        return _innerIndividual.getProhibitedFromUpdateBelowRoleLevel();
-    }
-
-    @Override
-    public void setProhibitedFromUpdateBelowRoleLevel(RoleLevel eR) {
-        _innerIndividual.setProhibitedFromUpdateBelowRoleLevel(eR);
-    }
-
-    @Override
-    public void setProhibitedFromUpdateBelowRoleLevelUsingRoleUri(String roleUri) {
-        _innerIndividual.setProhibitedFromUpdateBelowRoleLevel(BaseResourceBean.RoleLevel.getRoleByUri(roleUri));
-    }
-
-    @Override
-    public RoleLevel getHiddenFromPublishBelowRoleLevel() {
-        return _innerIndividual.getHiddenFromPublishBelowRoleLevel();
-    }
-
-    @Override
-    public void setHiddenFromPublishBelowRoleLevel(RoleLevel eR) {
-        _innerIndividual.setHiddenFromPublishBelowRoleLevel(eR);
-    }
-
-    @Override
-    public void setHiddenFromPublishBelowRoleLevelUsingRoleUri(String roleUri) {
-        _innerIndividual.setHiddenFromPublishBelowRoleLevel(BaseResourceBean.RoleLevel.getRoleByUri(roleUri));
-    }
-
     @Override
     public boolean isAnonymous() {
         return _innerIndividual.isAnonymous();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/ObjectPropertyFiltering.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/ObjectPropertyFiltering.java
index 3f8f4c1cfd..02c74da18c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/ObjectPropertyFiltering.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/ObjectPropertyFiltering.java
@@ -130,21 +130,6 @@ public String getGroupURI() {
         return innerObjectProperty.getGroupURI();
     }
 
-    @Override
-    public RoleLevel getHiddenFromDisplayBelowRoleLevel() {
-        return innerObjectProperty.getHiddenFromDisplayBelowRoleLevel();
-    }
-
-    @Override
-    public RoleLevel getProhibitedFromUpdateBelowRoleLevel() {
-        return innerObjectProperty.getProhibitedFromUpdateBelowRoleLevel();
-    }
-
-    @Override
-    public RoleLevel getHiddenFromPublishBelowRoleLevel() {
-        return innerObjectProperty.getHiddenFromPublishBelowRoleLevel();
-    }
-
     @Override
     public boolean getInverseFunctional() {
         return innerObjectProperty.getInverseFunctional();
@@ -353,36 +338,6 @@ public void setGroupURI(String in) {
         innerObjectProperty.setGroupURI(in);
     }
 
-    @Override
-    public void setHiddenFromDisplayBelowRoleLevel(RoleLevel eR) {
-        innerObjectProperty.setHiddenFromDisplayBelowRoleLevel(eR);
-    }
-
-    @Override
-    public void setHiddenFromDisplayBelowRoleLevelUsingRoleUri(String roleUri) {
-        innerObjectProperty.setHiddenFromDisplayBelowRoleLevel(BaseResourceBean.RoleLevel.getRoleByUri(roleUri));
-    }
-
-    @Override
-    public void setProhibitedFromUpdateBelowRoleLevel(RoleLevel eR) {
-        innerObjectProperty.setProhibitedFromUpdateBelowRoleLevel(eR);
-    }
-
-    @Override
-    public void setProhibitedFromUpdateBelowRoleLevelUsingRoleUri(String roleUri) {
-        innerObjectProperty.setProhibitedFromUpdateBelowRoleLevel(BaseResourceBean.RoleLevel.getRoleByUri(roleUri));
-    }
-
-    @Override
-    public void setHiddenFromPublishBelowRoleLevel(RoleLevel eR) {
-        innerObjectProperty.setHiddenFromPublishBelowRoleLevel(eR);
-    }
-
-    @Override
-    public void setHiddenFromPublishBelowRoleLevelUsingRoleUri(String roleUri) {
-        innerObjectProperty.setHiddenFromPublishBelowRoleLevel(BaseResourceBean.RoleLevel.getRoleByUri(roleUri));
-    }
-
     @Override
     public void setInverseFunctional(boolean inverseFunctional) {
         innerObjectProperty.setInverseFunctional(inverseFunctional);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/FilterByDisplayPermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/FilterByDisplayPermission.java
new file mode 100644
index 0000000000..8593883be8
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/FilterByDisplayPermission.java
@@ -0,0 +1,100 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.dao.filtering.filters;
+
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
+import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
+import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
+import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
+import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
+import net.sf.jga.fn.UnaryFunctor;
+
+/**
+ * Filter the properties depending on what DisplayByRolePermission is on the
+ * request. If no request, or no permission, use the Public permission.
+ */
+public class FilterByDisplayPermission extends VitroFiltersImpl {
+	private static final Log log = LogFactory.getLog(FilterByDisplayPermission.class);
+	IdentifierBundle accessSubject = ActiveIdentifierBundleFactories.getUserIdentifierBundle(null);
+
+	public FilterByDisplayPermission() {
+	    setDataPropertyFilter(new DataPropertyFilterByPolicy());
+	    setObjectPropertyFilter(new ObjectPropertyFilterByPolicy());
+	    setDataPropertyStatementFilter(new DataPropertyStatementFilterByPolicy());
+	    setObjectPropertyStatementFilter(new ObjectPropertyStatementFilterByPolicy());
+	}
+
+	boolean checkAuthorization(AccessObject accessObject) {
+		boolean decision = PolicyHelper.isAuthorizedForActions(accessSubject, accessObject, AccessOperation.DISPLAY);
+		log.debug("decision is " + decision);
+		return decision;
+	}
+
+	/**
+	 * Private Classes
+	 */
+
+	private class DataPropertyFilterByPolicy extends UnaryFunctor<DataProperty, Boolean> {
+		@Override
+		public Boolean fn(DataProperty dp) {
+			return checkAuthorization(new DataPropertyAccessObject(dp));
+		}
+	}
+
+	private class ObjectPropertyFilterByPolicy extends UnaryFunctor<ObjectProperty, Boolean> {
+		@Override
+		public Boolean fn(ObjectProperty op) {
+			return checkAuthorization(new ObjectPropertyAccessObject(op));
+		}
+	}
+
+	private class DataPropertyStatementFilterByPolicy extends UnaryFunctor<DataPropertyStatement, Boolean> {
+		@Override
+		public Boolean fn(DataPropertyStatement dps) {
+		    //TODO: Model should be here to correctly check authorization
+			return checkAuthorization(new DataPropertyStatementAccessObject(null, dps));
+		}
+	}
+
+	private class ObjectPropertyStatementFilterByPolicy extends UnaryFunctor<ObjectPropertyStatement, Boolean> {
+		@Override
+		public Boolean fn(ObjectPropertyStatement ops) {
+			String subjectUri = ops.getSubjectURI();
+			ObjectProperty predicate = getOrCreateProperty(ops);
+			String objectUri = ops.getObjectURI();
+			return checkAuthorization(new ObjectPropertyStatementAccessObject(null, subjectUri, predicate, objectUri));
+		}
+
+		/**
+		 * It would be nice if every ObjectPropertyStatement held a real
+		 * ObjectProperty. If it doesn't, we do the next best thing, but it
+		 * won't recognize any applicable Faux properties.
+		 */
+		private ObjectProperty getOrCreateProperty(ObjectPropertyStatement ops) {
+			if (ops.getProperty() != null) {
+				return ops.getProperty();
+			}
+			if (ops.getPropertyURI() ==  null) {
+				return null;
+			}
+			ObjectProperty op = new ObjectProperty();
+			op.setURI(ops.getPropertyURI());
+			op.setDomainVClassURI(SOME_URI);
+			op.setRangeVClassURI(SOME_URI);
+			return op;
+		}
+	}
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/FilterByRoleLevelPermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/FilterByRoleLevelPermission.java
deleted file mode 100644
index 81234beb28..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/FilterByRoleLevelPermission.java
+++ /dev/null
@@ -1,149 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.dao.filtering.filters;
-
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_URI;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-
-import net.sf.jga.fn.UnaryFunctor;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.RequestIdentifiers;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasPermission;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.DisplayByRolePermission;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.Permission;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionRegistry;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayDataProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
-import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
-
-/**
- * Filter the properties depending on what DisplayByRolePermission is on the
- * request. If no request, or no permission, use the Public permission.
- */
-public class FilterByRoleLevelPermission extends VitroFiltersImpl {
-	private static final Log log = LogFactory
-			.getLog(FilterByRoleLevelPermission.class);
-
-	private final Permission permission;
-
-	private static Permission getDefaultPermission(ServletContext ctx) {
-		if (ctx == null) {
-			throw new NullPointerException("context may not be null.");
-		}
-
-		return PermissionRegistry.getRegistry(ctx).getPermission(
-				DisplayByRolePermission.NAMESPACE + "Public");
-	}
-
-	private static Permission getPermissionFromRequest(HttpServletRequest req) {
-		if (req == null) {
-			throw new NullPointerException("request may not be null.");
-		}
-
-		IdentifierBundle ids = RequestIdentifiers.getIdBundleForRequest(req);
-		for (Permission p : HasPermission.getPermissions(ids)) {
-			if (p instanceof DisplayByRolePermission) {
-				return p;
-			}
-		}
-		return getDefaultPermission(req.getSession().getServletContext());
-	}
-
-	/** Get the DisplayByRolePermission from the request, or use Public. */
-	public FilterByRoleLevelPermission(HttpServletRequest req) {
-		this(getPermissionFromRequest(req));
-	}
-
-	/** Use the Public permission. */
-	public FilterByRoleLevelPermission(ServletContext ctx) {
-		this(getDefaultPermission(ctx));
-	}
-
-	/** Use the specified permission. */
-	public FilterByRoleLevelPermission(Permission permission) {
-		if (permission == null) {
-			throw new NullPointerException("permission may not be null.");
-		}
-
-		this.permission = permission;
-
-		setDataPropertyFilter(new DataPropertyFilterByPolicy());
-		setObjectPropertyFilter(new ObjectPropertyFilterByPolicy());
-		setDataPropertyStatementFilter(new DataPropertyStatementFilterByPolicy());
-		setObjectPropertyStatementFilter(new ObjectPropertyStatementFilterByPolicy());
-	}
-
-	boolean checkAuthorization(RequestedAction whatToAuth) {
-		boolean decision = permission.isAuthorized(whatToAuth);
-		log.debug("decision is " + decision);
-		return decision;
-	}
-
-	private class DataPropertyFilterByPolicy extends
-			UnaryFunctor<DataProperty, Boolean> {
-		@Override
-		public Boolean fn(DataProperty dp) {
-			return checkAuthorization(new DisplayDataProperty(dp));
-		}
-	}
-
-	private class ObjectPropertyFilterByPolicy extends
-			UnaryFunctor<ObjectProperty, Boolean> {
-		@Override
-		public Boolean fn(ObjectProperty op) {
-			return checkAuthorization(new DisplayObjectProperty(op));
-		}
-	}
-
-	private class DataPropertyStatementFilterByPolicy extends
-			UnaryFunctor<DataPropertyStatement, Boolean> {
-		@Override
-		public Boolean fn(DataPropertyStatement dps) {
-			return checkAuthorization(new DisplayDataPropertyStatement(dps));
-		}
-	}
-
-	private class ObjectPropertyStatementFilterByPolicy extends
-			UnaryFunctor<ObjectPropertyStatement, Boolean> {
-		@Override
-		public Boolean fn(ObjectPropertyStatement ops) {
-			String subjectUri = ops.getSubjectURI();
-			ObjectProperty predicate = getOrCreateProperty(ops);
-			String objectUri = ops.getObjectURI();
-			return checkAuthorization(new DisplayObjectPropertyStatement(
-					subjectUri, predicate, objectUri));
-		}
-
-		/**
-		 * It would be nice if every ObjectPropertyStatement held a real
-		 * ObjectProperty. If it doesn't, we do the next best thing, but it
-		 * won't recognize any applicable Faux properties.
-		 */
-		private ObjectProperty getOrCreateProperty(ObjectPropertyStatement ops) {
-			if (ops.getProperty() != null) {
-				return ops.getProperty();
-			}
-			if (ops.getPropertyURI() ==  null) {
-				return null;
-			}
-			ObjectProperty op = new ObjectProperty();
-			op.setURI(ops.getPropertyURI());
-			op.setDomainVClassURI(SOME_URI);
-			op.setRangeVClassURI(SOME_URI);
-			return op;
-		}
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/HideFromDisplayByPolicyFilter.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/HideFromDisplayByPolicyFilter.java
index ce12702fda..449919a48e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/HideFromDisplayByPolicyFilter.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/HideFromDisplayByPolicyFilter.java
@@ -2,21 +2,21 @@
 
 package edu.cornell.mannlib.vitro.webapp.dao.filtering.filters;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_URI;
 import net.sf.jga.fn.UnaryFunctor;
 
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayDataProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectPropertyStatement;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
@@ -30,19 +30,12 @@ public class HideFromDisplayByPolicyFilter extends VitroFiltersImpl {
 			.getLog(HideFromDisplayByPolicyFilter.class);
 
 	private final IdentifierBundle idBundle;
-	private final PolicyIface policy;
 
-	public HideFromDisplayByPolicyFilter(IdentifierBundle idBundle,
-			PolicyIface policy) {
+	public HideFromDisplayByPolicyFilter(IdentifierBundle idBundle) {
 		if (idBundle == null) {
 			throw new NullPointerException("idBundle may not be null.");
 		}
-		if (policy == null) {
-			throw new NullPointerException("policy may not be null.");
-		}
-
 		this.idBundle = idBundle;
-		this.policy = policy;
 
 		setDataPropertyFilter(new DataPropertyFilterByPolicy());
 		setObjectPropertyFilter(new ObjectPropertyFilterByPolicy());
@@ -50,23 +43,15 @@ public HideFromDisplayByPolicyFilter(IdentifierBundle idBundle,
 		setObjectPropertyStatementFilter(new ObjectPropertyStatementFilterByPolicy());
 	}
 
-	boolean checkAuthorization(RequestedAction whatToAuth) {
-		PolicyDecision decision = policy.isAuthorized(idBundle, whatToAuth);
-		log.debug("decision is " + decision);
-
-		if (decision != null) {
-			if (decision.getAuthorized() == Authorization.AUTHORIZED) {
-				return true;
-			}
-		}
-		return false;
+	boolean checkAuthorization(AccessObject whatToAuth) {
+	    return PolicyHelper.isAuthorizedForActions(idBundle, whatToAuth, AccessOperation.DISPLAY);
 	}
 
 	private class DataPropertyFilterByPolicy extends
 			UnaryFunctor<DataProperty, Boolean> {
 		@Override
 		public Boolean fn(DataProperty dp) {
-			return checkAuthorization(new DisplayDataProperty(dp));
+			return checkAuthorization(new DataPropertyAccessObject(dp));
 		}
 	}
 
@@ -74,7 +59,7 @@ private class ObjectPropertyFilterByPolicy extends
 			UnaryFunctor<ObjectProperty, Boolean> {
 		@Override
 		public Boolean fn(ObjectProperty op) {
-			return checkAuthorization(new DisplayObjectProperty(op));
+			return checkAuthorization(new ObjectPropertyAccessObject(op));
 		}
 	}
 
@@ -82,7 +67,8 @@ private class DataPropertyStatementFilterByPolicy extends
 			UnaryFunctor<DataPropertyStatement, Boolean> {
 		@Override
 		public Boolean fn(DataPropertyStatement dps) {
-			return checkAuthorization(new DisplayDataPropertyStatement(dps));
+	        //TODO: Model should be here to correctly check authorization
+			return checkAuthorization(new DataPropertyStatementAccessObject(null, dps));
 		}
 	}
 
@@ -93,8 +79,8 @@ public Boolean fn(ObjectPropertyStatement ops) {
 			String subjectUri = ops.getSubjectURI();
 			ObjectProperty predicate = getOrCreateProperty(ops);
 			String objectUri = ops.getObjectURI();
-			return checkAuthorization(new DisplayObjectPropertyStatement(
-					subjectUri, predicate, objectUri));
+			return checkAuthorization(new ObjectPropertyStatementAccessObject(
+					null, subjectUri, predicate, objectUri));
 		}
 
 		/**
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/VitroFilterUtils.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/VitroFilterUtils.java
index cd5b0d1096..169a7e09b4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/VitroFilterUtils.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/VitroFilterUtils.java
@@ -3,7 +3,6 @@
 package edu.cornell.mannlib.vitro.webapp.dao.filtering.filters;
 
 import java.text.Collator;
-import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;
 
@@ -23,7 +22,7 @@ public class VitroFilterUtils {
 	 * public view.
 	 */
 	public static VitroFilters getPublicFilter(ServletContext ctx) {
-		return new FilterByRoleLevelPermission(ctx);
+		return new FilterByDisplayPermission();
 	}
 
     /** Gets a VitroFilters that permits all objects */
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/DataPropertyDaoJena.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/DataPropertyDaoJena.java
index 5c836281db..aeab5fb9ca 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/DataPropertyDaoJena.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/DataPropertyDaoJena.java
@@ -201,63 +201,6 @@ private DataProperty datapropFromOntProperty(OntProperty op) {
             dp.setDisplayTier((getWebappDaoFactory()).getJenaBaseDao().getPropertyNonNegativeIntValue(op, DISPLAY_RANK_ANNOT));
             dp.setDisplayLimit((getWebappDaoFactory()).getJenaBaseDao().getPropertyNonNegativeIntValue(op, DISPLAY_LIMIT));
 
-            //There might be multiple HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT properties, only use the highest
-            StmtIterator it = op.listProperties(HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT);
-            BaseResourceBean.RoleLevel hiddenRoleLevel = null;
-            while( it.hasNext() ){
-                Statement stmt = it.nextStatement();
-                RDFNode obj;
-                if( stmt != null && (obj = stmt.getObject()) != null && obj.isURIResource() ){
-                    Resource res = obj.as(Resource.class);
-                    if( res != null && res.getURI() != null ){
-                        BaseResourceBean.RoleLevel roleFromModel =  BaseResourceBean.RoleLevel.getRoleByUri(res.getURI());
-                        if( roleFromModel != null &&
-                            (hiddenRoleLevel == null || roleFromModel.compareTo(hiddenRoleLevel) > 0 )){
-                            hiddenRoleLevel = roleFromModel;
-                        }
-                    }
-                }
-            }
-            dp.setHiddenFromDisplayBelowRoleLevel(hiddenRoleLevel);//this might get set to null
-
-            //There might be multiple PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT properties, only use the highest
-            it = op.listProperties(PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT);
-            BaseResourceBean.RoleLevel prohibitedRoleLevel = null;
-            while( it.hasNext() ){
-                Statement stmt = it.nextStatement();
-                RDFNode obj;
-                if( stmt != null && (obj = stmt.getObject()) != null && obj.isURIResource() ){
-                    Resource res = obj.as(Resource.class);
-                    if( res != null && res.getURI() != null ){
-                        BaseResourceBean.RoleLevel roleFromModel =  BaseResourceBean.RoleLevel.getRoleByUri(res.getURI());
-                        if( roleFromModel != null &&
-                            (prohibitedRoleLevel == null || roleFromModel.compareTo(prohibitedRoleLevel) > 0 )){
-                            prohibitedRoleLevel = roleFromModel;
-                        }
-                    }
-                }
-            }
-            dp.setProhibitedFromUpdateBelowRoleLevel(prohibitedRoleLevel);//this might get set to null
-
-            //There might be multiple HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT properties, only use the highest
-            it = op.listProperties(HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT);
-            BaseResourceBean.RoleLevel publishRoleLevel = null;
-            while( it.hasNext() ){
-                Statement stmt = it.nextStatement();
-                RDFNode obj;
-                if( stmt != null && (obj = stmt.getObject()) != null && obj.isURIResource() ){
-                    Resource res = obj.as(Resource.class);
-                    if( res != null && res.getURI() != null ){
-                        BaseResourceBean.RoleLevel roleFromModel =  BaseResourceBean.RoleLevel.getRoleByUri(res.getURI());
-                        if( roleFromModel != null &&
-                            (publishRoleLevel == null || roleFromModel.compareTo(publishRoleLevel) > 0 )){
-                            publishRoleLevel = roleFromModel;
-                        }
-                    }
-                }
-            }
-            dp.setHiddenFromPublishBelowRoleLevel(publishRoleLevel);//this might get set to null
-
             dp.setCustomEntryForm(getPropertyStringValue(op,PROPERTY_CUSTOMENTRYFORMANNOT));
 
             dp.setExternalId( getOntModelSelector().getTBoxModel().contains(op, DATAPROPERTY_ISEXTERNALID, "TRUE") );
@@ -522,26 +465,6 @@ public String insertDataProperty(DataProperty dtp, OntModel ontModel) throws Ins
             addPropertyStringValue(jDataprop, EDITING, dtp.getEditing(), ontModel);
             addPropertyNonNegativeIntValue(jDataprop, DISPLAY_RANK_ANNOT, dtp.getDisplayTier(), ontModel);
             addPropertyNonNegativeIntValue(jDataprop, DISPLAY_LIMIT, dtp.getDisplayLimit(), ontModel);
-            //addPropertyStringValue(jDataprop, HIDDEN_ANNOT, dtp.getHidden(), ontModel);
-            jDataprop.removeAll(HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT);
-            if (HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT != null && dtp.getHiddenFromDisplayBelowRoleLevel() != null) { // only need to add if present
-                jDataprop.addProperty(HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT, ResourceFactory.createResource(dtp.getHiddenFromDisplayBelowRoleLevel().getURI()));
-            }
-            jDataprop.removeAll(PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT);
-            if (PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT != null && dtp.getProhibitedFromUpdateBelowRoleLevel() != null) { // only need to add if present
-                jDataprop.addProperty(PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT, ResourceFactory.createResource(dtp.getProhibitedFromUpdateBelowRoleLevel().getURI()));
-            }
-            jDataprop.removeAll(HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT);
-            if (HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT != null && dtp.getHiddenFromPublishBelowRoleLevel() != null) { // only need to add if present
-            	jDataprop.addProperty(HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT, ResourceFactory.createResource(dtp.getHiddenFromPublishBelowRoleLevel().getURI()));
-            }
-            /*
-            if (dtp.isSelfEditProhibited()) { // only add the property if it's true
-                addPropertyBooleanValue(jDataprop, PROPERTY_SELFEDITPROHIBITEDANNOT, dtp.isSelfEditProhibited(), ontModel);
-            }
-            if (dtp.isCuratorEditProhibited()) { // only add the property if it's true
-                addPropertyBooleanValue(jDataprop, PROPERTY_CURATOREDITPROHIBITEDANNOT, dtp.isCuratorEditProhibited(), ontModel);
-            } */
             try {
             	if (dtp.getGroupURI() != null && dtp.getGroupURI().length()>0) {
                 	String badURIErrorStr = checkURI(dtp.getGroupURI());
@@ -594,18 +517,6 @@ public void updateDataProperty(DataProperty dtp, OntModel ontModel) {
             updatePropertyNonNegativeIntValue(jDataprop, DISPLAY_RANK_ANNOT, dtp.getDisplayTier(), ontModel);
             updatePropertyNonNegativeIntValue(jDataprop, DISPLAY_LIMIT, dtp.getDisplayLimit(), ontModel);
 
-            if (dtp.getHiddenFromDisplayBelowRoleLevel() != null) {
-              updatePropertyResourceURIValue(jDataprop,HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT,dtp.getHiddenFromDisplayBelowRoleLevel().getURI(),ontModel);
-            }
-
-            if (dtp.getProhibitedFromUpdateBelowRoleLevel() != null) {
-                updatePropertyResourceURIValue(jDataprop,PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT,dtp.getProhibitedFromUpdateBelowRoleLevel().getURI(),ontModel);
-            }
-
-            if (dtp.getHiddenFromPublishBelowRoleLevel() != null) {
-            	updatePropertyResourceURIValue(jDataprop,HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT,dtp.getHiddenFromPublishBelowRoleLevel().getURI(),ontModel);
-            }
-
             if (dtp.getGroupURI() != null) {
                 updatePropertyResourceURIValue(jDataprop,PROPERTY_INPROPERTYGROUPANNOT,dtp.getGroupURI(),ontModel);
             }
@@ -709,7 +620,6 @@ public List<DataProperty> getRootDataProperties() {
         //"   ?property a owl:DatatypeProperty . \n" +
         "   FILTER ( \n" +
         "       isLiteral(?object) && \n" +
-        "       ( !regex(str(?property), \"^" + VitroVocabulary.PUBLIC + "\" )) && \n" +
         "       ( !regex(str(?property), \"^" + VitroVocabulary.OWL + "\" )) && \n" +
         // NIHVIVO-2790 vitro:moniker has been deprecated, but display existing values for editorial management (deletion is encouraged).
         // This property will be hidden from public display by default.
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/FauxPropertyDaoJena.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/FauxPropertyDaoJena.java
index da21bc32df..1300eddaa6 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/FauxPropertyDaoJena.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/FauxPropertyDaoJena.java
@@ -250,17 +250,6 @@ public void insertFauxProperty(FauxProperty fp) {
 					fp.getCustomEntryForm(), displayModel);
 			addPropertyStringValue(config, LIST_VIEW_FILE,
 					fp.getCustomListView(), displayModel);
-
-			updatePropertyResourceURIValue(config,
-					HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT, fp
-							.getHiddenFromDisplayBelowRoleLevel().getURI());
-			updatePropertyResourceURIValue(config,
-					HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT, fp
-							.getHiddenFromPublishBelowRoleLevel().getURI());
-			updatePropertyResourceURIValue(config,
-					PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT, fp
-							.getProhibitedFromUpdateBelowRoleLevel().getURI());
-
 		} catch (InsertException e) {
 			throw new RuntimeException(e);
 		}
@@ -350,16 +339,6 @@ public void updateFauxProperty(FauxProperty fp) {
 					fp.getCustomEntryForm(), displayModel);
 			updatePropertyStringValue(config, LIST_VIEW_FILE,
 					fp.getCustomListView(), displayModel);
-
-			updatePropertyResourceURIValue(config,
-					HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT, fp
-							.getHiddenFromDisplayBelowRoleLevel().getURI());
-			updatePropertyResourceURIValue(config,
-					HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT, fp
-							.getHiddenFromPublishBelowRoleLevel().getURI());
-			updatePropertyResourceURIValue(config,
-					PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT, fp
-							.getProhibitedFromUpdateBelowRoleLevel().getURI());
 		}
 	}
 
@@ -458,13 +437,6 @@ private void populateFieldsFromDisplayModel(FauxProperty fp) {
 								PROPERTY_OFFERCREATENEWOPTIONANNOT)));
 				fp.setCustomEntryForm(getPropertyStringValue(config,
 						PROPERTY_CUSTOMENTRYFORMANNOT));
-
-				fp.setHiddenFromDisplayBelowRoleLevel(getMostRestrictiveRoleLevel(
-						config, HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT));
-				fp.setHiddenFromPublishBelowRoleLevel(getMostRestrictiveRoleLevel(
-						config, HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT));
-				fp.setProhibitedFromUpdateBelowRoleLevel(getMostRestrictiveRoleLevel(
-						config, PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT));
 			}
 		}
 	}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/JenaBaseDao.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/JenaBaseDao.java
index 6ba1b1134b..b57d513e32 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/JenaBaseDao.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/JenaBaseDao.java
@@ -47,7 +47,6 @@
 import org.apache.jena.vocabulary.RDF;
 import org.apache.jena.vocabulary.RDFS;
 
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 
 public class JenaBaseDao extends JenaBaseDaoCon {
@@ -576,20 +575,6 @@ protected Collection<String> getPropertyResourceURIValues(Resource res, ObjectPr
     	return list;
     }
 
-	protected RoleLevel getMostRestrictiveRoleLevel(Resource res, Property prop) {
-		RoleLevel level = RoleLevel.getRoleByUri(null);
-		for (Statement stmt : res.listProperties(prop).toList()) {
-			if (stmt.getObject().isURIResource()) {
-				RoleLevel roleFromModel = RoleLevel.getRoleByUri(stmt
-						.getObject().as(Resource.class).getURI());
-				if (roleFromModel.compareTo(level) > 0) {
-					level = roleFromModel;
-				}
-			}
-		}
-		return level;
-	}
-
     /**
      * convenience method for use with functional object properties
      */
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/JenaBaseDaoCon.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/JenaBaseDaoCon.java
index 71fd6447ae..7830a01140 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/JenaBaseDaoCon.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/JenaBaseDaoCon.java
@@ -41,10 +41,6 @@ public JenaBaseDaoCon() {
 
     protected AnnotationProperty DATAPROPERTY_ISEXTERNALID = _constModel.createAnnotationProperty(VitroVocabulary.DATAPROPERTY_ISEXTERNALID);
 
-    protected AnnotationProperty HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT = _constModel.createAnnotationProperty(VitroVocabulary.HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT);
-    protected AnnotationProperty PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT = _constModel.createAnnotationProperty(VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT);
-    protected AnnotationProperty HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT = _constModel.createAnnotationProperty(VitroVocabulary.HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT);
-
     protected AnnotationProperty SEARCH_BOOST_ANNOT = _constModel.createAnnotationProperty(VitroVocabulary.SEARCH_BOOST_ANNOT);
 
     protected AnnotationProperty EXAMPLE = _constModel.createAnnotationProperty(VitroVocabulary.EXAMPLE_ANNOT);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/JenaModelUtils.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/JenaModelUtils.java
index 1ffb21ae80..67fb0f52db 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/JenaModelUtils.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/JenaModelUtils.java
@@ -219,12 +219,6 @@ public OntModel extractTBox( Dataset dataset, String namespace, String graphURI,
                                                                   VitroVocabulary.IN_CLASSGROUP)));
             tboxModel.add(construct(dataset, namespace, graphURI, ResourceFactory.createResource(
                                                                   VitroVocabulary.PROPERTY_INPROPERTYGROUPANNOT)));
-            tboxModel.add(construct(dataset, namespace, graphURI, ResourceFactory.createResource(
-                                                                  VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT)));
-            tboxModel.add(construct(dataset, namespace, graphURI, ResourceFactory.createResource(
-                                                                  VitroVocabulary.HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT)));
-            tboxModel.add(construct(dataset, namespace, graphURI, ResourceFactory.createResource(
-            		                                              VitroVocabulary.HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT)));
             tboxModel.add(construct(dataset, namespace, graphURI, ResourceFactory.createResource(
                                                                   VitroVocabulary.DESCRIPTION_ANNOT)));
             tboxModel.add(construct(dataset, namespace, graphURI, ResourceFactory.createResource(
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/ObjectPropertyDaoJena.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/ObjectPropertyDaoJena.java
index 9ae00d59e5..ebeff43657 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/ObjectPropertyDaoJena.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/ObjectPropertyDaoJena.java
@@ -43,7 +43,6 @@
 import org.apache.jena.vocabulary.RDF;
 import org.apache.jena.vocabulary.RDFS;
 
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.RoleRestrictedProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
@@ -164,63 +163,6 @@ protected ObjectProperty propertyFromOntProperty(OntProperty op) {
             p.setDomainEntitySortDirection(getPropertyStringValue(op,PROPERTY_ENTITYSORTDIRECTION));
             p.setRangeEntitySortDirection(getPropertyStringValue(invOp,PROPERTY_ENTITYSORTDIRECTION));
 
-            //There might be multiple HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT properties, only use the highest
-            StmtIterator it = op.listProperties(HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT);
-            BaseResourceBean.RoleLevel hiddenRoleLevel = null;
-            while( it.hasNext() ){
-                Statement stmt = it.nextStatement();
-                RDFNode obj;
-                if( stmt != null && (obj = stmt.getObject()) != null && obj.isURIResource() ){
-                    Resource res = obj.as(Resource.class);
-                    if( res != null && res.getURI() != null ){
-                        BaseResourceBean.RoleLevel roleFromModel =  BaseResourceBean.RoleLevel.getRoleByUri(res.getURI());
-                        if( roleFromModel != null &&
-                            (hiddenRoleLevel == null || roleFromModel.compareTo(hiddenRoleLevel) > 0 )){
-                            hiddenRoleLevel = roleFromModel;
-                        }
-                    }
-                }
-            }
-            p.setHiddenFromDisplayBelowRoleLevel(hiddenRoleLevel); //this might get set to null
-
-            //There might be multiple PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT properties, only use the highest
-            it = op.listProperties(PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT);
-            BaseResourceBean.RoleLevel prohibitedRoleLevel = null;
-            while( it.hasNext() ){
-                Statement stmt = it.nextStatement();
-                RDFNode obj;
-                if( stmt != null && (obj = stmt.getObject()) != null && obj.isURIResource() ){
-                    Resource res = obj.as(Resource.class);
-                    if( res != null && res.getURI() != null ){
-                        BaseResourceBean.RoleLevel roleFromModel =  BaseResourceBean.RoleLevel.getRoleByUri(res.getURI());
-                        if( roleFromModel != null &&
-                            (prohibitedRoleLevel == null || roleFromModel.compareTo(prohibitedRoleLevel) > 0 )){
-                            prohibitedRoleLevel = roleFromModel;
-                        }
-                    }
-                }
-            }
-            p.setProhibitedFromUpdateBelowRoleLevel(prohibitedRoleLevel); //this might get set to null
-
-            //There might be multiple HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT properties, only use the highest
-            it = op.listProperties(HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT);
-            BaseResourceBean.RoleLevel publishRoleLevel = null;
-            while( it.hasNext() ){
-                Statement stmt = it.nextStatement();
-                RDFNode obj;
-                if( stmt != null && (obj = stmt.getObject()) != null && obj.isURIResource() ){
-                    Resource res = obj.as(Resource.class);
-                    if( res != null && res.getURI() != null ){
-                        BaseResourceBean.RoleLevel roleFromModel =  BaseResourceBean.RoleLevel.getRoleByUri(res.getURI());
-                        if( roleFromModel != null &&
-                            (publishRoleLevel == null || roleFromModel.compareTo(publishRoleLevel) > 0 )){
-                            publishRoleLevel = roleFromModel;
-                        }
-                    }
-                }
-            }
-            p.setHiddenFromPublishBelowRoleLevel(publishRoleLevel); //this might get set to null
-
             p.setCustomEntryForm(getPropertyStringValue(op,PROPERTY_CUSTOMENTRYFORMANNOT));
             Boolean selectFromObj = getPropertyBooleanValue(op,PROPERTY_SELECTFROMEXISTINGANNOT);
             p.setSelectFromExisting(selectFromObj==null ? true : selectFromObj);
@@ -333,8 +275,8 @@ public ObjectProperty getObjectPropertyByURIs(String propertyURI,
         String propQuery = "PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> \n" +
                 "PREFIX config: <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#> \n" +
                 "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n" +
-                "SELECT ?range ?rangeRoot ?label ?group ?customForm ?displayRank ?displayLevel " +
-                "    ?updateLevel ?publishLevel ?editLinkSuppressed ?addLinkSuppressed ?deleteLinkSuppressed \n" +
+                "SELECT ?range ?rangeRoot ?label ?group ?customForm ?displayRank " +
+                "    ?editLinkSuppressed ?addLinkSuppressed ?deleteLinkSuppressed \n" +
                 "    ?collateBySubclass ?displayLimit ?individualSortProperty \n" +
                 "    ?entitySortDirection ?selectFromExisting ?offerCreateNew \n" +
                 "    ?publicDescription ?stubDeletion \n" +
@@ -358,9 +300,6 @@ public ObjectProperty getObjectPropertyByURIs(String propertyURI,
                 "    OPTIONAL { ?configuration config:deleteLinkSuppressed ?deleteLinkSuppressed } \n" +
                 "    OPTIONAL { ?configuration vitro:displayRankAnnot ?displayRank } \n" +
                 "    OPTIONAL { ?configuration vitro:customEntryFormAnnot ?customForm } \n" +
-                "    OPTIONAL { ?configuration vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayLevel } \n" +
-                "    OPTIONAL { ?configuration vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateLevel } \n" +
-                "    OPTIONAL { ?configuration vitro:hiddenFromPublishBelowRoleLevelAnnot ?publishLevel } \n" +
                 "    OPTIONAL { ?configuration <" + PROPERTY_COLLATEBYSUBCLASSANNOT.getURI() + "> ?collateBySubclass } \n" +
                 "    OPTIONAL { ?configuration <" + DISPLAY_LIMIT.getURI() + "> ?displayLimit } \n" +
                 "    OPTIONAL { ?configuration <" + PROPERTY_OBJECTINDIVIDUALSORTPROPERTY.getURI() + "> ?individualSortProperty } \n " +
@@ -400,24 +339,6 @@ public ObjectProperty getObjectPropertyByURIs(String propertyURI,
                     op.setDomainDisplayLimit(
                             Integer.parseInt(displayLimitLit.getLexicalForm()));
                 }
-                Resource displayLevelRes = qsoln.getResource("displayLevel");
-                if (displayLevelRes != null) {
-                    op.setHiddenFromDisplayBelowRoleLevel(
-                            BaseResourceBean.RoleLevel.getRoleByUri(
-                                    displayLevelRes.getURI()));
-                }
-                Resource updateLevelRes = qsoln.getResource("updateLevel");
-                if (updateLevelRes != null) {
-                    op.setProhibitedFromUpdateBelowRoleLevel(
-                            BaseResourceBean.RoleLevel.getRoleByUri(
-                                    updateLevelRes.getURI()));
-                }
-                Resource publishLevelRes = qsoln.getResource("publishLevel");
-                if (publishLevelRes != null) {
-                    op.setHiddenFromPublishBelowRoleLevel(
-                            BaseResourceBean.RoleLevel.getRoleByUri(
-                                    publishLevelRes.getURI()));
-                }
                 Literal labelLit = qsoln.getLiteral("label");
                 if (labelLit != null) {
                     op.setDomainPublic(labelLit.getLexicalForm());
@@ -753,18 +674,6 @@ private void doUpdate(ObjectProperty prop, OntProperty p, OntProperty inv, OntMo
         	}
         }
 
-        if (prop.getHiddenFromDisplayBelowRoleLevel() != null) {
-        	updatePropertyResourceURIValue(p, HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT, prop.getHiddenFromDisplayBelowRoleLevel().getURI());
-        }
-
-        if (prop.getProhibitedFromUpdateBelowRoleLevel() != null) {
-        	updatePropertyResourceURIValue(p, PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT, prop.getProhibitedFromUpdateBelowRoleLevel().getURI());
-        }
-
-        if (prop.getHiddenFromPublishBelowRoleLevel() != null) {
-        	updatePropertyResourceURIValue(p, HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT, prop.getHiddenFromPublishBelowRoleLevel().getURI());
-        }
-
         updatePropertyStringValue(p,PROPERTY_CUSTOMENTRYFORMANNOT,prop.getCustomEntryForm(),ontModel);
         updatePropertyBooleanValue(p,PROPERTY_SELECTFROMEXISTINGANNOT,prop.getSelectFromExisting(),ontModel,JenaBaseDao.KEEP_ONLY_IF_FALSE);
         updatePropertyBooleanValue(p,PROPERTY_OFFERCREATENEWOPTIONANNOT,prop.getOfferCreateNewOption(),ontModel,JenaBaseDao.KEEP_ONLY_IF_TRUE);
@@ -1133,7 +1042,7 @@ public String getCustomListViewConfigFileName(ObjectProperty op) {
             }
             qexec.close();
         }
-        FullPropertyKey key = new FullPropertyKey((RoleRestrictedProperty)op);
+        FullPropertyKey key = new FullPropertyKey(op);
 		String customListViewConfigFileName = customListViewConfigFileMap.get(key);
         if (customListViewConfigFileName == null) {
             log.debug("no list view found for " + key);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/PageDaoJena.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/PageDaoJena.java
index 8585b5c9d8..702956f79f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/PageDaoJena.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/PageDaoJena.java
@@ -530,7 +530,7 @@ public List<String> getDataGetterClass(String pageUri) {
     /**
      * Gets the requiredActions directly associated with page.
      */
-    public List<String> getRequiredActions(String pageUri){
+    public String getRequiredActions(String pageUri){
         QuerySolutionMap initialBindings = new QuerySolutionMap();
         initialBindings.add("pageUri", ResourceFactory.createResource(pageUri));
         List<String> actions = new ArrayList<String>();
@@ -545,7 +545,11 @@ public List<String> getRequiredActions(String pageUri){
         }finally{
             dModel.leaveCriticalSection();
         }
-        return actions;
+        if (actions.isEmpty()) {
+            return "";
+        } else {
+            return actions.get(0);
+        }
     }
 
     /* *************************** Utility methods ********************************* */
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassDaoJena.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassDaoJena.java
index 20b207d019..89406a4a40 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassDaoJena.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassDaoJena.java
@@ -966,33 +966,6 @@ public int insertNewVClass(VClass cls, OntModel ontModel) throws InsertException
             addPropertyIntValue(ontCls,DISPLAY_LIMIT,cls.getDisplayLimit(),ontModel);
             addPropertyIntValue(ontCls,DISPLAY_RANK_ANNOT,cls.getDisplayRank(),ontModel);
 
-            ontCls.removeAll(HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT);
-            if (HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT != null && cls.getHiddenFromDisplayBelowRoleLevel() != null) { // only need to add if present
-                try {
-                    ontCls.addProperty(HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT, ResourceFactory.createResource(cls.getHiddenFromDisplayBelowRoleLevel().getURI()));
-                } catch (Exception e) {
-                    log.error("error adding HiddenFromDisplayBelowRoleLevel annotation to class "+cls.getURI());
-                }
-            }
-
-            ontCls.removeAll(PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT);
-            if (PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT != null && cls.getProhibitedFromUpdateBelowRoleLevel() != null) { // only need to add if present
-                try {
-                    ontCls.addProperty(PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT, ResourceFactory.createResource(cls.getProhibitedFromUpdateBelowRoleLevel().getURI()));
-                } catch (Exception e) {
-                    log.error("error adding ProhibitedFromUpdateBelowRoleLevel annotation to class "+cls.getURI());
-                }
-            }
-
-            ontCls.removeAll(HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT);
-            if (HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT != null && cls.getHiddenFromPublishBelowRoleLevel() != null) { // only need to add if present
-                try {
-                    ontCls.addProperty(HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT, ResourceFactory.createResource(cls.getHiddenFromPublishBelowRoleLevel().getURI()));
-                } catch (Exception e) {
-                    log.error("error adding HiddenFromPublishBelowRoleLevel annotation to class "+cls.getURI());
-                }
-            }
-
             /* OPTIONAL annotation properties */
             addPropertyStringValue(ontCls,PROPERTY_CUSTOMENTRYFORMANNOT,cls.getCustomEntryForm(),ontModel);
             addPropertyStringValue(ontCls,PROPERTY_CUSTOMDISPLAYVIEWANNOT,cls.getCustomDisplayView(),ontModel);
@@ -1026,18 +999,6 @@ public void updateVClass(VClass cls, OntModel ontModel) {
                 updatePropertyNonNegativeIntValue(ontCls,DISPLAY_RANK_ANNOT,cls.getDisplayRank(),ontModel);
                 updatePropertyFloatValue(ontCls, SEARCH_BOOST_ANNOT, cls.getSearchBoost(), ontModel);
 
-                if (cls.getHiddenFromDisplayBelowRoleLevel() != null) {
-                    updatePropertyResourceURIValue(ontCls,HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT,cls.getHiddenFromDisplayBelowRoleLevel().getURI(),ontModel);
-                }
-
-                if (cls.getProhibitedFromUpdateBelowRoleLevel() != null) {
-                    updatePropertyResourceURIValue(ontCls,PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT,cls.getProhibitedFromUpdateBelowRoleLevel().getURI(),ontModel);
-                }
-
-                if (cls.getHiddenFromPublishBelowRoleLevel() != null) {
-                    updatePropertyResourceURIValue(ontCls,HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT,cls.getHiddenFromPublishBelowRoleLevel().getURI(),ontModel);
-                }
-
                 updatePropertyStringValue(ontCls,PROPERTY_CUSTOMENTRYFORMANNOT,cls.getCustomEntryForm(),ontModel);
                 updatePropertyStringValue(ontCls,PROPERTY_CUSTOMDISPLAYVIEWANNOT,cls.getCustomDisplayView(),ontModel);
                 updatePropertyStringValue(ontCls,PROPERTY_CUSTOMSHORTVIEWANNOT,cls.getCustomShortView(),ontModel);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassJena.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassJena.java
index 7c1c5351a2..3ccaa47968 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassJena.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassJena.java
@@ -11,13 +11,9 @@
 
 import org.apache.jena.ontology.OntClass;
 import org.apache.jena.ontology.UnionClass;
-import org.apache.jena.rdf.model.RDFNode;
 import org.apache.jena.rdf.model.Resource;
-import org.apache.jena.rdf.model.Statement;
-import org.apache.jena.rdf.model.StmtIterator;
 import org.apache.jena.shared.Lock;
 
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
 import edu.cornell.mannlib.vitro.webapp.beans.VClass;
 import edu.cornell.mannlib.vitro.webapp.dao.VClassDao;
 import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
@@ -297,112 +293,8 @@ public Float getSearchBoost() {
             } finally {
                 cls.getOntModel().leaveCriticalSection();
             }
-        }
-    }
-
-    @Override
-    public RoleLevel getHiddenFromDisplayBelowRoleLevel() {
-
-        if (this.hiddenFromDisplayBelowRoleLevel != null) {
-            return this.hiddenFromDisplayBelowRoleLevel;
-        } else {
-            cls.getOntModel().enterCriticalSection(Lock.READ);
-            try {
-                //There might be multiple HIDDEN_FROM_EDIT_DISPLAY_ANNOT properties, only use the highest
-                StmtIterator it = cls.listProperties(webappDaoFactory.getJenaBaseDao().HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT);
-                BaseResourceBean.RoleLevel hiddenRoleLevel = null;
-
-                while( it.hasNext() ){
-                    Statement stmt = it.nextStatement();
-                    RDFNode obj;
-                    if( stmt != null && (obj = stmt.getObject()) != null && obj.isURIResource() ){
-                        Resource res = obj.as(Resource.class);
-                        if( res != null && res.getURI() != null ){
-                            BaseResourceBean.RoleLevel roleFromModel = BaseResourceBean.RoleLevel.getRoleByUri(res.getURI());
-                            if( roleFromModel != null &&
-                                (hiddenRoleLevel == null || roleFromModel.compareTo(hiddenRoleLevel) > 0 )){
-                                hiddenRoleLevel = roleFromModel;
-                            }
-                        }
-                    }
-                }
-
-                setHiddenFromDisplayBelowRoleLevel(hiddenRoleLevel); //this might get set to null
-            	return this.hiddenFromDisplayBelowRoleLevel;
-            } finally {
-                cls.getOntModel().leaveCriticalSection();
-            }
-        }
-    }
-
-    @Override
-    public RoleLevel getProhibitedFromUpdateBelowRoleLevel() {
-
-        if (this.prohibitedFromUpdateBelowRoleLevel != null) {
-            return this.prohibitedFromUpdateBelowRoleLevel;
-        } else {
-            cls.getOntModel().enterCriticalSection(Lock.READ);
-            try {
-                //There might be multiple PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT properties, only use the highest
-            	StmtIterator it = cls.listProperties(webappDaoFactory.getJenaBaseDao().PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT);
-                BaseResourceBean.RoleLevel prohibitedRoleLevel = null;
-                while( it.hasNext() ){
-                    Statement stmt = it.nextStatement();
-                    RDFNode obj;
-                    if( stmt != null && (obj = stmt.getObject()) != null && obj.isURIResource() ){
-                        Resource res = obj.as(Resource.class);
-                        if( res != null && res.getURI() != null ){
-                            BaseResourceBean.RoleLevel roleFromModel = BaseResourceBean.RoleLevel.getRoleByUri(res.getURI());
-                            if( roleFromModel != null &&
-                                (prohibitedRoleLevel == null || roleFromModel.compareTo(prohibitedRoleLevel) > 0 )){
-                                prohibitedRoleLevel = roleFromModel;
-                            }
-                        }
-                    }
-                }
-
-                setProhibitedFromUpdateBelowRoleLevel(prohibitedRoleLevel); //this might get set to null
-            	return this.prohibitedFromUpdateBelowRoleLevel;
-            } finally {
-                cls.getOntModel().leaveCriticalSection();
-            }
-        }
-    }
-
-    @Override
-    public RoleLevel getHiddenFromPublishBelowRoleLevel() {
-
-        if (this.hiddenFromPublishBelowRoleLevel != null) {
-            return this.hiddenFromPublishBelowRoleLevel;
-        } else {
-            cls.getOntModel().enterCriticalSection(Lock.READ);
-            try {
-                //There might be multiple HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT properties, only use the highest
-                StmtIterator it = cls.listProperties(webappDaoFactory.getJenaBaseDao().HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT);
-                BaseResourceBean.RoleLevel publishRoleLevel = null;
-
-                while( it.hasNext() ){
-                    Statement stmt = it.nextStatement();
-                    RDFNode obj;
-                    if( stmt != null && (obj = stmt.getObject()) != null && obj.isURIResource() ){
-                        Resource res = obj.as(Resource.class);
-                        if( res != null && res.getURI() != null ){
-                            BaseResourceBean.RoleLevel roleFromModel = BaseResourceBean.RoleLevel.getRoleByUri(res.getURI());
-                            if( roleFromModel != null &&
-                                (publishRoleLevel == null || roleFromModel.compareTo(publishRoleLevel) > 0 )){
-                                publishRoleLevel = roleFromModel;
-                            }
-                        }
-                    }
-                }
-
-                setHiddenFromPublishBelowRoleLevel(publishRoleLevel); //this might get set to null
-            	return this.hiddenFromPublishBelowRoleLevel;
-            } finally {
-                cls.getOntModel().leaveCriticalSection();
-            }
-        }
-    }
+        }		 	    
+    } 
 
     @Override
     public boolean isUnion() {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/generators/ManageLabelsForIndividualGenerator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/generators/ManageLabelsForIndividualGenerator.java
index 3e03abcf76..54978536a3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/generators/ManageLabelsForIndividualGenerator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/generators/ManageLabelsForIndividualGenerator.java
@@ -1,9 +1,9 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 package edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.generators;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_LITERAL;
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_PREDICATE;
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_URI;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_LITERAL;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_PREDICATE;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
 
 import java.io.FileNotFoundException;
 import java.util.ArrayList;
@@ -28,9 +28,12 @@
 import org.apache.jena.rdf.model.Literal;
 import org.apache.jena.vocabulary.RDFS;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthHelper;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.beans.VClass;
@@ -287,13 +290,13 @@ public int compare(HashMap<String, String> h1, HashMap<String, String> h2) {
 
 	private Object isEditable(VitroRequest vreq, EditConfigurationVTwo config) {
 		Individual individual = EditConfigurationUtils.getIndividual(vreq, config.getSubjectUri());
-		AddDataPropertyStatement adps = new AddDataPropertyStatement(
+		DataPropertyStatementAccessObject adps = new DataPropertyStatementAccessObject(
 				vreq.getJenaOntModel(), individual.getURI(),
 				SOME_URI, SOME_LITERAL);
-		AddObjectPropertyStatement aops = new AddObjectPropertyStatement(
+		ObjectPropertyStatementAccessObject aops = new ObjectPropertyStatementAccessObject(
 				vreq.getJenaOntModel(), individual.getURI(),
 				SOME_PREDICATE, SOME_URI);
-    	return PolicyHelper.isAuthorizedForActions(vreq, adps.or(aops));
+    	return PolicyHelper.isAuthorizedForActions(vreq, AuthHelper.logicOr(new SimpleAuthorizationRequest(aops, AccessOperation.ADD), new SimpleAuthorizationRequest(aops, AccessOperation.ADD)));
 	}
 
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
index 4b22cf6aae..5575a3ce08 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
@@ -17,16 +17,17 @@
 import org.apache.jena.ontology.OntModel;
 import org.apache.jena.vocabulary.RDFS;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
+import edu.cornell.mannlib.vitro.webapp.beans.FauxProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@@ -82,24 +83,33 @@ protected AuthorizationRequest requiredActions(VitroRequest vreq) {
 		String objectUri = EditConfigurationUtils.getObjectUri(vreq);
 		String domainUri = EditConfigurationUtils.getDomainUri(vreq);
 		String rangeUri = EditConfigurationUtils.getRangeUri(vreq);
+		String fauxContextUri = getFauxConfigUri(vreq);
+		if(!StringUtils.isBlank(fauxContextUri)) {
+			predicateUri = fauxContextUri;
+		}
 		Property predicateProp = new Property();
 		predicateProp.setURI(predicateUri);
 		predicateProp.setDomainVClassURI(domainUri);
 		predicateProp.setRangeVClassURI(rangeUri);
 		OntModel ontModel = ModelAccess.on(vreq).getOntModel();
-		AbstractObjectPropertyStatementAction objectPropertyAction;
+		ObjectPropertyStatementAccessObject objectPropertyAction;
+		AccessOperation ao;
 		if (StringUtils.isBlank(objectUri)) {
-			objectPropertyAction = new AddObjectPropertyStatement(ontModel, subjectUri, predicateProp, RequestedAction.SOME_URI);
+			objectPropertyAction = new ObjectPropertyStatementAccessObject(ontModel, subjectUri, predicateProp, AccessObject.SOME_URI);
+			ao = AccessOperation.ADD;
 		} else {
+            objectPropertyAction = new ObjectPropertyStatementAccessObject(ontModel, subjectUri, predicateProp, objectUri);
 			if (isDeleteForm(vreq)) {
-				objectPropertyAction = new DropObjectPropertyStatement(ontModel, subjectUri, predicateProp, objectUri);
+				ao = AccessOperation.DROP;
 			} else {
-				objectPropertyAction = new EditObjectPropertyStatement(ontModel, subjectUri, predicateProp, objectUri);
+				ao = AccessOperation.EDIT;
 			}
 		}
-		boolean isAuthorized = PolicyHelper.isAuthorizedForActions(vreq, 
-				new EditDataPropertyStatement(ontModel, subjectUri, predicateUri, objectUri).
-				or(objectPropertyAction));
+		final DataPropertyStatementAccessObject editDataPropertyStatement = new DataPropertyStatementAccessObject(ontModel, subjectUri, predicateUri, objectUri);
+        boolean isAuthorized = PolicyHelper.isAuthorizedForActions(vreq, 
+		        AuthHelper.logicOr(
+		                new SimpleAuthorizationRequest(editDataPropertyStatement, AccessOperation.EDIT), 
+		                new SimpleAuthorizationRequest(objectPropertyAction, ao)));
 		if (!isAuthorized) {
 			// If request is for new individual, return simple do back end editing action permission
 			if (StringUtils.isNotEmpty(EditConfigurationUtils.getTypeOfNew(vreq))) {
@@ -110,8 +120,20 @@ protected AuthorizationRequest requiredActions(VitroRequest vreq) {
 		}
 		return isAuthorized? SimplePermission.DO_FRONT_END_EDITING.ACTION: AuthorizationRequest.UNAUTHORIZED;
 	}
-
-	private boolean isIndividualDeletion(VitroRequest vreq) {
+	
+    public static String getFauxConfigUri(VitroRequest vreq) {
+    	String fauxContextUri = vreq.getParameter("fauxContextUri");
+    	if (fauxContextUri != null) {
+        	WebappDaoFactory wdf = vreq.getWebappDaoFactory();
+        	FauxProperty fp = wdf.getFauxPropertyDao().getFauxPropertyFromContextUri(fauxContextUri);
+        	if (fp != null) {
+        		return fp.getConfigUri();	
+        	}
+    	} 
+    	return "";
+    }
+    
+    	private boolean isIndividualDeletion(VitroRequest vreq) {
 		String subjectUri = EditConfigurationUtils.getSubjectUri(vreq);
 		String predicateUri = EditConfigurationUtils.getPredicateUri(vreq);
 		String objectUri = EditConfigurationUtils.getObjectUri(vreq);
@@ -130,7 +152,6 @@ protected ResponseValues processRequest(VitroRequest vreq) {
         if(isMenuMode(vreq)) {
         	return redirectToMenuEdit(vreq);
         }
-
         //check some error conditions and if they exist return response values
          //with error message
          if(isErrorCondition(vreq)){
@@ -262,7 +283,7 @@ private void setSessionRequestFromEntity(VitroRequest vreq) {
 	private String processEditConfGeneratorName(VitroRequest vreq) {
 	    String editConfGeneratorName = null;
 
-	    String predicateUri =  getPredicateUri(vreq);
+	    String predicateUri = EditConfigurationUtils.getPredicateUri(vreq);
 	    String domainUri = EditConfigurationUtils.getDomainUri(vreq);
 	    String rangeUri = EditConfigurationUtils.getRangeUri(vreq);
 
@@ -387,7 +408,6 @@ private boolean isErrorCondition(VitroRequest vreq) {
 
             }
         }
-
     	//Check predicate - if not vitro label and neither data prop nor object prop return error
     	WebappDaoFactory wdf = vreq.getWebappDaoFactory();
     	//TODO: Check if any error conditions are not met here
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
new file mode 100644
index 0000000000..c18a7f820f
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -0,0 +1,269 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.migration.auth;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ContextModelAccess;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFServiceException;
+import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.ontology.OntModel;
+import org.apache.jena.ontology.OntModelSpec;
+import org.apache.jena.rdf.model.*;
+import org.apache.jena.shared.Lock;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+import java.util.HashMap;
+import java.util.Map;
+
+public class AuthMigrator implements ServletContextListener {
+    private static final Log log = LogFactory.getLog(AuthMigrator.class);
+
+    /**
+     * Old ROLE defintions that were used by the hidden / prohibited assertions
+     */
+    private static final String ROLE_PUBLIC = "http://vitro.mannlib.cornell.edu/ns/vitro/role#public";
+    private static final String ROLE_SELF = "http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor";
+    private static final String ROLE_EDITOR = "http://vitro.mannlib.cornell.edu/ns/vitro/role#editor";
+    private static final String ROLE_CURATOR = "http://vitro.mannlib.cornell.edu/ns/vitro/role#curator";
+    private static final String ROLE_DB_ADMIN = "http://vitro.mannlib.cornell.edu/ns/vitro/role#dbAdmin";
+    private static final String ROLE_NOBODY = "http://vitro.mannlib.cornell.edu/ns/vitro/role#nobody";
+
+    @Override
+    public void contextInitialized(ServletContextEvent sce) {
+        long begin = System.currentTimeMillis();
+
+        ServletContext ctx = sce.getServletContext();
+        StartupStatus ss = StartupStatus.getBean(ctx);
+        ContextModelAccess models = ModelAccess.getInstance();
+
+        // Get assertions from content store
+        Model roleAuthContentModel = constructRoleAuthContentModel(models);
+
+        // Get assertions from configuration store
+        Model roleAuthDisplayModel = constructRoleAuthDisplayModel(models);
+
+        if ((roleAuthContentModel != null && !roleAuthContentModel.isEmpty()) ||
+                (roleAuthDisplayModel != null && !roleAuthDisplayModel.isEmpty()) ) {
+            Map<String, Map<String, String>> actionToRoleAndPropertySetMap = new HashMap<>();
+
+            Map<String, String> displayRoleToPropertySetMap = new HashMap<>();
+            Map<String, String> updateRoleToPropertySetMap = new HashMap<>();
+            Map<String, String> publishRoleToPropertySetMap = new HashMap<>();
+
+            // Map the roles to equivalent display permissions
+            displayRoleToPropertySetMap.put(ROLE_PUBLIC,   AuthMigrator.getClassUri(AccessOperation.DISPLAY) + "#PUBLIC");
+            displayRoleToPropertySetMap.put(ROLE_SELF,     AuthMigrator.getClassUri(AccessOperation.DISPLAY) + "#SELF_EDITOR");
+            displayRoleToPropertySetMap.put(ROLE_EDITOR,   AuthMigrator.getClassUri(AccessOperation.DISPLAY) + "#EDITOR");
+            displayRoleToPropertySetMap.put(ROLE_CURATOR,  AuthMigrator.getClassUri(AccessOperation.DISPLAY) + "#CURATOR");
+            displayRoleToPropertySetMap.put(ROLE_DB_ADMIN, AuthMigrator.getClassUri(AccessOperation.DISPLAY) + "#ADMIN");
+
+            // Map the roles to equivalent update permissions
+            updateRoleToPropertySetMap.put(ROLE_PUBLIC,   AuthMigrator.getClassUri(AccessOperation.UPDATE) + "#PUBLIC");
+            updateRoleToPropertySetMap.put(ROLE_SELF,     AuthMigrator.getClassUri(AccessOperation.UPDATE) + "#SELF_EDITOR");
+            updateRoleToPropertySetMap.put(ROLE_EDITOR,   AuthMigrator.getClassUri(AccessOperation.UPDATE) + "#EDITOR");
+            updateRoleToPropertySetMap.put(ROLE_CURATOR,  AuthMigrator.getClassUri(AccessOperation.UPDATE) + "#CURATOR");
+            updateRoleToPropertySetMap.put(ROLE_DB_ADMIN, AuthMigrator.getClassUri(AccessOperation.UPDATE) + "#ADMIN");
+
+            // Map the roles to equivalent publish permissions
+            publishRoleToPropertySetMap.put(ROLE_PUBLIC,   AuthMigrator.getClassUri(AccessOperation.PUBLISH) + "#PUBLIC");
+            publishRoleToPropertySetMap.put(ROLE_SELF,     AuthMigrator.getClassUri(AccessOperation.PUBLISH) + "#SELF_EDITOR");
+            publishRoleToPropertySetMap.put(ROLE_EDITOR,   AuthMigrator.getClassUri(AccessOperation.PUBLISH) + "#EDITOR");
+            publishRoleToPropertySetMap.put(ROLE_CURATOR,  AuthMigrator.getClassUri(AccessOperation.PUBLISH) + "#CURATOR");
+            publishRoleToPropertySetMap.put(ROLE_DB_ADMIN, AuthMigrator.getClassUri(AccessOperation.PUBLISH) + "#ADMIN");
+
+            // Create a map between the permission and the appropriate sets
+            actionToRoleAndPropertySetMap.put("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#hiddenFromDisplayBelowRoleLevelAnnot",    displayRoleToPropertySetMap);
+            actionToRoleAndPropertySetMap.put("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#prohibitedFromUpdateBelowRoleLevelAnnot", updateRoleToPropertySetMap);
+            actionToRoleAndPropertySetMap.put("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#hiddenFromPublishBelowRoleLevelAnnot",    publishRoleToPropertySetMap);
+
+            // Convert the assertions retrieved from the content and display models to the assertions in the new permission sets
+            OntModel permissionsModel = convertRoleAuthsToPermissions(roleAuthContentModel, roleAuthDisplayModel, actionToRoleAndPropertySetMap);
+
+            // Store the new permissions in the user accounts model
+            OntModel accountsModel = models.getOntModel(ModelNames.USER_ACCOUNTS);
+            accountsModel.add(permissionsModel);
+
+            // Get assertions from content store
+            removeRoleAuthContentModel(models, roleAuthContentModel);
+
+            // Get assertions from configuration store
+            removeRoleAuthDisplayModel(models, roleAuthDisplayModel);
+        }
+
+        ss.info(this, secondsSince(begin) + " seconds to migrate auth models");
+    }
+
+    @Override
+    public void contextDestroyed(ServletContextEvent sce) {
+        // Nothing to tear down.
+    }
+
+    private long secondsSince(long startTime) {
+        return (System.currentTimeMillis() - startTime) / 1000;
+    }
+
+    private Model constructRoleAuthContentModel(ContextModelAccess models) {
+        RDFService rdfService = models.getRDFService();
+        Model constructedModel = ModelFactory.createDefaultModel();
+
+        String construct = "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n" +
+                "CONSTRUCT \n" +
+                "{\n" +
+                "   ?displaySubj vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayObj . \n" +
+                "   ?updateSubj vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateObj . \n" +
+                "   ?publishSubj vitro:hiddenFromPublishBelowRoleLevelAnnot ?publishObj . \n" +
+                "} WHERE { \n" +
+                "   { \n" +
+                "       ?displaySubj vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayObj . \n" +
+                "   } UNION { \n" +
+                "       ?updateSubj vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateObj . \n" +
+                "   } UNION { \n" +
+                "       ?publishSubj vitro:hiddenFromPublishBelowRoleLevelAnnot ?publishObj . \n" +
+                "   }\n" +
+                "}\n";
+
+        try {
+            rdfService.sparqlConstructQuery(construct, constructedModel);
+        } catch (RDFServiceException e) {
+            return null;
+        }
+
+        return constructedModel;
+    }
+
+    private Model constructRoleAuthDisplayModel(ContextModelAccess models) {
+        OntModel displayModel = models.getOntModel(ModelNames.DISPLAY);
+
+        Model constructedModel = ModelFactory.createDefaultModel();
+
+        displayModel.enterCriticalSection(Lock.READ);
+        try {
+            constructedModel.add(displayModel.listStatements(null, displayModel.getProperty("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#hiddenFromDisplayBelowRoleLevelAnnot"), (RDFNode) null));
+            constructedModel.add(displayModel.listStatements(null, displayModel.getProperty("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#prohibitedFromUpdateBelowRoleLevelAnnot"), (RDFNode) null));
+            constructedModel.add(displayModel.listStatements(null, displayModel.getProperty("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#hiddenFromPublishBelowRoleLevelAnnot"), (RDFNode) null));
+        } finally {
+            displayModel.leaveCriticalSection();
+        }
+
+        return constructedModel;
+    }
+
+    private void removeRoleAuthContentModel(ContextModelAccess models, Model roleAuthContentModel) {
+        OntModel tboxModel = models.getOntModelSelector().getTBoxModel();
+        tboxModel.enterCriticalSection(Lock.WRITE);
+
+        try {
+            tboxModel.remove(roleAuthContentModel);
+        } finally {
+            tboxModel.leaveCriticalSection();
+        }
+    }
+
+    private void removeRoleAuthDisplayModel(ContextModelAccess models, Model roleAuthDisplayModel) {
+        OntModel displayModel = models.getOntModel(ModelNames.DISPLAY);
+
+        displayModel.enterCriticalSection(Lock.WRITE);
+        try {
+            displayModel.remove(roleAuthDisplayModel);
+        } finally {
+            displayModel.leaveCriticalSection();
+        }
+    }
+
+    private OntModel convertRoleAuthsToPermissions(Model roleAuthContentModel, Model roleAuthDisplayModel, Map<String, Map<String, String>> actionToRoleAndPropertySetMap) {
+        OntModel permissionsModel = ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM);
+
+        if (roleAuthContentModel != null && !roleAuthContentModel.isEmpty()) {
+            convertModel(permissionsModel, roleAuthContentModel, actionToRoleAndPropertySetMap);
+        }
+
+        if (roleAuthDisplayModel != null && !roleAuthDisplayModel.isEmpty()) {
+            convertModel(permissionsModel, roleAuthDisplayModel, actionToRoleAndPropertySetMap);
+        }
+
+        return permissionsModel;
+    }
+
+    private void convertModel(OntModel permissionsModel, Model roleAuthModel, Map<String, Map<String, String>> actionToRoleAndPropertySetMap) {
+        StmtIterator iterator = roleAuthModel.listStatements();
+
+        while (iterator.hasNext()) {
+            Statement stmt = iterator.next();
+
+            Map<String, String> roleToPropertySetUriMap = null;
+
+            Property property = stmt.getPredicate();
+            roleToPropertySetUriMap = actionToRoleAndPropertySetMap.get(property.getURI());
+            if (roleToPropertySetUriMap != null) {
+                Resource subject = stmt.getSubject();
+
+                if (subject != null && subject.isURIResource()) {
+                    RDFNode objectNode = stmt.getObject();
+                    if (objectNode.isResource()) {
+                        String role = ((Resource) objectNode).getURI();
+                        switch (role) {
+                            case ROLE_PUBLIC:
+                                addPermissionToModel(permissionsModel, roleToPropertySetUriMap, ROLE_PUBLIC, subject.getURI());
+
+                                // Fall through to grant additional rights
+
+                            case ROLE_SELF:
+                                addPermissionToModel(permissionsModel, roleToPropertySetUriMap, ROLE_SELF, subject.getURI());
+
+                                // Fall through to grant additional rights
+
+                            case ROLE_EDITOR:
+                                addPermissionToModel(permissionsModel, roleToPropertySetUriMap, ROLE_EDITOR, subject.getURI());
+
+                                // Fall through to grant additional rights
+
+                            case ROLE_CURATOR:
+                                addPermissionToModel(permissionsModel, roleToPropertySetUriMap, ROLE_CURATOR, subject.getURI());
+
+                                // Fall through to grant additional rights
+
+                            case ROLE_DB_ADMIN:
+                                addPermissionToModel(permissionsModel, roleToPropertySetUriMap, ROLE_DB_ADMIN, subject.getURI());
+
+                                // Fall through to grant additional rights
+
+                            case ROLE_NOBODY:
+                                break;
+
+                            default:
+                                log.warn("Unknown role <" + property.getURI() + ">");
+                                break;
+                        }
+                    } else {
+                        log.warn("Object node is not a resource");
+                    }
+                } else {
+                    log.warn("Can't process this resource");
+                }
+            }
+        }
+    }
+
+    private void addPermissionToModel(OntModel permissionsModel, Map<String, String> roleToPropertySetUriMap, String roleUri, String resourceUri) {
+        if (roleToPropertySetUriMap.containsKey(roleUri)) {
+            permissionsModel.add(
+                    permissionsModel.createResource(roleToPropertySetUriMap.get(roleUri)),
+                    permissionsModel.createProperty(VitroVocabulary.PERMISSION_FOR_ENTITY),
+                    permissionsModel.createResource(resourceUri)
+            );
+        }
+    }
+
+    public static String getClassUri(AccessOperation action) {
+        final String actionStr = action.toString();
+        return "java:edu.cornell.mannlib.vitro.webapp.auth.permissions.Entity" + actionStr.substring(0,1).toUpperCase() + actionStr.substring(1).toLowerCase() + "Permission";
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelAccess.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelAccess.java
index def4d22a6c..38cc387fcc 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelAccess.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelAccess.java
@@ -165,15 +165,9 @@ public static boolean isPresent(HttpServletRequest req) {
 		return (req.getAttribute(ATTRIBUTE_NAME) instanceof RequestModelAccess);
 	}
 
+	@Deprecated
 	public static ContextModelAccess on(ServletContext ctx) {
-		Object o = ctx.getAttribute(ATTRIBUTE_NAME);
-		if (o instanceof ContextModelAccess) {
-			return (ContextModelAccess) o;
-		} else {
-			ContextModelAccess access = factory.buildContextModelAccess(ctx);
-			ctx.setAttribute(ATTRIBUTE_NAME, access);
-			return access;
-		}
+	    return getInstance();
 	}
 
 	// ----------------------------------------------------------------------
@@ -181,9 +175,14 @@ public static ContextModelAccess on(ServletContext ctx) {
 	// ----------------------------------------------------------------------
 
 	public static class ModelAccessFactory {
-		public ContextModelAccess buildContextModelAccess(ServletContext ctx) {
-			return new ContextModelAccessImpl(ctx, combinedTripleSource);
-		}
+	    @Deprecated
+        public ContextModelAccess buildContextModelAccess(ServletContext ctx) {
+            return getInstance();
+        }
+	    @Deprecated
+        public ContextModelAccess buildContextModelAccess() {
+            return getInstance();
+        }
 
 		/**
 		 * Note that the RequestModelAccess must be closed when the request
@@ -194,4 +193,17 @@ public RequestModelAccess buildRequestModelAccess(HttpServletRequest req) {
 					combinedTripleSource.getShortTermCombinedTripleSource(req));
 		}
 	}
+	
+    private static ContextModelAccess INSTANCE;
+
+    public static ContextModelAccess getInstance() {
+        if (INSTANCE == null) {
+            INSTANCE = new ContextModelAccessImpl(combinedTripleSource);
+        }
+        return INSTANCE;
+    }
+
+    public static void setInstance(ContextModelAccess cma) {
+        INSTANCE = cma;
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/impl/ContextModelAccessImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/impl/ContextModelAccessImpl.java
index 2e39935614..b74638a0b3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/impl/ContextModelAccessImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/impl/ContextModelAccessImpl.java
@@ -24,8 +24,6 @@
 import java.util.EnumMap;
 import java.util.Map;
 
-import javax.servlet.ServletContext;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -85,9 +83,8 @@ public class ContextModelAccessImpl implements ContextModelAccess {
 	 * because we may not know the names of all of the models that will be
 	 * requested.
 	 */
-	public ContextModelAccessImpl(ServletContext ctx,
-			CombinedTripleSource factory) {
-		this.props = ConfigurationProperties.getBean(ctx);
+	public ContextModelAccessImpl(CombinedTripleSource factory) {
+		this.props = ConfigurationProperties.getInstance();
 		this.factory = factory;
 
 		this.ontModelCache = factory.getOntModelCache();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/impl/RequestModelAccessImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/impl/RequestModelAccessImpl.java
index 63d70691cc..64e1e49fe8 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/impl/RequestModelAccessImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/impl/RequestModelAccessImpl.java
@@ -23,7 +23,7 @@
 import org.apache.jena.query.Dataset;
 
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.RequestIdentifiers;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyStore;
 import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
@@ -340,8 +340,7 @@ private WebappDaoFactory createWebappDaoFactory(WebappDaoFactoryKey key) {
 
 	private WebappDaoFactory addPolicyAwareness(WebappDaoFactory unaware) {
 		HideFromDisplayByPolicyFilter filter = new HideFromDisplayByPolicyFilter(
-				RequestIdentifiers.getIdBundleForRequest(req),
-				ServletPolicyList.getPolicies(ctx));
+				RequestIdentifiers.getIdBundleForRequest(req));
 		return new WebappDaoFactoryFiltering(unaware, filter);
 	}
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java
index 086f4530d6..8ac3515887 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java
@@ -19,7 +19,6 @@
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
@@ -82,7 +81,7 @@ private static boolean hasParameter(HttpServletRequest req, String key) {
 	private static final String PAGE_TEMPLATE_NAME = "searchIndex.ftl";
 	private static final String STATUS_TEMPLATE_NAME = "searchIndexStatus.ftl";
 
-	public static final RequestedAction REQUIRED_ACTIONS = SimplePermission.MANAGE_SEARCH_INDEX.ACTION;
+	public static final AuthorizationRequest REQUIRED_ACTIONS = SimplePermission.MANAGE_SEARCH_INDEX.ACTION;
 
 	private SearchIndexer indexer;
 	private static IndexHistory history;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmAuthorization.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmAuthorization.java
index 12aa5df724..ad1b42ccc2 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmAuthorization.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmAuthorization.java
@@ -2,8 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.web.jsptags;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.jsp.JspException;
@@ -15,7 +13,6 @@
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
 
 /**
@@ -64,18 +61,11 @@ private AuthorizationRequest getActionsFromRequestAttribute() {
 		getRequest().removeAttribute("requestedActions");
 
 		if (attribute == null) {
-			return AUTHORIZED;
-		} else if (attribute instanceof RequestedAction) {
-			RequestedAction ra = (RequestedAction) attribute;
+			return AuthorizationRequest.AUTHORIZED;
+		} else if (attribute instanceof AuthorizationRequest) {
+		    AuthorizationRequest ra = (AuthorizationRequest) attribute;
 			log.debug("requested action was " + ra.getClass().getSimpleName());
 			return ra;
-		} else if (attribute instanceof RequestedAction[]) {
-			AuthorizationRequest auth = AUTHORIZED;
-			for (RequestedAction ra : (RequestedAction[]) attribute) {
-				auth = auth.and(ra);
-			}
-			log.debug("requested actions were " + auth);
-			return auth;
 		} else {
 			throw new IllegalStateException(
 					"Expected request.getAttribute(\"requestedActions\") "
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
index 6ebd52ebc1..f25fd78b57 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
@@ -2,9 +2,9 @@
 
 package edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_LITERAL;
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_PREDICATE;
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_URI;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_LITERAL;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_PREDICATE;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
 
 import java.util.Collection;
 import java.util.Iterator;
@@ -18,10 +18,13 @@
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthHelper;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.VClass;
@@ -119,13 +122,13 @@ public GroupedPropertyList getPropertyList() {
 	 * an object property to the Individual being shown.
 	 */
     public boolean isEditable() {
-		AddDataPropertyStatement adps = new AddDataPropertyStatement(
+        DataPropertyStatementAccessObject adps = new DataPropertyStatementAccessObject(
 				vreq.getJenaOntModel(), individual.getURI(),
 				SOME_URI, SOME_LITERAL);
-		AddObjectPropertyStatement aops = new AddObjectPropertyStatement(
+        ObjectPropertyStatementAccessObject aops = new ObjectPropertyStatementAccessObject(
 				vreq.getJenaOntModel(), individual.getURI(),
 				SOME_PREDICATE, SOME_URI);
-    	return PolicyHelper.isAuthorizedForActions(vreq, adps.or(aops));
+    	return PolicyHelper.isAuthorizedForActions(vreq, AuthHelper.logicOr(new SimpleAuthorizationRequest(adps, AccessOperation.ADD), new SimpleAuthorizationRequest(aops, AccessOperation.ADD)));
     }
 
     public boolean getShowAdminPanel() {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java
index 0040aed232..191740093e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java
@@ -7,10 +7,10 @@
 
 import org.apache.jena.rdf.model.Literal;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
@@ -46,17 +46,28 @@ public DataPropertyStatementTemplateModel(String subjectUri, Property property,
 	private String makeDeleteUrl() {
         // Determine whether the statement can be deleted
 		DataPropertyStatement dps = makeStatement();
-        RequestedAction action = new DropDataPropertyStatement(vreq.getJenaOntModel(), dps);
-        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) {
+        AccessObject action;
+        if (property instanceof FauxPropertyWrapper) {
+            DataPropertyStatement dpfs = makeFauxStatement();
+            action = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), dpfs);
+        } else {
+            action = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), dps);
+        }
+        
+        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.DROP) ) {
             return "";
         }
-
+        
         ParamMap params = new ParamMap(
                 "subjectUri", subjectUri,
                 "predicateUri", property.getURI(),
                 "datapropKey", makeHash(dps),
                 "cmd", "delete");
 
+        if (property instanceof FauxPropertyWrapper) {
+            params.put("fauxContextUri",((FauxPropertyWrapper)property).getContextUri());
+        }
+        
         params.put("templateName", templateName);
         params.putAll(UrlBuilder.getModelParams(vreq));
 
@@ -72,8 +83,15 @@ private String makeEditUrl() {
 
         // Determine whether the statement can be edited
 		DataPropertyStatement dps = makeStatement();
-        RequestedAction action = new EditDataPropertyStatement(vreq.getJenaOntModel(), dps);
-        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) {
+        AccessObject action;
+        if (property instanceof FauxPropertyWrapper) {
+            DataPropertyStatement dpfs = makeFauxStatement();
+            action = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), dpfs);
+        } else {
+            action = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), dps);
+        }
+		
+        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.EDIT) ) {
             return "";
         }
 
@@ -82,6 +100,10 @@ private String makeEditUrl() {
                 "predicateUri", property.getURI(),
                 "datapropKey", makeHash(dps));
 
+        if (property instanceof FauxPropertyWrapper) {
+            params.put("fauxContextUri",((FauxPropertyWrapper)property).getContextUri());
+        }
+        
         if ( deleteUrl.isEmpty() ) {
             params.put("deleteProhibited", "prohibited");
         }
@@ -92,7 +114,17 @@ private String makeEditUrl() {
 	}
 
 	private DataPropertyStatement makeStatement() {
-		DataPropertyStatement dps = new DataPropertyStatementImpl(subjectUri, property.getURI(), literalValue.getLexicalForm());
+		DataPropertyStatement dps;
+		dps = new DataPropertyStatementImpl(subjectUri, property.getURI(), literalValue.getLexicalForm());	
+		// Language and datatype are needed to get the correct hash value
+		dps.setLanguage(literalValue.getLanguage());
+		dps.setDatatypeURI(literalValue.getDatatypeURI());
+		return dps;
+	}
+	
+	private DataPropertyStatement makeFauxStatement() {
+		DataPropertyStatement dps;
+		dps = new DataPropertyStatementImpl(subjectUri, ((FauxPropertyWrapper)property).getConfigUri(), literalValue.getLexicalForm());	
 		// Language and datatype are needed to get the correct hash value
 		dps.setLanguage(literalValue.getLanguage());
 		dps.setDatatypeURI(literalValue.getDatatypeURI());
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java
index 8e0e3f3b20..e80a4a25fd 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java
@@ -2,7 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_LITERAL;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_LITERAL;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -14,9 +14,10 @@
 
 import org.apache.jena.rdf.model.Literal;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
@@ -91,7 +92,7 @@ public String toString() {
         // If the property is populated, get the data property statements via a sparql query
         if (populatedDataPropertyList.contains(dp)) {
             log.debug("Getting data for populated data property " + getUri());
-            DataPropertyStatementDao dpDao = vreq.getWebappDaoFactory().getDataPropertyStatementDao();
+            DataPropertyStatementDao dpDao = vreq.getUnfilteredWebappDaoFactory().getDataPropertyStatementDao();
             List<Literal> values = dpDao.getDataPropertyValuesForIndividualByProperty(subject, dp, queryString, constructQueries);
             for (Literal value : values) {
                 statements.add(new DataPropertyStatementTemplateModel(subjectUri, dp, value, getTemplateName(), vreq));
@@ -131,15 +132,28 @@ protected void setAddUrl(Property property) {
 		}
 
         // Determine whether a new statement can be added
-		RequestedAction action = new AddDataPropertyStatement(
-				vreq.getJenaOntModel(), subjectUri, propertyUri, SOME_LITERAL);
-        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) {
+		String fauxContextUri = null;
+		AccessObject action;
+		if (isFauxProperty(property)){
+			FauxPropertyWrapper fauxPropertywrapper = ((FauxPropertyWrapper) property);
+			fauxContextUri = fauxPropertywrapper.getContextUri();
+			action = new DataPropertyStatementAccessObject(
+					vreq.getJenaOntModel(), subjectUri, fauxPropertywrapper.getConfigUri(), SOME_LITERAL);
+		} else {
+			action = new DataPropertyStatementAccessObject(
+					vreq.getJenaOntModel(), subjectUri, propertyUri, SOME_LITERAL);
+		}
+        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.ADD) ) {
             return;
         }
 
         ParamMap params = new ParamMap(
                 "subjectUri", subjectUri,
                 "predicateUri", propertyUri);
+        
+        if (fauxContextUri != null) {
+            params.put("fauxContextUri", fauxContextUri);
+        }
 
         params.putAll(UrlBuilder.getModelParams(vreq));
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/FauxDataPropertyWrapper.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/FauxDataPropertyWrapper.java
index 556381af35..ea583fe9de 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/FauxDataPropertyWrapper.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/FauxDataPropertyWrapper.java
@@ -329,4 +329,9 @@ public String getContextUri() {
 		return faux.getContextUri();
 	}
 
+	@Override
+	public String getConfigUri() {
+		return faux.getConfigUri();
+	}
+
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/FauxObjectPropertyWrapper.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/FauxObjectPropertyWrapper.java
index e0425861ad..72c49cbe0b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/FauxObjectPropertyWrapper.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/FauxObjectPropertyWrapper.java
@@ -555,51 +555,6 @@ public void setLocalNameWithPrefix(String prefixedLocalName) {
 		innerOP.setLocalNameWithPrefix(prefixedLocalName);
 	}
 
-	@Override
-	public RoleLevel getHiddenFromDisplayBelowRoleLevel() {
-		return innerOP.getHiddenFromDisplayBelowRoleLevel();
-	}
-
-	@Override
-	public void setHiddenFromDisplayBelowRoleLevel(RoleLevel level) {
-		innerOP.setHiddenFromDisplayBelowRoleLevel(level);
-	}
-
-	@Override
-	public void setHiddenFromDisplayBelowRoleLevelUsingRoleUri(String roleUri) {
-		innerOP.setHiddenFromDisplayBelowRoleLevelUsingRoleUri(roleUri);
-	}
-
-	@Override
-	public RoleLevel getProhibitedFromUpdateBelowRoleLevel() {
-		return innerOP.getProhibitedFromUpdateBelowRoleLevel();
-	}
-
-	@Override
-	public void setProhibitedFromUpdateBelowRoleLevel(RoleLevel level) {
-		innerOP.setProhibitedFromUpdateBelowRoleLevel(level);
-	}
-
-	@Override
-	public void setProhibitedFromUpdateBelowRoleLevelUsingRoleUri(String roleUri) {
-		innerOP.setProhibitedFromUpdateBelowRoleLevelUsingRoleUri(roleUri);
-	}
-
-	@Override
-	public RoleLevel getHiddenFromPublishBelowRoleLevel() {
-		return innerOP.getHiddenFromPublishBelowRoleLevel();
-	}
-
-	@Override
-	public void setHiddenFromPublishBelowRoleLevel(RoleLevel level) {
-		innerOP.setHiddenFromPublishBelowRoleLevel(level);
-	}
-
-	@Override
-	public void setHiddenFromPublishBelowRoleLevelUsingRoleUri(String roleUri) {
-		innerOP.setHiddenFromPublishBelowRoleLevelUsingRoleUri(roleUri);
-	}
-
 	@Override
 	public int hashCode() {
 		final int prime = 31;
@@ -664,4 +619,9 @@ public String getContextUri() {
 		return faux.getContextUri();
 	}
 
+	@Override
+	public String getConfigUri() {
+		return faux.getConfigUri();
+	}
+
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/FauxPropertyWrapper.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/FauxPropertyWrapper.java
index 4f3222f903..a8d9cd3a9c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/FauxPropertyWrapper.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/FauxPropertyWrapper.java
@@ -7,4 +7,6 @@ public interface FauxPropertyWrapper {
 	public FauxProperty getFauxProperty();
 	
 	public String getContextUri();
+	
+	public String getConfigUri();
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java
index dca2796286..2c413481aa 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java
@@ -7,9 +7,10 @@
 
 import org.apache.jena.rdf.model.Literal;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
@@ -63,8 +64,8 @@ public class NameStatementTemplateModel extends PropertyStatementTemplateModel {
 	private String makeEditUrl(Literal literal) {
         // Determine whether the statement can be edited
         DataPropertyStatement dps = makeStatement(literal);
-        RequestedAction action = new EditDataPropertyStatement(vreq.getJenaOntModel(), dps);
-        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) {
+        AccessObject action = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), dps);
+        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.EDIT) ) {
             return "";
         }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
index da38f6ce90..5fe2f53976 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
@@ -9,10 +9,10 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
@@ -52,9 +52,9 @@ private String makeDeleteUrl() {
     	}
 
         // Determine whether the statement can be deleted
-		RequestedAction action = new DropObjectPropertyStatement(
+		AccessObject action = new ObjectPropertyStatementAccessObject(
 				vreq.getJenaOntModel(), subjectUri, property, objectUri);
-        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) {
+        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.DROP) ) {
             return "";
         }
 
@@ -73,6 +73,10 @@ private String makeDeleteUrl() {
                 "cmd", "delete",
                 "objectKey", objectKey);
 
+        if (property instanceof FauxPropertyWrapper) {
+            params.put("fauxContextUri", ((FauxPropertyWrapper) property).getContextUri());
+        }
+
         for ( String key : data.keySet() ) {
             String value = data.get(key);
             // Remove an entry with a null value instead of letting it get passed
@@ -105,8 +109,8 @@ private String makeEditUrl() {
     	}
 
        // Determine whether the statement can be edited
-        RequestedAction action =  new EditObjectPropertyStatement(vreq.getJenaOntModel(), subjectUri, property, objectUri);
-        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) {
+        AccessObject action =  new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, property, objectUri);
+        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.EDIT) ) {
             return "";
         }
 
@@ -123,6 +127,10 @@ private String makeEditUrl() {
                 "predicateUri", property.getURI(),
                 "objectUri", objectUri);
 
+        if (property instanceof FauxPropertyWrapper) {
+            params.put("fauxContextUri",((FauxPropertyWrapper)property).getContextUri());
+        }
+        
         if ( deleteUrl.isEmpty() ) {
             params.put("deleteProhibited", "prohibited");
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java
index bb6e69bdc6..3a6e8494c9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java
@@ -2,7 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_URI;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
 
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -16,9 +16,10 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
@@ -120,9 +121,9 @@ protected void setAddUrl(Property property) {
     	}
 
         // Determine whether a new statement can be added
-		RequestedAction action = new AddObjectPropertyStatement(
+		AccessObject action = new ObjectPropertyStatementAccessObject(
 				vreq.getJenaOntModel(), subjectUri, property, SOME_URI);
-        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) {
+        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.ADD) ) {
             return;
         }
 
@@ -138,6 +139,11 @@ protected void setAddUrl(Property property) {
             ParamMap params = new ParamMap(
                     "subjectUri", subjectUri,
                     "predicateUri", propertyUri);
+    		
+            if (isFauxProperty(property)){
+                String fauxPropertyContextUri = ((FauxPropertyWrapper)property).getContextUri();
+                params.put("fauxContextUri", fauxPropertyContextUri);
+            } 
 
             if (domainUri != null) {
                 params.put("domainUri", domainUri);
@@ -168,6 +174,11 @@ protected List<Map<String, String>> getStatementData() {
         ObjectPropertyStatementDao opDao = vreq.getWebappDaoFactory().getObjectPropertyStatementDao();
         return opDao.getObjectPropertyStatementsForIndividualByProperty(subjectUri, propertyUri, objectKey, domainUri, rangeUri, getSelectQuery(), getConstructQueries(), sortDirection);
     }
+    
+    protected List<Map<String, String>> getUnfilteredStatementData() {
+        ObjectPropertyStatementDao opDao = vreq.getUnfilteredWebappDaoFactory().getObjectPropertyStatementDao();
+        return opDao.getObjectPropertyStatementsForIndividualByProperty(subjectUri, propertyUri, objectKey, domainUri, rangeUri, getSelectQuery(), getConstructQueries(), sortDirection);
+    }
 
     protected abstract boolean isEmpty();
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java
index 5c8ec1d2a2..b88e900592 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java
@@ -2,8 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_LITERAL;
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_URI;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_LITERAL;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -11,12 +11,13 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayDataProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
@@ -75,33 +76,37 @@ public class PropertyGroupTemplateModel extends BaseTemplateModel {
 	 */
 	private boolean allowedToDisplay(VitroRequest vreq, ObjectProperty op,
 			Individual subject) {
-		RequestedAction dop = new DisplayObjectProperty(op);
-		if (PolicyHelper.isAuthorizedForActions(vreq, dop)) {
+		AccessObject dop = new ObjectPropertyAccessObject(op);
+		if (PolicyHelper.isAuthorizedForActions(vreq, dop, AccessOperation.DISPLAY)) {
 			return true;
 		}
-
-		RequestedAction dops = new DisplayObjectPropertyStatement(
-				subject.getURI(), op, SOME_URI);
-        return PolicyHelper.isAuthorizedForActions(vreq, dops);
-
+		AccessObject dops;
+		if (op instanceof FauxObjectPropertyWrapper) {
+			dops = new ObjectPropertyStatementAccessObject(null, ((FauxObjectPropertyWrapper) op).getConfigUri(), op, SOME_URI);
+		} else {
+			dops = new ObjectPropertyStatementAccessObject(null, subject.getURI(), op, SOME_URI);
+		}
+		return PolicyHelper.isAuthorizedForActions(vreq, dops, AccessOperation.DISPLAY);
     }
 
 	/**
 	 * See if the property is permitted in its own right. If not, the property
 	 * statement might still be permitted to a self-editor.
 	 */
-	private boolean allowedToDisplay(VitroRequest vreq, DataProperty dp,
-			Individual subject) {
-		RequestedAction dop = new DisplayDataProperty(dp);
-		if (PolicyHelper.isAuthorizedForActions(vreq, dop)) {
+	private boolean allowedToDisplay(VitroRequest vreq, DataProperty dp, Individual subject) {
+		AccessObject dop = new DataPropertyAccessObject(dp);
+		if (PolicyHelper.isAuthorizedForActions(vreq, dop, AccessOperation.DISPLAY)) {
 			return true;
 		}
-
-		DataPropertyStatementImpl dps = new DataPropertyStatementImpl(
-				subject.getURI(), dp.getURI(), SOME_LITERAL);
-		RequestedAction dops = new DisplayDataPropertyStatement(dps);
-        return PolicyHelper.isAuthorizedForActions(vreq, dops);
-
+		DataPropertyStatementImpl dps;
+		if (dp instanceof FauxDataPropertyWrapper) {
+			dps = new DataPropertyStatementImpl(subject.getURI(), ((FauxDataPropertyWrapper) dp).getConfigUri(), SOME_LITERAL);
+		} else {
+			dps = new DataPropertyStatementImpl(subject.getURI(), dp.getURI(), SOME_LITERAL);
+		}
+        //TODO: Model should be here to correctly check authorization
+		AccessObject dops = new DataPropertyStatementAccessObject(null, dps);
+        return PolicyHelper.isAuthorizedForActions(vreq, dops, AccessOperation.DISPLAY);	
     }
 
 	protected boolean isEmpty() {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java
index 2b1aac8b63..1e8e8afa13 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java
@@ -10,7 +10,6 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 import edu.cornell.mannlib.vitro.webapp.beans.FauxProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
@@ -89,18 +88,6 @@ protected void setVerboseDisplayValues(Property property) {
 
         verboseDisplay = new HashMap<String, Object>();
 
-        RoleLevel roleLevel = property.getHiddenFromDisplayBelowRoleLevel();
-        String roleLevelLabel = roleLevel != null ? roleLevel.getDisplayLabel() : "";
-        verboseDisplay.put("displayLevel", roleLevelLabel);
-
-        roleLevel = property.getProhibitedFromUpdateBelowRoleLevel();
-        roleLevelLabel = roleLevel != null ? roleLevel.getUpdateLabel() : "";
-        verboseDisplay.put("updateLevel", roleLevelLabel);
-
-        roleLevel = property.getHiddenFromPublishBelowRoleLevel();
-        roleLevelLabel = roleLevel != null ? roleLevel.getDisplayLabel() : "";
-        verboseDisplay.put("publishLevel", roleLevelLabel);
-
         verboseDisplay.put("localName", property.getLocalNameWithPrefix());
         verboseDisplay.put("displayRank", getPropertyDisplayTier(property));
 
@@ -112,7 +99,7 @@ protected void setVerboseDisplayValues(Property property) {
         }
     }
 
-    private boolean isFauxProperty(Property prop) {
+    protected boolean isFauxProperty(Property prop) {
         if (prop instanceof FauxPropertyWrapper) {
             return true;
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/UncollatedObjectPropertyTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/UncollatedObjectPropertyTemplateModel.java
index 06bdb8fa5e..2fa5f89951 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/UncollatedObjectPropertyTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/UncollatedObjectPropertyTemplateModel.java
@@ -32,7 +32,12 @@ public class UncollatedObjectPropertyTemplateModel extends ObjectPropertyTemplat
             log.debug("Getting data for populated object property " + op.getURI());
 
             /* Get the data */
-            List<Map<String, String>> statementData = getStatementData();
+            List<Map<String, String>> statementData;
+            if (op instanceof FauxPropertyWrapper) {
+            	statementData = getUnfilteredStatementData();
+            } else {
+            	statementData = getStatementData();	
+            }
 
             /* Apply postprocessing */
             postprocess(statementData);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionFactoryTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionFactoryTest.java
deleted file mode 100644
index 6d8e320161..0000000000
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionFactoryTest.java
+++ /dev/null
@@ -1,277 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
-
-import static org.junit.Assert.assertEquals;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.junit.Before;
-import org.junit.Test;
-
-import stubs.edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDaoStub;
-import stubs.edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactoryStub;
-import stubs.edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccessFactoryStub;
-import stubs.javax.servlet.ServletContextStub;
-import stubs.javax.servlet.http.HttpServletRequestStub;
-import stubs.javax.servlet.http.HttpSessionStub;
-import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
-import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
-import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasPermission;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.Permission;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionRegistry;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
-import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
-
-/**
- * Can we tell whether a user is logged in as root?
- */
-public class HasPermissionFactoryTest extends AbstractTestClass {
-	private static final String USER_URI = "http://userUri";
-	private UserAccount user;
-
-	private LoginStatusBean lsb;
-
-	private PermissionSet emptyPublicPermissionSet;
-	private PermissionSet publicPermissionSet1;
-	private PermissionSet publicPermissionSet2;
-	private PermissionSet emptyLoggedInPermissionSet;
-	private PermissionSet loggedInPermissionSet1;
-	private PermissionSet loggedInPermissionSet2;
-
-	private Permission permissionP1a;
-	private Permission permissionP1b;
-	private Permission permissionP2;
-	private Permission permissionLI1;
-	private Permission permissionLI2a;
-	private Permission permissionLI2b;
-
-	private WebappDaoFactoryStub wdf;
-	private UserAccountsDaoStub uaDao;
-
-	private ServletContextStub ctx;
-	private HttpSessionStub session;
-	private HttpServletRequestStub req;
-
-	private HasPermissionFactory factory;
-
-	private IdentifierBundle actualIds;
-	private IdentifierBundle expectedIds;
-
-	@Before
-	public void setup() {
-		user = new UserAccount();
-		user.setUri(USER_URI);
-
-		lsb = new LoginStatusBean(USER_URI, AuthenticationSource.INTERNAL);
-
-		uaDao = new UserAccountsDaoStub();
-		uaDao.addUser(user);
-
-		wdf = new WebappDaoFactoryStub();
-		wdf.setUserAccountsDao(uaDao);
-
-		ctx = new ServletContextStub();
-		new ModelAccessFactoryStub().get(ctx).setWebappDaoFactory(wdf);
-
-		session = new HttpSessionStub();
-		session.setServletContext(ctx);
-
-		req = new HttpServletRequestStub();
-		req.setSession(session);
-
-		factory = new HasPermissionFactory(ctx);
-
-		preparePermissions();
-		preparePermissionSets();
-	}
-
-	private void preparePermissions() {
-		permissionP1a = new MyPermission("permissionP1a");
-		permissionP1b = new MyPermission("permissionP1b");
-		permissionP2 = new MyPermission("permissionP2");
-		permissionLI1 = new MyPermission("permissionLI1");
-		permissionLI2a = new MyPermission("permissionLI2a");
-		permissionLI2b = new MyPermission("permissionLI2b");
-		PermissionRegistry.createRegistry(
-				ctx,
-				list(permissionP1a, permissionP1b, permissionP2, permissionLI1,
-						permissionLI2a, permissionLI2b));
-	}
-
-	private void preparePermissionSets() {
-		emptyPublicPermissionSet = new PermissionSet();
-		emptyPublicPermissionSet.setUri("java:emptyPS");
-		emptyPublicPermissionSet.setLabel("emptyPublicPermissionSet");
-		emptyPublicPermissionSet.setForPublic(true);
-
-		publicPermissionSet1 = new PermissionSet();
-		publicPermissionSet1.setUri("java:publicPS1");
-		publicPermissionSet1.setLabel("publicPermissionSet1");
-		publicPermissionSet1.setForPublic(true);
-		setPermissions(publicPermissionSet1, permissionP1a, permissionP1b);
-
-		publicPermissionSet2 = new PermissionSet();
-		publicPermissionSet2.setUri("java:publicPS2");
-		publicPermissionSet2.setLabel("publicPermissionSet2");
-		publicPermissionSet2.setForPublic(true);
-		setPermissions(publicPermissionSet2, permissionP2);
-
-		emptyLoggedInPermissionSet = new PermissionSet();
-		emptyLoggedInPermissionSet.setUri("java:emptyPS");
-		emptyLoggedInPermissionSet.setLabel("emptyLoggedInPermissionSet");
-
-		loggedInPermissionSet1 = new PermissionSet();
-		loggedInPermissionSet1.setUri("java:loggedInPS1");
-		loggedInPermissionSet1.setLabel("loggedInPermissionSet1");
-		setPermissions(loggedInPermissionSet1, permissionLI1);
-
-		loggedInPermissionSet2 = new PermissionSet();
-		loggedInPermissionSet2.setUri("java:loggedInPS2");
-		loggedInPermissionSet2.setLabel("loggedInPermissionSet2");
-		setPermissions(loggedInPermissionSet2, permissionLI2a, permissionLI2b);
-
-		uaDao.addPermissionSet(emptyLoggedInPermissionSet);
-		uaDao.addPermissionSet(loggedInPermissionSet1);
-		uaDao.addPermissionSet(loggedInPermissionSet2);
-		// "public" permission sets are added for specific tests.
-	}
-
-	// ----------------------------------------------------------------------
-	// the tests
-	// ----------------------------------------------------------------------
-
-	@Test
-	public void notLoggedInNoPublicSets() {
-		expectedIds = new ArrayIdentifierBundle();
-		actualIds = factory.getIdentifierBundle(req);
-		assertEquals("no public sets", expectedIds, actualIds);
-	}
-
-	@Test
-	public void notLoggedInEmptyPublicSet() {
-		uaDao.addPermissionSet(emptyPublicPermissionSet);
-
-		expectedIds = new ArrayIdentifierBundle();
-		actualIds = factory.getIdentifierBundle(req);
-		assertEquals("empty public set", expectedIds, actualIds);
-	}
-
-	@Test
-	public void notLoggedInOnePublicSet() {
-		uaDao.addPermissionSet(publicPermissionSet1);
-
-		expectedIds = new ArrayIdentifierBundle(id(permissionP1a),
-				id(permissionP1b));
-		actualIds = factory.getIdentifierBundle(req);
-		assertEqualIds("one public set", expectedIds, actualIds);
-	}
-
-	@Test
-	public void notLoggedInTwoPublicSets() {
-		uaDao.addPermissionSet(publicPermissionSet1);
-		uaDao.addPermissionSet(publicPermissionSet2);
-
-		expectedIds = new ArrayIdentifierBundle(id(permissionP1a),
-				id(permissionP1b), id(permissionP2));
-		actualIds = factory.getIdentifierBundle(req);
-		assertEqualIds("two public sets", expectedIds, actualIds);
-	}
-
-	@Test
-	public void loggedInNoSets() {
-		LoginStatusBean.setBean(session, lsb);
-
-		expectedIds = new ArrayIdentifierBundle();
-		actualIds = factory.getIdentifierBundle(req);
-		assertEquals("no logged in sets", expectedIds, actualIds);
-	}
-
-	@Test
-	public void loggedInEmptySet() {
-		LoginStatusBean.setBean(session, lsb);
-		user.setPermissionSetUris(list(emptyLoggedInPermissionSet.getUri()));
-
-		expectedIds = new ArrayIdentifierBundle();
-		actualIds = factory.getIdentifierBundle(req);
-		assertEquals("empty logged in set", expectedIds, actualIds);
-	}
-
-	@Test
-	public void loggedInOneSet() {
-		LoginStatusBean.setBean(session, lsb);
-		user.setPermissionSetUris(list(loggedInPermissionSet1.getUri()));
-
-		expectedIds = new ArrayIdentifierBundle(id(permissionLI1));
-		actualIds = factory.getIdentifierBundle(req);
-		assertEqualIds("one logged in set", expectedIds, actualIds);
-	}
-
-	@Test
-	public void loggedInTwoSets() {
-		LoginStatusBean.setBean(session, lsb);
-		user.setPermissionSetUris(list(loggedInPermissionSet1.getUri(),
-				loggedInPermissionSet2.getUri()));
-
-		expectedIds = new ArrayIdentifierBundle(id(permissionLI1),
-				id(permissionLI2a), id(permissionLI2b));
-		actualIds = factory.getIdentifierBundle(req);
-		assertEqualIds("two logged in sets", expectedIds, actualIds);
-	}
-
-	// ----------------------------------------------------------------------
-	// helper methods
-	// ----------------------------------------------------------------------
-
-	private void setPermissions(PermissionSet ps, Permission... permissions) {
-		List<String> uris = new ArrayList<String>();
-		for (Permission p : permissions) {
-			uris.add(p.getUri());
-		}
-		ps.setPermissionUris(uris);
-	}
-
-	private HasPermission id(Permission p) {
-		return new HasPermission(p);
-	}
-
-	private <T> List<T> list(T... elements) {
-		List<T> l = new ArrayList<T>();
-		Collections.addAll(l, elements);
-		return l;
-	}
-
-	private void assertEqualIds(String message, IdentifierBundle expected,
-			IdentifierBundle actual) {
-		Set<HasPermission> expectedSet = new HashSet<HasPermission>();
-		for (Identifier id : expected) {
-			expectedSet.add((HasPermission) id);
-		}
-		Set<HasPermission> actualSet = new HashSet<HasPermission>();
-		for (Identifier id : actual) {
-			actualSet.add((HasPermission) id);
-		}
-		assertEqualSets(message, expectedSet, actualSet);
-	}
-
-	private static class MyPermission extends Permission {
-		public MyPermission(String uri) {
-			super(uri);
-		}
-
-		@Override
-		public boolean isAuthorized(RequestedAction whatToAuth) {
-			return false;
-		}
-
-	}
-}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsRootUserFactoryTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsRootUserFactoryTest.java
index 3c0d0814d3..9858ed1ec0 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsRootUserFactoryTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsRootUserFactoryTest.java
@@ -65,7 +65,7 @@ public void setup() {
 		req = new HttpServletRequestStub();
 		req.setSession(session);
 
-		factory = new IsRootUserFactory(ctx);
+		factory = new IsRootUserFactory();
 	}
 
 	@Test
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsUserFactoryTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsUserFactoryTest.java
index 89c1cc64f7..57ad3b7041 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsUserFactoryTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsUserFactoryTest.java
@@ -55,7 +55,7 @@ public void setup() {
 		req = new HttpServletRequestStub();
 		req.setSession(session);
 
-		factory = new IsUserFactory(ctx);
+		factory = new IsUserFactory();
 	}
 
 	@Test
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
new file mode 100644
index 0000000000..6483fd68e0
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
@@ -0,0 +1,82 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+public class BasicPolicyTest extends PolicyTest {
+
+    public static final String BROKEN_POLICY_BROKEN_TEST = TEST_RESOURCES_PREFIX + "test_policy_broken1.n3";
+    public static final String BROKEN_POLICY_BROKEN_TYPE = TEST_RESOURCES_PREFIX + "test_policy_broken2.n3";
+    public static final String BROKEN_POLICY_BROKEN_TEST_ID = TEST_RESOURCES_PREFIX + "test_policy_broken3.n3";
+    public static final String BROKEN_POLICY_BROKEN_TYPE_ID = TEST_RESOURCES_PREFIX + "test_policy_broken4.n3";
+    public static final String BROKEN_POLICY_BROKEN_ATTRIBUTE_VALUES = TEST_RESOURCES_PREFIX + "test_policy_broken5.n3";
+
+    public static final String VALID_POLICY = TEST_RESOURCES_PREFIX + "test_policy_valid.n3";
+    public static final String VALID_POLICY_WITH_SET = TEST_RESOURCES_PREFIX + "test_policy_valid_set.n3";
+    public static final String BROKEN_POLICY_WITH_SET = TEST_RESOURCES_PREFIX + "test_policy_broken_set.n3";
+    public static final String POLICY_KEY_TEST = TEST_RESOURCES_PREFIX + "test_policy_key.n3";
+
+
+    @Test
+    public void testGetPolicyUris() {
+        load(VALID_POLICY);
+        assertTrue(!loader.getPolicyUris().isEmpty());
+    }
+    
+    @Test
+    public void testValidPolicy() {
+        load(VALID_POLICY);
+        assertTrue(!loader.getPolicyUris().isEmpty());
+    }
+    
+    @Test
+    public void testValidPolicyWithSet() {
+        load(VALID_POLICY_WITH_SET);
+        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/ValidTestSetPolicy");
+        countRulesAndAttributes(policy, 2, 2);
+    }
+    
+    @Test
+    public void testBrokenTestId() {
+        load(BROKEN_POLICY_BROKEN_TEST_ID);
+        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyBrokenTestTypeId");
+        assertTrue(policy == null);
+    }
+    
+    @Test
+    public void testBrokenTypeId() {
+        load(BROKEN_POLICY_BROKEN_TYPE_ID);
+        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyTypeId");
+        assertTrue(policy == null);
+    }
+    
+    @Test
+    public void testBrokenTest() {
+        load(BROKEN_POLICY_BROKEN_TEST);
+        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyBrokenTestType");
+        assertTrue(policy == null);
+    }
+    
+    @Test
+    public void testBrokenType() {
+        load(BROKEN_POLICY_BROKEN_TYPE);
+        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyType");
+        assertTrue(policy == null);
+    }
+    
+    @Test
+    public void testBrokenAttributeValue() {
+        load(BROKEN_POLICY_BROKEN_ATTRIBUTE_VALUES);
+        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
+        assertTrue(policy == null);
+    }
+    
+    @Test
+    public void testBrokenSet() {
+        load(BROKEN_POLICY_WITH_SET);
+        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
+        assertTrue(policy == null);
+    }
+    
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
new file mode 100644
index 0000000000..6225ef7558
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
@@ -0,0 +1,40 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import org.junit.Test;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+
+public class EntityPolicyControllerTest extends PolicyTest {
+
+    @Test
+    public void testGetGrantedRoles() {
+        load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
+        load(SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH);
+        List<String> allowedRoles = Arrays.asList(ROLE_ADMIN_URI, ROLE_SELF_EDITOR_URI);
+        EntityPolicyController.updateEntityPolicy("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP, allowedRoles, ROLE_LIST);
+        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_LIST);
+        assertEquals(2, roles.size());
+        roles.contains(ROLE_ADMIN_URI);
+        roles.contains(ROLE_EDITOR_URI);
+    }
+    
+    @Test
+    public void testPolicyDataSetModification() {
+        load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
+        EntityPolicyController.updateEntityPolicy("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP, Arrays.asList(ROLE_ADMIN_URI), ROLE_LIST);
+        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_LIST);
+        assertEquals(1, roles.size());
+        roles.contains(ROLE_ADMIN_URI);
+        EntityPolicyController.updateEntityPolicy("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP, Collections.emptyList(), ROLE_LIST);
+        roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_LIST);
+        assertEquals(0, roles.size());
+    }
+}
+    
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
new file mode 100644
index 0000000000..e2a47871a3
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
@@ -0,0 +1,112 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static org.junit.Assert.assertFalse;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Set;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+
+@RunWith(Parameterized.class)
+public class EntityPolicyTests extends PolicyTest {
+    @org.junit.runners.Parameterized.Parameter(0)
+    public String filePath;
+    
+    @org.junit.runners.Parameterized.Parameter(1)
+    public String uri;
+    
+    @org.junit.runners.Parameterized.Parameter(2)
+    public OperationGroup group;
+    
+    @org.junit.runners.Parameterized.Parameter(3)
+    public AccessObjectType type;
+    
+    @org.junit.runners.Parameterized.Parameter(4)
+    public String roleUri;
+    
+    @org.junit.runners.Parameterized.Parameter(5)
+    public int rulesCount;
+    
+    @org.junit.runners.Parameterized.Parameter(6)
+    public int attrCount;
+    
+    @Test
+    public void testPolicy() {
+        load(filePath);
+        String policyUri =  PREFIX + uri;
+        EntityPolicyController.updateEntityPolicy("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        countRulesAndAttributes(policy, rulesCount, attrCount);
+        Set<String> values = loader.getPolicyDataSetValues(group, type, roleUri);
+        assertFalse(values.isEmpty());
+    }
+    
+    @Parameterized.Parameters
+    public static Collection<Object[]> requests() {
+        return Arrays.asList(new Object[][] {
+            { EDITOR_DISPLAY_CLASS_POLICY_PATH, "EditorDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_EDITOR_URI, 1, 4 },
+            { EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, "EditorDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_EDITOR_URI, 2, 4 },
+            { EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, "EditorDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, 4 },
+            
+            { SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH, "SelfEditorDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_SELF_EDITOR_URI, 1, 4 },
+            { SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, "SelfEditorDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, 4 },
+            { SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, "SelfEditorDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, 4 },
+
+            { PUBLIC_DISPLAY_CLASS_POLICY_PATH, "PublicDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_PUBLIC_URI, 1, 4 },
+            { PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH, "PublicDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_PUBLIC_URI, 2, 4 },
+            { PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH, "PublicDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, 4 },
+            
+            { CURATOR_DISPLAY_CLASS_POLICY_PATH, "CuratorDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_CURATOR_URI, 1, 4 },
+            { CURATOR_DISPLAY_DATA_PROP_POLICY_PATH, "CuratorDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_CURATOR_URI, 2, 4 },
+            { CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH, "CuratorDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, 4 },
+            
+            { ADMIN_DISPLAY_CLASS_POLICY_PATH, "AdminDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_ADMIN_URI, 1, 4 },
+            { ADMIN_DISPLAY_DATA_PROP_POLICY_PATH, "AdminDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_ADMIN_URI, 1, 4 },
+            { ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH, "AdminDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, 4 },
+            
+            { EDITOR_PUBLISH_CLASS_POLICY_PATH, "EditorPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_EDITOR_URI, 1, 4 },
+            { EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, "EditorPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_EDITOR_URI, 2, 4 },
+            { EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, "EditorPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, 4 },
+            
+            { SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH, "SelfEditorPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_SELF_EDITOR_URI, 1, 4 },
+            { SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, "SelfEditorPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, 4 },
+            { SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, "SelfEditorPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, 4 },
+
+            { CURATOR_PUBLISH_CLASS_POLICY_PATH, "CuratorPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_CURATOR_URI, 1, 4 },
+            { CURATOR_PUBLISH_DATA_PROP_POLICY_PATH, "CuratorPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_CURATOR_URI, 2, 4 },
+            { CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH, "CuratorPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, 4 },
+
+            { ADMIN_PUBLISH_CLASS_POLICY_PATH, "AdminPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_ADMIN_URI, 1, 4 },
+            { ADMIN_PUBLISH_DATA_PROP_POLICY_PATH, "AdminPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_ADMIN_URI, 2, 4 },
+            { ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH, "AdminPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, 4 },
+            
+            { EDITOR_UPDATE_CLASS_POLICY_PATH, "EditorUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_EDITOR_URI, 1, 4 },
+            { EDITOR_UPDATE_DATA_PROP_POLICY_PATH, "EditorUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_EDITOR_URI, 2, 4 },
+            { EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, "EditorUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, 4 },
+            
+            { SELF_EDITOR_UPDATE_CLASS_POLICY_PATH, "SelfEditorUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_SELF_EDITOR_URI, 1, 4 },
+            { SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH, "SelfEditorUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, 4 },
+            { SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, "SelfEditorUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, 4 },
+
+            { PUBLIC_UPDATE_CLASS_POLICY_PATH, "PublicUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_PUBLIC_URI, 1, 4 },
+            { PUBLIC_UPDATE_DATA_PROP_POLICY_PATH, "PublicUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_PUBLIC_URI, 2, 4 },
+            { PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH, "PublicUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, 4 },
+            
+            { CURATOR_UPDATE_CLASS_POLICY_PATH, "CuratorUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_CURATOR_URI, 1, 4 },
+            { CURATOR_UPDATE_DATA_PROP_POLICY_PATH, "CuratorUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_CURATOR_URI, 2, 4 },
+            { CURATOR_UPDATE_OBJ_PROP_POLICY_PATH, "CuratorUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, 4 },
+            
+            { ADMIN_UPDATE_CLASS_POLICY_PATH, "AdminUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_ADMIN_URI, 1, 4 },
+            { ADMIN_UPDATE_DATA_PROP_POLICY_PATH, "AdminUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_ADMIN_URI, 2, 4 },
+            { ADMIN_UPDATE_OBJ_PROP_POLICY_PATH, "AdminUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, 4 },
+            
+        });
+    }
+    
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
new file mode 100644
index 0000000000..1137892183
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
@@ -0,0 +1,40 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+import edu.cornell.mannlib.vitro.webapp.beans.Property;
+
+public class HomeMenuItemsRestrictionPolicyTest extends PolicyTest {
+
+    public static final String MENU_ITEMS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_menu_items_editing.n3";
+    
+    @Test
+    public void testHomeMenuItemsRestrictionPolicy() {        
+        load(MENU_ITEMS_POLICY_PATH);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/RestrictHomeMenuItemsEditingPolicy";
+        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        assertTrue(policy != null);
+        assertEquals(9000, policy.getPriority());
+        assertTrue(policy.getRules().size() > 0 );
+        final AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(false, rule.isAllowMatched());
+        assertEquals(4, rule.getAttributesCount());
+        
+        AccessObject ao = new ObjectPropertyStatementAccessObject(null, null, new Property("http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem"), "http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement");
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.EDIT);
+        assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.ADD);
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+    }
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
new file mode 100644
index 0000000000..f2391ca6f2
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
@@ -0,0 +1,73 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+import edu.cornell.mannlib.vitro.webapp.beans.Property;
+
+public class NonModifiableStatementsPolicyTest extends PolicyTest{
+
+    public static final String NOT_MODIFIABLE_STATEMENTS_POLICY_PATH = "policy_not_modifiable_statements";
+    
+    @Test
+    public void testNonModifiableStatementsPolicy() {        
+        load(USER_ACCOUNTS_HOME_EVERYTIME + NOT_MODIFIABLE_STATEMENTS_POLICY_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + NOT_MODIFIABLE_STATEMENTS_POLICY_PATH + DATASET + EXT);
+
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/NotModifiableStatementsPolicy";
+        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        assertTrue(policy != null);
+        assertEquals(8000, policy.getPriority());
+        assertEquals(5, policy.getRules().size());
+        final AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(false, rule.isAllowMatched());
+        for (AccessRule irule : policy.getRules()) {
+            assertEquals(3, irule.getAttributesCount());
+        }
+        
+        AccessObject ao = new ObjectPropertyStatementAccessObject(null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid", null, null);
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
+        ao = new ObjectPropertyStatementAccessObject(null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime", null, null);
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        
+        ao = new ObjectPropertyStatementAccessObject(null, null, new Property("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid"), null);
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
+        ao = new ObjectPropertyStatementAccessObject(null, null, new Property("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime"), null);
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        
+        ao = new ObjectPropertyStatementAccessObject(null, null, null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid");
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
+        ao = new ObjectPropertyStatementAccessObject(null, null, null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime");
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        
+        //Data property statement
+        ao = new DataPropertyStatementAccessObject(null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid", null, null);
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
+        ao = new DataPropertyStatementAccessObject(null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime", null, null);
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        
+        ao = new DataPropertyStatementAccessObject(null, null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid", null);
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
+        ao = new DataPropertyStatementAccessObject(null, null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime", null);
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+    }
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_AuthorizationRequestTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_AuthorizationRequestTest.java
index dc80e325ac..067e279e1b 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_AuthorizationRequestTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_AuthorizationRequestTest.java
@@ -14,12 +14,13 @@
 import stubs.javax.servlet.ServletContextStub;
 import stubs.javax.servlet.http.HttpServletRequestStub;
 import stubs.javax.servlet.http.HttpSessionStub;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
 
 /**
  * Test the ability of the Policy Helper to authorize a variety of simple or
@@ -28,12 +29,12 @@
 public class PolicyHelper_AuthorizationRequestTest {
 	private ServletContextStub ctx;
 	private HttpServletRequestStub req;
-	private AuthorizationRequest nullAr = null;
+	private AccessObject nullAr = null;
 
 	@Before
 	public void setup() {
 		ctx = new ServletContextStub();
-
+		PolicyStore.getInstance().clear();
 		HttpSessionStub session = new HttpSessionStub();
 		session.setServletContext(ctx);
 
@@ -45,99 +46,84 @@ public void setup() {
 	// Helper methods
 	// ----------------------------------------------------------------------
 
-	private void createPolicy(RequestedAction... authorizedActions) {
-		ServletPolicyList.addPolicy(ctx, new MySimplePolicy(authorizedActions));
-	}
-
-	@Test
-	public void authorizedForActionsNull() {
-		createPolicy();
-		assertTrue("null actions",
-				PolicyHelper.isAuthorizedForActions(req, nullAr));
-	}
-
-	@Test
-	public void authorizedForActionsEmpty() {
-		createPolicy();
-		assertTrue("empty actions", PolicyHelper.isAuthorizedForActions(req));
-	}
-
-	@Test
-	public void authorizedForActionsAndPass() {
-		createPolicy(new Action1(), new Action2());
-		assertTrue("and pass", PolicyHelper.isAuthorizedForActions(req,
-				new Action1(), new Action2()));
+	private void createPolicy(AccessObject... authorizedActions) {
+		PolicyStore.getInstance().add(new MySimplePolicy(authorizedActions));
 	}
 
-	@Test
-	public void authorizedForActionsAndFail() {
-		createPolicy(new Action2());
-		assertFalse("and fail", PolicyHelper.isAuthorizedForActions(req,
-				new Action1(), new Action2()));
-	}
-
-	@Test
-	public void authorizedForActionsAndOrPass() {
-		createPolicy(new Action3());
-		assertTrue(
-				"and-or pass",
-				PolicyHelper.isAuthorizedForActions(req,
-						new Action1().and(new Action2()).or(new Action3())));
-	}
-
-	@Test
-	public void authorizedForActionsAndOrFail() {
-		createPolicy(new Action1());
-		assertFalse(
-				"and-or fail",
-				PolicyHelper.isAuthorizedForActions(req,
-						new Action1().and(new Action2()).or(new Action3())));
-	}
-
-	@Test
-	public void authorizedByACombinationOfPolicies() {
-		ServletPolicyList.addPolicy(ctx, new MySimplePolicy(new Action1()));
-		ServletPolicyList.addPolicy(ctx, new MySimplePolicy(new Action2()));
-		assertTrue("combination of policies",
-				PolicyHelper.isAuthorizedForActions(req, new Action2(),
-						new Action1()));
-	}
+    /*
+     * @Test public void authorizedForActionsNull() { createPolicy();
+     * assertTrue("null actions", PolicyHelper.isAuthorizedForActions(req,
+     * nullAr)); }
+     */
+
+	
+    /*
+     * @Test public void authorizedForActionsAndPass() { createPolicy(new
+     * Action1(), new Action2()); assertTrue("and pass",
+     * PolicyHelper.isAuthorizedForActions(req, new Action1(), new Action2()));
+     * }
+     * 
+     * @Test public void authorizedForActionsAndFail() { createPolicy(new
+     * Action2()); assertFalse("and fail",
+     * PolicyHelper.isAuthorizedForActions(req, new Action1(), new Action2()));
+     * }
+     * 
+     * @Test public void authorizedForActionsAndOrPass() { createPolicy(new
+     * Action3()); assertTrue( "and-or pass",
+     * PolicyHelper.isAuthorizedForActions(req, new Action1().and(new
+     * Action2()).or(new Action3()))); }
+     */
+    /*
+     * @Test public void authorizedForActionsAndOrFail() { createPolicy(new
+     * Action1()); assertFalse( "and-or fail",
+     * PolicyHelper.isAuthorizedForActions(req, new Action1().and(new
+     * Action2()).or(new Action3()))); }
+     */
+
+    /*
+     * @Test public void authorizedByACombinationOfPolicies() {
+     * PolicyStore.addPolicy(new MySimplePolicy(new Action1()));
+     * PolicyStore.addPolicy(new MySimplePolicy(new Action2()));
+     * assertTrue("combination of policies",
+     * PolicyHelper.isAuthorizedForActions(req, new Action2(), new Action1()));
+     * }
+     */
 
 	// ----------------------------------------------------------------------
 	// Helper Classes
 	// ----------------------------------------------------------------------
 
-	public static class Action1 extends RequestedAction {
+	public static class Action1 extends AccessObject {
 		// actions must be public, with public constructor
 	}
 
-	public static class Action2 extends RequestedAction {
+	public static class Action2 extends AccessObject {
 		// actions must be public, with public constructor
 	}
 
-	public static class Action3 extends RequestedAction {
+	public static class Action3 extends AccessObject {
 		// actions must be public, with public constructor
 	}
 
-	private static class MySimplePolicy implements PolicyIface {
-		private final Set<RequestedAction> authorizedActions;
+	private static class MySimplePolicy implements Policy {
+		private final Set<AccessObject> authorizedActions;
 
-		public MySimplePolicy(RequestedAction... authorizedActions) {
-			this.authorizedActions = new HashSet<RequestedAction>(
+		public MySimplePolicy(AccessObject... authorizedActions) {
+			this.authorizedActions = new HashSet<AccessObject>(
 					Arrays.asList(authorizedActions));
 		}
 
 		@Override
-		public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
-				RequestedAction whatToAuth) {
-			for (RequestedAction authorized : authorizedActions) {
+		public PolicyDecision decide(AuthorizationRequest ar) {
+            AccessObject whatToAuth = ar.getAccessObject();
+			for (AccessObject authorized : authorizedActions) {
 				if (authorized.getClass().equals(whatToAuth.getClass())) {
-					return new BasicPolicyDecision(Authorization.AUTHORIZED,
+					return new BasicPolicyDecision(DecisionResult.AUTHORIZED,
 							"matched " + authorized.getClass().getSimpleName());
 				}
 
 			}
-			return new BasicPolicyDecision(Authorization.INCONCLUSIVE, "nope");
+			return new BasicPolicyDecision(DecisionResult.INCONCLUSIVE, "nope");
 		}
 
 	}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_ModelsTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_ModelsTest.java
index 17621a2b8f..bc9855eae9 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_ModelsTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_ModelsTest.java
@@ -32,12 +32,13 @@
 import org.apache.jena.util.iterator.NiceIterator;
 
 import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
 /**
  * Test the function of PolicyHelper in authorizing models of additions and
@@ -76,12 +77,14 @@ public void setup() {
 
 		session = new HttpSessionStub();
 		session.setServletContext(ctx);
+        PolicyStore.getInstance().clear();
+
 
 		req = new HttpServletRequestStub();
 		req.setSession(session);
 
-		setLoggerLevel(ServletPolicyList.class, Level.WARN);
-		ServletPolicyList.addPolicy(ctx, new MySimplePolicy());
+		setLoggerLevel(PolicyStore.class, Level.WARN);
+		PolicyStore.getInstance().add(new MySimplePolicy());
 
 //		setLoggerLevel(PolicyHelper.class, Level.DEBUG);
 	}
@@ -324,15 +327,15 @@ public Statement next() {
 	 * resource, or (2) The subject is related to the primary resource by a
 	 * "friend" property statement.
 	 */
-	private class MySimplePolicy implements PolicyIface {
+	private class MySimplePolicy implements Policy {
 		@Override
-		public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
-				RequestedAction whatToAuth) {
-			if (!(whatToAuth instanceof AbstractPropertyStatementAction)) {
+		public PolicyDecision decide(AuthorizationRequest ar) {
+	        AccessObject whatToAuth = ar.getAccessObject();
+			if (!(whatToAuth instanceof AccessObject)) {
 				return inconclusive();
 			}
 
-			AbstractPropertyStatementAction action = (AbstractPropertyStatementAction) whatToAuth;
+			AccessObject action = (AccessObject) whatToAuth;
 
 			String subjectUri = action.getResourceUris()[0];
 			if (PRIMARY_RESOURCE_URI.equals(subjectUri)) {
@@ -341,14 +344,14 @@ public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
 
 			Statement friendStmt = objectStatement(PRIMARY_RESOURCE_URI,
 					FRIEND_PREDICATE_URI, subjectUri);
-			if (statementExists(action.getOntModel(), friendStmt)) {
+			if (statementExists(action.getStatementOntModel(), friendStmt)) {
 				return authorized();
 			}
 
 			return inconclusive();
 		}
 
-		private boolean statementExists(OntModel oModel, Statement stmt) {
+		private boolean statementExists(Model oModel, Statement stmt) {
 			StmtIterator stmts = oModel.listStatements(stmt.getSubject(),
 					stmt.getPredicate(), stmt.getObject());
 			try {
@@ -359,11 +362,11 @@ private boolean statementExists(OntModel oModel, Statement stmt) {
 		}
 
 		private PolicyDecision authorized() {
-			return new BasicPolicyDecision(Authorization.AUTHORIZED, "");
+			return new BasicPolicyDecision(DecisionResult.AUTHORIZED, "");
 		}
 
 		private PolicyDecision inconclusive() {
-			return new BasicPolicyDecision(Authorization.INCONCLUSIVE, "");
+			return new BasicPolicyDecision(DecisionResult.INCONCLUSIVE, "");
 		}
 	}
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java
index 3e12713f5b..5a4dc3cd1a 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java
@@ -20,13 +20,15 @@
 import org.apache.jena.rdf.model.Statement;
 
 import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyStatementAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
 /**
  * Test the function of PolicyHelper in authorizing statements and models.
@@ -51,11 +53,12 @@ public void setup() {
 
 		req = new HttpServletRequestStub();
 		req.setSession(session);
+        PolicyStore.getInstance().clear();
 
 		ontModel = ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM);
 
-		setLoggerLevel(ServletPolicyList.class, Level.WARN);
-		ServletPolicyList.addPolicy(ctx, new MySimplePolicy());
+		setLoggerLevel(PolicyStore.class, Level.WARN);
+		PolicyStore.getInstance().add(new MySimplePolicy());
 	}
 
 	// ----------------------------------------------------------------------
@@ -194,24 +197,24 @@ private Statement objectStatement(String subjectUri, String predicateUri,
 	// Helper classes
 	// ----------------------------------------------------------------------
 
-	private static class MySimplePolicy implements PolicyIface {
+	private static class MySimplePolicy implements Policy {
 		@Override
-		public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
-				RequestedAction whatToAuth) {
-			if (whatToAuth instanceof AbstractDataPropertyStatementAction) {
-				return isAuthorized((AbstractDataPropertyStatementAction) whatToAuth);
-			} else if (whatToAuth instanceof AbstractObjectPropertyStatementAction) {
-				return isAuthorized((AbstractObjectPropertyStatementAction) whatToAuth);
+		public PolicyDecision decide(AuthorizationRequest ar) {
+	        AccessObject whatToAuth = ar.getAccessObject();
+			if (whatToAuth instanceof DataPropertyStatementAccessObject) {
+				return isAuthorized((DataPropertyStatementAccessObject) whatToAuth);
+			} else if (whatToAuth instanceof ObjectPropertyStatementAccessObject) {
+				return isAuthorized((ObjectPropertyStatementAccessObject) whatToAuth);
 			} else {
 				return inconclusive();
 			}
 		}
 
 		private PolicyDecision isAuthorized(
-				AbstractDataPropertyStatementAction whatToAuth) {
-			if ((APPROVED_SUBJECT_URI.equals(whatToAuth.getSubjectUri()))
+				DataPropertyStatementAccessObject whatToAuth) {
+			if ((APPROVED_SUBJECT_URI.equals(whatToAuth.getStatementSubject()))
 					&& (APPROVED_PREDICATE_URI.equals(whatToAuth
-							.getPredicateUri()))) {
+							.getStatementPredicateUri()))) {
 				return authorized();
 			} else {
 				return inconclusive();
@@ -219,11 +222,11 @@ private PolicyDecision isAuthorized(
 		}
 
 		private PolicyDecision isAuthorized(
-				AbstractObjectPropertyStatementAction whatToAuth) {
-			if ((APPROVED_SUBJECT_URI.equals(whatToAuth.getSubjectUri()))
+				ObjectPropertyStatementAccessObject whatToAuth) {
+			if ((APPROVED_SUBJECT_URI.equals(whatToAuth.getStatementSubject()))
 					&& (APPROVED_PREDICATE_URI.equals(whatToAuth
-							.getPredicateUri()))
-					&& (APPROVED_OBJECT_URI.equals(whatToAuth.getObjectUri()))) {
+							.getStatementPredicateUri()))
+					&& (APPROVED_OBJECT_URI.equals(whatToAuth.getStatementObject()))) {
 				return authorized();
 			} else {
 				return inconclusive();
@@ -231,11 +234,11 @@ private PolicyDecision isAuthorized(
 		}
 
 		private PolicyDecision authorized() {
-			return new BasicPolicyDecision(Authorization.AUTHORIZED, "");
+			return new BasicPolicyDecision(DecisionResult.AUTHORIZED, "");
 		}
 
 		private PolicyDecision inconclusive() {
-			return new BasicPolicyDecision(Authorization.INCONCLUSIVE, "");
+			return new BasicPolicyDecision(DecisionResult.INCONCLUSIVE, "");
 		}
 	}
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStoreTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStoreTest.java
new file mode 100644
index 0000000000..2989ac08a0
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStoreTest.java
@@ -0,0 +1,66 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+public class PolicyStoreTest {
+
+    @Test
+    public void testPriorityOrder() {
+        PolicyStore store = PolicyStore.getInstance();
+        store.clear();
+        store.add(new DynamicPolicy("lowest", 0));
+        assertEquals(0, store.getList().get(0).getPriority());
+        store.add(new DynamicPolicy("lower", 1));
+        assertEquals(1, store.getList().get(0).getPriority());
+        store.add(new DynamicPolicy("more important", 4));
+        assertEquals(4, store.getList().get(0).getPriority());
+        store.add(new DynamicPolicy("imporant", 3));
+        assertEquals(4, store.getList().get(0).getPriority());
+        store.add(new DynamicPolicy("normal", 2));
+        assertEquals(4, store.getList().get(0).getPriority());
+        store.add(new DynamicPolicy("most imporant", 5));
+        assertEquals(5, store.getList().get(0).getPriority());
+        store.clear();
+    }
+    
+    @Test
+    public void testPriorityDuplicates() {
+        PolicyStore store = PolicyStore.getInstance();
+        store.clear();
+        store.add(new DynamicPolicy("not important", 0));
+        assertEquals(0, store.getList().get(0).getPriority());
+        assertEquals(1, store.size());
+        store.add(new DynamicPolicy("important", 1));
+        assertEquals(2, store.size());
+        assertEquals(1, store.getList().get(0).getPriority());
+        store.add(new DynamicPolicy("not imporant too", 0));
+        assertEquals(3, store.size());
+        assertEquals(1, store.getList().get(0).getPriority());
+        store.add(new DynamicPolicy("equally imporant", 1));
+        assertEquals(4, store.size());
+        store.clear();
+    }
+    
+    @Test
+    public void testUriDuplicates() {
+        PolicyStore store = PolicyStore.getInstance();
+        store.clear();
+        store.add(new DynamicPolicy("unique", 0));
+        assertEquals(1, store.size());
+        store.add(new DynamicPolicy("not unique", 0));
+        assertEquals(2, store.size());
+        //replace current policy with the same priority
+        store.add(new DynamicPolicy("not unique", 0));
+        assertEquals(2, store.size());
+        assertEquals(0, store.getList().get(0).getPriority());
+        //replace current policy with different priority
+        store.add(new DynamicPolicy("not unique", 1));
+        assertEquals(2, store.size());
+        assertEquals(1, store.getList().get(0).getPriority());
+        store.add(new DynamicPolicy("unique too", 0));
+        assertEquals(3, store.size());
+        store.clear();
+    }
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
new file mode 100644
index 0000000000..ee5f8c5d02
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -0,0 +1,144 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.ModelFactory;
+import org.apache.jena.shared.Lock;
+import org.junit.Before;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+
+public class PolicyTest {
+    public static final String USER_ACCOUNTS_HOME_EVERYTIME = "../home/src/main/resources/rdf/auth/everytime/";
+    public static final String USER_ACCOUNTS_HOME_FIRSTTIME = "../home/src/main/resources/rdf/auth/firsttime/";
+
+    protected static final String ROLE_ADMIN_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
+    protected static final String ROLE_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
+    protected static final String ROLE_SELF_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR";
+    protected static final String ROLE_CURATOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR";
+    protected static final String ROLE_PUBLIC_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
+
+    public static final String ONTOLOGY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "ontology.n3";
+    public static final String ATTRIBUTES_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "attributes.n3";
+    public static final String OPERATIONS_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "operations.n3";
+    public static final String OPERATION_GROUPS = USER_ACCOUNTS_HOME_EVERYTIME + "operation_groups.n3";
+    public static final String SUBJECT_TYPES = USER_ACCOUNTS_HOME_EVERYTIME + "subject_types.n3";
+    public static final String OBJECT_TYPES = USER_ACCOUNTS_HOME_EVERYTIME + "object_types.n3";
+    public static final String ATTRIBUTE_TYPES_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "attribute_types.n3";
+    public static final String TEST_TYPES_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "test_types.n3";
+    public static final String TEST_VALUES_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "test_values.n3";
+    public static final String TEST_DECISIONS = USER_ACCOUNTS_HOME_EVERYTIME + "decisions.n3";
+    
+    public static final String ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_display_object_property.n3";
+    public static final String ADMIN_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_display_data_property.n3";
+    public static final String ADMIN_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_display_class.n3";
+
+    public static final String CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_display_object_property.n3";
+    public static final String CURATOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_display_data_property.n3";
+    public static final String CURATOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_display_class.n3";
+
+    public static final String PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_display_object_property.n3";
+    public static final String PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_display_data_property.n3";
+    public static final String PUBLIC_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_display_class.n3";
+    
+    public static final String SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_display_object_property.n3";
+    public static final String SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_display_data_property.n3";
+    public static final String SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_display_class.n3";
+    
+    public static final String EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_display_object_property.n3";
+    public static final String EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_display_data_property.n3";
+    public static final String EDITOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_display_class.n3";
+    //Update
+    public static final String ADMIN_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_update_object_property.n3";
+    public static final String ADMIN_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_update_data_property.n3";
+    public static final String ADMIN_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_update_class.n3";
+
+    public static final String CURATOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_update_object_property.n3";
+    public static final String CURATOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_update_data_property.n3";
+    public static final String CURATOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_update_class.n3";
+
+    public static final String PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_update_object_property.n3";
+    public static final String PUBLIC_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_update_data_property.n3";
+    public static final String PUBLIC_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_update_class.n3";
+    
+    public static final String SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_update_object_property.n3";
+    public static final String SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_update_data_property.n3";
+    public static final String SELF_EDITOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_update_class.n3";
+    
+    public static final String EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_update_object_property.n3";
+    public static final String EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_update_data_property.n3";
+    public static final String EDITOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_update_class.n3"; 
+    //Publish
+    public static final String ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_publish_object_property.n3";
+    public static final String ADMIN_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_publish_data_property.n3";
+    public static final String ADMIN_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_publish_class.n3";
+
+    public static final String CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_publish_object_property.n3";
+    public static final String CURATOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_publish_data_property.n3";
+    public static final String CURATOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_publish_class.n3";
+
+    public static final String SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_publish_object_property.n3";
+    public static final String SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_publish_data_property.n3";
+    public static final String SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_publish_class.n3";
+    
+    public static final String EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_publish_object_property.n3";
+    public static final String EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_publish_data_property.n3";
+    public static final String EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_publish_class.n3";
+    
+    protected static final String TEST_RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
+    protected static final List<String> ROLE_LIST = Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI);
+    public static final String PREFIX = "https://vivoweb.org/ontology/vitro-application/auth/individual/";
+    public static final String DATASET = "_dataset";
+    public static final String EXT = ".n3";
+    
+    private Model model;
+    protected PolicyLoader loader;
+
+    @Before
+    public void init() {
+        model = ModelFactory.createDefaultModel();
+        load(ATTRIBUTES_PATH);
+        load(OPERATIONS_PATH);
+        load(OPERATION_GROUPS);
+        load(SUBJECT_TYPES);
+        load(OBJECT_TYPES);
+        load(ATTRIBUTE_TYPES_PATH);
+        load(TEST_TYPES_PATH);
+        load(TEST_VALUES_PATH);
+        load(TEST_DECISIONS);
+        
+        PolicyLoader.initialize(model);
+        loader = PolicyLoader.getInstance();
+    }
+    
+    protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, int attCount) {
+        assertTrue(policy != null);
+        Set<AccessRule> rules = policy.getRules();
+        Map<String, AccessRule> ruleMap = rules.stream().collect(Collectors.toMap( r -> r.getRuleUri(), r -> r));
+        assertEquals(ruleCount, ruleMap.size());
+        for (AccessRule ar : ruleMap.values()) {
+            assertEquals(attCount, ar.getAttributes().size());
+            for (Attribute att : ar.getAttributes().values()) {
+                assertTrue(att.getValues().size() > 0); 
+            }
+        }
+    }
+    
+    protected void load(String filePath) {
+        try {
+            model.enterCriticalSection(Lock.WRITE);
+            model.read(filePath);
+        } finally {
+            model.leaveCriticalSection();
+        }
+    }
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
new file mode 100644
index 0000000000..c8dea27cf6
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
@@ -0,0 +1,52 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Arrays;
+
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.ModelFactory;
+import org.apache.jena.shared.Lock;
+import org.junit.Test;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+
+public class ProximityTest extends PolicyTest{
+
+    private static final String PROXIMITY_POLICY_PATH = TEST_RESOURCES_PREFIX + "proximity_test_policy.n3";
+    private static final String PROXIMITY_DATA_PATH = TEST_RESOURCES_PREFIX + "proximity_test_data.n3";
+    
+    @Test
+    public void testProximityPolicy() {        
+        load(PROXIMITY_POLICY_PATH);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/ProximityTestPolicy";
+        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        assertTrue(policy != null);
+        assertTrue(policy.getRules().size() == 1 );
+        AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(true, rule.isAllowMatched());
+        assertEquals(1, rule.getAttributesCount());
+        
+        Model targetModel = ModelFactory.createDefaultModel();
+        try {
+            targetModel.enterCriticalSection(Lock.WRITE);
+            targetModel.read(PROXIMITY_DATA_PATH);
+        } finally {
+            targetModel.leaveCriticalSection();
+        }
+        AccessObject ao = new ObjectPropertyStatementAccessObject(targetModel, "test:publication", null, null);
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(ao, AccessOperation.EDIT);
+        ar.setEditorUris(Arrays.asList("test:bob"));
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.EDIT);
+        ar.setEditorUris(Arrays.asList("test:alice"));
+        assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
+        ar = new SimpleAuthorizationRequest(ao, AccessOperation.EDIT);
+    }
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
new file mode 100644
index 0000000000..59ec2d95ff
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
@@ -0,0 +1,21 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+public class RootUserPolicyTest extends PolicyTest{
+
+    public static final String ROOT_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_root_user.n3";
+
+    @Test
+    public void testLoadRootUserPolicy() {        
+        load(ROOT_POLICY_PATH);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/RootUserPolicy";
+        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        assertTrue(policy != null);
+        assertEquals(10000, policy.getPriority());
+        countRulesAndAttributes(policy, 1, 1);
+    }
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java
deleted file mode 100644
index 17ef2333a4..0000000000
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java
+++ /dev/null
@@ -1,393 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import static edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization.AUTHORIZED;
-import static edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization.INCONCLUSIVE;
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_LITERAL;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-
-import org.junit.Before;
-import org.junit.Test;
-
-import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBeanStub;
-import stubs.javax.servlet.ServletContextStub;
-
-import org.apache.jena.ontology.OntModel;
-import org.apache.jena.ontology.OntModelSpec;
-import org.apache.jena.rdf.model.ModelFactory;
-
-import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasProfile;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
-
-public class SelfEditingPolicyTest extends AbstractTestClass {
-
-	private static final String SAFE_NS = "http://test.mannlib.cornell.edu/ns/01#";
-	private static final String UNSAFE_NS = VitroVocabulary.vitroURI;
-
-	private static final String SELFEDITOR_URI = SAFE_NS + "individual244";
-	private static final String SAFE_RESOURCE = SAFE_NS
-			+ "otherIndividual77777";
-	private static final String UNSAFE_RESOURCE = UNSAFE_NS
-			+ "otherIndividual99999";
-
-	private static final Property SAFE_PREDICATE = new Property(SAFE_NS + "hasHairStyle");
-	private static final Property UNSAFE_PREDICATE = new Property(UNSAFE_NS + "hasSuperPowers");
-
-	private ServletContextStub ctx;
-
-	private SelfEditingPolicy policy;
-	private IdentifierBundle ids;
-	private RequestedAction whatToAuth;
-	private OntModel ontModel;
-
-	@Before
-	public void setUp() {
-		ctx = new ServletContextStub();
-
-		PropertyRestrictionBeanStub
-				.getInstance(new String[] { UNSAFE_NS });
-
-		policy = new SelfEditingPolicy(ctx);
-
-		IndividualImpl ind = new IndividualImpl();
-		ind.setURI(SELFEDITOR_URI);
-
-		ids = new ArrayIdentifierBundle(new HasProfile(SELFEDITOR_URI));
-
-		ontModel = ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM);
-	}
-
-	@Test
-	public void testProhibitedProperties() {
-		PropertyRestrictionBeanStub
-				.getInstance(new String[] { UNSAFE_NS }, new String[] {
-						"http://mannlib.cornell.edu/bad#prp234",
-						"http://mannlib.cornell.edu/bad#prp999",
-						"http://mannlib.cornell.edu/bad#prp333",
-						"http://mannlib.cornell.edu/bad#prp777",
-						"http://mannlib.cornell.edu/bad#prp0020" });
-
-		whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				new Property("http://mannlib.cornell.edu/bad#prp234"), SAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE,
-				new Property("http://mannlib.cornell.edu/bad#prp234"), SELFEDITOR_URI);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				new Property("http://mannlib.cornell.edu/bad#prp999"), SAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE,
-				new Property("http://mannlib.cornell.edu/bad#prp999"), SELFEDITOR_URI);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE,
-				SAFE_PREDICATE, SELFEDITOR_URI);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				SAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				UNSAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		// now with dataprop statements
-		whatToAuth = new AddDataPropertyStatement(ontModel, SELFEDITOR_URI,
-				"http://mannlib.cornell.edu/bad#prp234", SOME_LITERAL);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new AddDataPropertyStatement(ontModel, SELFEDITOR_URI,
-				"http://mannlib.cornell.edu/bad#prp999", SOME_LITERAL);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new AddDataPropertyStatement(ontModel, SELFEDITOR_URI,
-				SAFE_PREDICATE.getURI(), SOME_LITERAL);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new AddDataPropertyStatement(ontModel, SELFEDITOR_URI,
-				UNSAFE_PREDICATE.getURI(), SOME_LITERAL);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-	}
-
-	@Test
-	public void testVisitIdentifierBundleAddObjectPropStmt() {
-		whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				SAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE,
-				SAFE_PREDICATE, SELFEDITOR_URI);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-
-		// this is the case where the editor is not part of the stmt
-		whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE,
-				SAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				UNSAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				SAFE_PREDICATE, UNSAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-	}
-
-	//
-	// @Test
-	// public void testVisitIdentifierBundleDropResource() {
-	// fail("Not yet implemented");
-	// }
-	//
-	// @Test
-	// public void testVisitIdentifierBundleDropDataPropStmt() {
-	// fail("Not yet implemented");
-	// }
-	//
-	@Test
-	public void testVisitIdentifierBundleDropObjectPropStmt() {
-		whatToAuth = new DropObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				SAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new DropObjectPropertyStatement(ontModel, SAFE_RESOURCE,
-				SAFE_PREDICATE, SELFEDITOR_URI);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-
-		// this is the case where the editor is not part of the stmt
-		whatToAuth = new DropObjectPropertyStatement(ontModel, SAFE_RESOURCE,
-				SAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new DropObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				UNSAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new DropObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				SAFE_PREDICATE, UNSAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-	}
-
-	//
-	// @Test
-	// public void testVisitIdentifierBundleAddResource() {
-	// fail("Not yet implemented");
-	// }
-	//
-	// @Test
-	// public void testVisitIdentifierBundleAddDataPropStmt() {
-	// fail("Not yet implemented");
-	// }
-	//
-	// @Test
-	// public void testVisitIdentifierBundleUploadFile() {
-	// fail("Not yet implemented");
-	// }
-	//
-	//
-	@Test
-	public void testVisitIdentifierBundleEditDataPropStmt() {
-		whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI,SAFE_PREDICATE.getURI(), SOME_LITERAL);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI, UNSAFE_PREDICATE.getURI(), SOME_LITERAL);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new EditDataPropertyStatement(ontModel, UNSAFE_RESOURCE, SAFE_PREDICATE.getURI(), SOME_LITERAL);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new EditDataPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE.getURI(), SOME_LITERAL);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-	}
-
-	@Test
-	public void testVisitIdentifierBundleEditObjPropStmt() {
-		whatToAuth = new EditObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				SAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new EditObjectPropertyStatement(ontModel, SAFE_RESOURCE,
-				SAFE_PREDICATE, SELFEDITOR_URI);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-
-		// this is the case where the editor is not part of the stmt
-		whatToAuth = new EditObjectPropertyStatement(ontModel, SAFE_RESOURCE,
-				SAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new EditObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				UNSAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-
-		whatToAuth = new EditObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				SAFE_PREDICATE, UNSAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-	}
-
-	// ----------------------------------------------------------------------
-	// What if there are two SelfEditor Identifiers?
-	// ----------------------------------------------------------------------
-
-	@Test
-	public void twoSEIsFindObjectPropertySubject() {
-		setUpTwoSEIs();
-		whatToAuth = new DropObjectPropertyStatement(ontModel, SELFEDITOR_URI,
-				SAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-	}
-
-	@Test
-	public void twoSEIsFindObjectPropertyObject() {
-		setUpTwoSEIs();
-		whatToAuth = new DropObjectPropertyStatement(ontModel, SAFE_RESOURCE,
-				SAFE_PREDICATE, SELFEDITOR_URI);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-	}
-
-	@Test
-	public void twoSEIsDontFindInObjectProperty() {
-		setUpTwoSEIs();
-		whatToAuth = new DropObjectPropertyStatement(ontModel, SAFE_RESOURCE,
-				SAFE_PREDICATE, SAFE_RESOURCE);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-	}
-
-	@Test
-	public void twoSEIsFindDataPropertySubject() {
-		setUpTwoSEIs();
-
-		whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE.getURI(), SOME_LITERAL);
-		assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
-	}
-
-	@Test
-	public void twoSEIsDontFindInDataProperty() {
-		setUpTwoSEIs();
-
-		whatToAuth = new EditDataPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE.getURI(), SOME_LITERAL);
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
-	}
-
-	private void setUpTwoSEIs() {
-		ids = new ArrayIdentifierBundle();
-
-		IndividualImpl ind1 = new IndividualImpl();
-		ind1.setURI(SAFE_NS + "bozoUri");
-		ids.add(new HasProfile(ind1.getURI()));
-
-		IndividualImpl ind2 = new IndividualImpl();
-		ind2.setURI(SELFEDITOR_URI);
-		ids.add(new HasProfile(ind2.getURI()));
-	}
-
-	// ----------------------------------------------------------------------
-	// Ignore administrative requests.
-	// ----------------------------------------------------------------------
-
-	@Test
-	public void testServerStatus() {
-		assertDecision(INCONCLUSIVE,
-				policy.isAuthorized(ids, new ServerStatus()));
-	}
-
-	@Test
-	public void testCreateOwlClass() {
-		CreateOwlClass a = new CreateOwlClass();
-		a.setSubjectUri("http://someClass/test");
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, a));
-	}
-
-	@Test
-	public void testRemoveOwlClass() {
-		RemoveOwlClass a = new RemoveOwlClass();
-		a.setSubjectUri("http://someClass/test");
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, a));
-	}
-
-	@Test
-	public void testDefineDataProperty() {
-		DefineDataProperty a = new DefineDataProperty();
-		a.setSubjectUri("http://someClass/test");
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, a));
-	}
-
-	@Test
-	public void testDefineObjectProperty() {
-		DefineObjectProperty a = new DefineObjectProperty();
-		a.setSubjectUri("http://someClass/test");
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, a));
-	}
-
-	@Test
-	public void testAddNewUser() {
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new AddNewUser()));
-	}
-
-	@Test
-	public void testRemoveUser() {
-		assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new RemoveUser()));
-	}
-
-	@Test
-	public void testLoadOntology() {
-		assertDecision(INCONCLUSIVE,
-				policy.isAuthorized(ids, new LoadOntology()));
-	}
-
-	@Test
-	public void testRebuildTextIndex() {
-		assertDecision(INCONCLUSIVE,
-				policy.isAuthorized(ids, new RebuildTextIndex()));
-	}
-
-	@Test
-	public void testVisitIdentifierBundleUpdateTextIndex() {
-		assertDecision(INCONCLUSIVE,
-				policy.isAuthorized(ids, new UpdateTextIndex()));
-	}
-
-	// ----------------------------------------------------------------------
-	// Helper methods
-	// ----------------------------------------------------------------------
-
-	private void assertDecision(Authorization expectedAuth,
-			PolicyDecision decision) {
-		if (expectedAuth == null) {
-			assertNull("expecting null decision", decision);
-		} else {
-			assertNotNull("expecting a decision", decision);
-			assertEquals("wrong authorization", expectedAuth,
-					decision.getAuthorized());
-		}
-	}
-}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java
deleted file mode 100644
index ce77498684..0000000000
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java
+++ /dev/null
@@ -1,297 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_LITERAL;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBeanStub;
-import stubs.javax.servlet.ServletContextStub;
-
-import org.apache.jena.ontology.OntModel;
-import org.apache.jena.ontology.OntModelSpec;
-import org.apache.jena.rdf.model.ModelFactory;
-
-import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasProfile;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.beans.Individual;
-import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
-
-public class SelfEditingPolicy_2_Test extends AbstractTestClass {
-	private static final Log log = LogFactory
-			.getLog(SelfEditingPolicy_2_Test.class);
-
-	/** We may edit objects in this arbitrary namespace. */
-	private static final String SAFE_NS = "http://test.mannlib.cornell.edu/ns/01#";
-
-	/** We are not allowed to edit objects in the administrative namespace. */
-	private static final String ADMIN_NS = VitroVocabulary.vitroURI;
-
-	/** The URI of a SelfEditor. */
-	private static final String SELFEDITOR_URI = SAFE_NS + "individual000";
-
-	/** Some things that are safe to edit. */
-	private static final String SAFE_RESOURCE = SAFE_NS + "individual123";
-	private static final String SAFE_PREDICATE = SAFE_NS + "hasHairStyle";
-
-	/** Some things that are not safe to edit. */
-	private static final String ADMIN_RESOURCE = ADMIN_NS + "individual666";
-	private static final String ADMIN_PREDICATE_1 = ADMIN_NS + "hasSuperPowers";
-	private static final String ADMIN_PREDICATE_2 = ADMIN_NS + "mayPrintMoney";
-	private static final String ADMIN_PREDICATE_3 = ADMIN_NS
-			+ "getsOutOfJailFree";
-	private static final String ADMIN_PREDICATE_4 = ADMIN_NS + "canDeleteModel";
-
-	/** The policy we are testing. */
-	SelfEditingPolicy policy;
-
-	/** A SelfEditing individual identifier. */
-	Individual seIndividual;
-
-	/** A bundle that contains a SelfEditing individual. */
-	IdentifierBundle ids;
-
-	/**
-	 * An empty model that acts as a placeholder in the requested actions. The
-	 * SelfEditingPolicy does not base its decisions on the contents of the
-	 * model.
-	 */
-	private OntModel ontModel;
-
-
-	@Before
-	public void setUp() {
-		ServletContextStub ctx = new ServletContextStub();
-		PropertyRestrictionBeanStub.getInstance(new String[] { ADMIN_NS });
-
-		policy = new SelfEditingPolicy(ctx);
-		Assert.assertNotNull(policy);
-
-		seIndividual = new IndividualImpl();
-		seIndividual.setURI(SELFEDITOR_URI);
-
-		ids = new ArrayIdentifierBundle(new HasProfile(SELFEDITOR_URI));
-
-		ontModel = ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM);
-
-		// setLoggerLevel(SelfEditingPolicySetupTest.class, Level.DEBUG);
-	}
-
-	// ----------------------------------------------------------------------
-	// General tests
-	// ----------------------------------------------------------------------
-
-	@Test
-	public void nullRequestedAction() {
-		PolicyDecision dec = policy.isAuthorized(ids, null);
-		Assert.assertNotNull(dec);
-		Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
-	}
-
-	@Test
-	public void nullIdentifierBundle() {
-		AddObjectPropertyStatement whatToAuth = new AddObjectPropertyStatement(
-				ontModel, SELFEDITOR_URI, new Property(SAFE_PREDICATE), SAFE_RESOURCE);
-		PolicyDecision dec = policy.isAuthorized(null, whatToAuth);
-		Assert.assertNotNull(dec);
-		Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
-	}
-
-	@Test
-	public void noSelfEditorIdentifier() {
-		ids.clear();
-		ids.add(new Identifier() { /* empty identifier */
-		});
-		assertAddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE,
-				Authorization.INCONCLUSIVE);
-	}
-
-	// ----------------------------------------------------------------------
-	// Tests against AddObjectPropStmt
-	// ----------------------------------------------------------------------
-
-	@Test
-	public void addObjectPropStmtSuccess1() {
-		assertAddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE,
-				Authorization.AUTHORIZED);
-	}
-
-	@Test
-	public void addObjectPropStmtSuccess2() {
-		assertAddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI,
-				Authorization.AUTHORIZED);
-	}
-
-	@Test
-	public void addObjectPropStmtUnsafePredicate1() {
-		assertAddObjectPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_1,
-				SAFE_RESOURCE, Authorization.INCONCLUSIVE);
-	}
-
-	@Test
-	public void addObjectPropStmtUnsafePredicate2() {
-		assertAddObjectPropStmt(SAFE_RESOURCE, ADMIN_PREDICATE_1,
-				SELFEDITOR_URI, Authorization.INCONCLUSIVE);
-	}
-
-	@Test
-	public void addObjectPropStmtUnsafePredicate3() {
-		assertAddObjectPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_2,
-				SAFE_RESOURCE, Authorization.INCONCLUSIVE);
-	}
-
-	@Test
-	public void addObjectPropStmtUnsafePredicate4() {
-		assertAddObjectPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_3,
-				SAFE_RESOURCE, Authorization.INCONCLUSIVE);
-	}
-
-	@Test
-	public void addObjectPropStmtUnsafePredicate5() {
-		assertAddObjectPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_4,
-				SAFE_RESOURCE, Authorization.INCONCLUSIVE);
-	}
-
-	// ----------------------------------------------------------------------
-	// Tests against EditObjPropStmt
-	// ----------------------------------------------------------------------
-
-	@Test
-	public void editObjectPropStmtSuccess1() {
-		assertEditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE,
-				Authorization.AUTHORIZED);
-	}
-
-	@Test
-	public void editObjectPropStmtSuccess2() {
-		assertEditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI,
-				Authorization.AUTHORIZED);
-	}
-
-	@Test
-	public void editObjectPropStmtEditorNotInvolved() {
-		// this is the case where the editor is not part of the stmt
-		assertEditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE,
-				Authorization.INCONCLUSIVE);
-	}
-
-	@Test
-	public void editObjectPropStmtUnsafeResource() {
-		assertEditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, ADMIN_RESOURCE,
-				Authorization.INCONCLUSIVE);
-	}
-
-	@Test
-	public void editObjectPropStmtUnsafePredicate1() {
-		assertEditObjPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_4, SAFE_RESOURCE,
-				Authorization.INCONCLUSIVE);
-	}
-
-	@Test
-	public void editObjectPropStmtUnsafePredicate2() {
-		assertEditObjPropStmt(SAFE_RESOURCE, ADMIN_PREDICATE_4, SELFEDITOR_URI,
-				Authorization.INCONCLUSIVE);
-	}
-
-	@Test
-	public void editObjectPropStmtUnsafeBoth() {
-		assertEditObjPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_4,
-				ADMIN_RESOURCE, Authorization.INCONCLUSIVE);
-	}
-
-	// ----------------------------------------------------------------------
-	// Tests against EditDataPropStmt
-	// ----------------------------------------------------------------------
-
-	@Test
-	public void editDataPropSuccess() {
-		assertEditDataPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, "junk",
-				Authorization.AUTHORIZED);
-	}
-
-	@Test
-	public void editDataPropUnsafePredicate() {
-		assertEditDataPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_1, "junk",
-				Authorization.INCONCLUSIVE);
-	}
-
-	@Test
-	public void editDataPropUnsafeResource() {
-		assertEditDataPropStmt(ADMIN_RESOURCE, SAFE_PREDICATE, null,
-				Authorization.INCONCLUSIVE);
-	}
-
-	@Test
-	public void editDataPropNoCloseRelation() {
-		assertEditDataPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, null,
-				Authorization.INCONCLUSIVE);
-	}
-
-	@Test
-	public void editDataPropModelProhibited() {
-		// model prohibited
-		assertEditDataPropStmt(SAFE_RESOURCE, ADMIN_PREDICATE_1, null,
-				Authorization.INCONCLUSIVE);
-	}
-
-	// ------------------------------------------------------------------------
-	// Support methods
-	// ------------------------------------------------------------------------
-
-	/**
-	 * Create an {@link AddObjectPropertyStatement}, test it, and compare to
-	 * expected results.
-	 */
-	private void assertAddObjectPropStmt(String uriOfSub, String uriOfPred,
-			String uriOfObj, Authorization expectedAuthorization) {
-		AddObjectPropertyStatement whatToAuth = new AddObjectPropertyStatement(
-				ontModel, uriOfSub, new Property(uriOfPred), uriOfObj);
-		PolicyDecision dec = policy.isAuthorized(ids, whatToAuth);
-		log.debug(dec);
-		Assert.assertNotNull(dec);
-		Assert.assertEquals(expectedAuthorization, dec.getAuthorized());
-	}
-
-	/**
-	 * Create an {@link EditObjectPropertyStatement}, test it, and compare to
-	 * expected results.
-	 */
-	private void assertEditObjPropStmt(String uriOfSub, String uriOfPred,
-			String uriOfObj, Authorization expectedAuthorization) {
-		EditObjectPropertyStatement whatToAuth = new EditObjectPropertyStatement(
-				ontModel, uriOfSub, new Property(uriOfPred), uriOfObj);
-		PolicyDecision dec = policy.isAuthorized(ids, whatToAuth);
-		log.debug(dec);
-		Assert.assertNotNull(dec);
-		Assert.assertEquals(expectedAuthorization, dec.getAuthorized());
-	}
-
-	/**
-	 * Create an {@link EditDataPropertyStatement}, test it, and compare to
-	 * expected results.
-	 */
-	private void assertEditDataPropStmt(String individualURI,
-			String datapropURI, String data, Authorization expectedAuthorization) {
-		EditDataPropertyStatement whatToAuth = new EditDataPropertyStatement(
-				ontModel, individualURI, datapropURI, SOME_LITERAL);
-		PolicyDecision dec = policy.isAuthorized(ids, whatToAuth);
-		log.debug(dec);
-		Assert.assertNotNull(dec);
-		Assert.assertEquals(expectedAuthorization, dec.getAuthorized());
-	}
-}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
new file mode 100644
index 0000000000..89becfece2
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
@@ -0,0 +1,123 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Arrays;
+
+import org.junit.Test;
+
+import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+
+public class SimplePermissionPolicyTest extends PolicyTest {
+
+    public static final String ADMIN_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_admin_simple_permissions";
+    public static final String CURATOR_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_curator_simple_permissions";
+    public static final String EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_editor_simple_permissions";
+    public static final String SELF_EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_self_editor_simple_permissions";
+    public static final String PUBLIC_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_public_simple_permissions";
+    @Test
+    public void testAdminSimplePermissionPolicy() {        
+        load(USER_ACCOUNTS_HOME_EVERYTIME + ADMIN_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + ADMIN_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/AdminSimplePermissionsPolicy";
+        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        assertTrue(policy != null);
+        assertEquals(1000, policy.getPriority());
+        assertEquals(1, policy.getRules().size());
+        final AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(true, rule.isAllowMatched());
+        assertEquals(3, rule.getAttributesCount());
+        
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "SeeSiteAdminPage");
+        ar.setRoleUris(Arrays.asList(ROLE_CURATOR_URI));
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        ar.setRoleUris(Arrays.asList(ROLE_ADMIN_URI));
+        assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
+    }
+    
+    @Test
+    public void testCuratorSimplePermissionPolicy() {        
+        load(USER_ACCOUNTS_HOME_EVERYTIME + CURATOR_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + CURATOR_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/CuratorSimplePermissionsPolicy";
+        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        assertTrue(policy != null);
+        assertEquals(1000, policy.getPriority());
+        assertEquals(1, policy.getRules().size());
+        final AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(true, rule.isAllowMatched());
+        assertEquals(3, rule.getAttributesCount());
+        
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "EditOntology");
+        ar.setRoleUris(Arrays.asList(ROLE_EDITOR_URI));
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        ar.setRoleUris(Arrays.asList(ROLE_CURATOR_URI));
+        assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
+    }
+    
+    @Test
+    public void testEditorSimplePermissionPolicy() {        
+        load(USER_ACCOUNTS_HOME_EVERYTIME + EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/EditorSimplePermissionsPolicy";
+        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        assertTrue(policy != null);
+        assertEquals(1000, policy.getPriority());
+        assertEquals(1, policy.getRules().size());
+        final AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(true, rule.isAllowMatched());
+        assertEquals(3, rule.getAttributesCount());
+        
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "DoBackEndEditing");
+        ar.setRoleUris(Arrays.asList(ROLE_SELF_EDITOR_URI));
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        ar.setRoleUris(Arrays.asList(ROLE_EDITOR_URI));
+        assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
+    }
+
+    @Test
+    public void testSelfEditorSimplePermissionPolicy() {        
+        load(USER_ACCOUNTS_HOME_EVERYTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SelfEditorSimplePermissionsPolicy";
+        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        assertTrue(policy != null);
+        assertEquals(1000, policy.getPriority());
+        assertEquals(1, policy.getRules().size());
+        final AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(true, rule.isAllowMatched());
+        assertEquals(3, rule.getAttributesCount());
+        
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "DoFrontEndEditing");
+        ar.setRoleUris(Arrays.asList(ROLE_PUBLIC_URI));
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        ar.setRoleUris(Arrays.asList(ROLE_SELF_EDITOR_URI));
+        assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
+    }
+    
+    @Test
+    public void testPublicSimplePermissionPolicy() {        
+        load(USER_ACCOUNTS_HOME_EVERYTIME + PUBLIC_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + PUBLIC_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/PublicSimplePermissionsPolicy";
+        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        assertTrue(policy != null);
+        assertEquals(1000, policy.getPriority());
+        assertEquals(1, policy.getRules().size());
+        final AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(true, rule.isAllowMatched());
+        assertEquals(3, rule.getAttributesCount());
+        
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "QueryFullModel");
+        ar.setRoleUris(Arrays.asList(""));
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        ar.setRoleUris(Arrays.asList(ROLE_PUBLIC_URI));
+        assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
+    }
+   
+    
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBeanImplTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBeanImplTest.java
deleted file mode 100644
index e3ac5fe000..0000000000
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBeanImplTest.java
+++ /dev/null
@@ -1,511 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
-
-import static edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels.Which.DISPLAY;
-import static edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels.Which.MODIFY;
-import static edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels.Which.PUBLISH;
-import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.CURATOR;
-import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.DB_ADMIN;
-import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.EDITOR;
-import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.NOBODY;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import java.util.Arrays;
-import java.util.List;
-
-import org.junit.Before;
-import org.junit.Test;
-
-import stubs.edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDaoStub;
-import stubs.edu.cornell.mannlib.vitro.webapp.dao.FauxPropertyDaoStub;
-import stubs.edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDaoStub;
-import stubs.edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactoryStub;
-import stubs.edu.cornell.mannlib.vitro.webapp.modelaccess.ContextModelAccessStub;
-import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels.Which;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.beans.FauxProperty;
-import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-import edu.cornell.mannlib.vitro.webapp.dao.PropertyDao.FullPropertyKey;
-
-/**
- * If we believe that authorization will succeed regardless of user role, check
- * that it succeeds with the lowest role.
- *
- * If we believe that authorization will fail regardless of user role, check
- * that it fails with the highest role.
- *
- * If we believe that authorization depends on the user role, it should pass if
- * the user role is higher than or equal to the threshold, and fail if the user
- * role is less than the threshold.
- *
- * Note that we can't set a threshold to be tested to either the lowest or
- * highest role, or the attempt to test with higher or lower role will throw an
- * exception.
- */
-public class PropertyRestrictionBeanImplTest extends AbstractTestClass {
-	private static final String NS_PROHIBITED = "http://prbi.prohibited/";
-	private static final String URI_RESOURCE_EXCEPTIONAL = NS_PROHIBITED
-			+ "exceptionalResource";
-	private static final String URI_PREDICATE_EXCEPTIONAL = NS_PROHIBITED
-			+ "exceptionalPredicate";
-
-	private static final List<String> PROHIBITED_NAMESPACES = Arrays
-			.asList(new String[] { NS_PROHIBITED });
-	private static final List<String> PERMITTED_EXCEPTIONS = Arrays
-			.asList(new String[] { URI_RESOURCE_EXCEPTIONAL,
-					URI_PREDICATE_EXCEPTIONAL });
-
-	private static final String URI_RESOURCE_ANY = "http://prbi.test/anyResource";
-	private static final String URI_RESOURCE_PROHIBITED = NS_PROHIBITED
-			+ "resource";
-
-	private static final String URI_PREDICATE_BARE = "http://prbi.test/barePredicate";
-	private static final String URI_PREDICATE_PROHIBITED = NS_PROHIBITED
-			+ "predicate";
-	private static final String URI_PREDICATE_UNKNOWN = "http://prbi.test/unknownPredicate";
-
-	private static final String URI_DOMAIN_1 = "http://prbi.test/domain1";
-	private static final String URI_RANGE_1 = "http://prbi.test/range1";
-	private static final String URI_DOMAIN_2 = "http://prbi.test/domain2";
-	private static final String URI_RANGE_2 = "http://prbi.test/range2";
-
-	private PropertyRestrictionBeanImpl bean;
-
-	private ObjectProperty barePredicate;
-	private ObjectProperty prohibitedPredicate;
-	private ObjectProperty exceptionalPredicate;
-	private ObjectProperty unknownPredicate;
-
-	private FauxProperty emptyFaux;
-	private FauxProperty restrictedFaux;
-	private FauxProperty unknownFaux;
-
-	@Before
-	public void setup() {
-		barePredicate = createObjectProperty(null, URI_PREDICATE_BARE, null,
-				EDITOR, CURATOR, DB_ADMIN);
-		unknownPredicate = createObjectProperty(null, URI_PREDICATE_UNKNOWN,
-				null, null, null, null);
-		prohibitedPredicate = createObjectProperty(null,
-				URI_PREDICATE_PROHIBITED, null, null, null, null);
-		exceptionalPredicate = createObjectProperty(null,
-				URI_PREDICATE_EXCEPTIONAL, null, CURATOR, EDITOR, EDITOR);
-
-		emptyFaux = createFauxProperty(URI_DOMAIN_1, URI_PREDICATE_BARE,
-				URI_RANGE_1, null, null, null);
-		restrictedFaux = createFauxProperty(URI_DOMAIN_2, URI_PREDICATE_BARE,
-				URI_RANGE_2, EDITOR, DB_ADMIN, CURATOR);
-		unknownFaux = createFauxProperty(URI_DOMAIN_1, URI_PREDICATE_UNKNOWN,
-				URI_RANGE_1, NOBODY, NOBODY, NOBODY);
-
-		ObjectPropertyDaoStub opDao = new ObjectPropertyDaoStub();
-		opDao.addObjectProperty(barePredicate);
-		opDao.addObjectProperty(prohibitedPredicate);
-		opDao.addObjectProperty(exceptionalPredicate);
-
-		DataPropertyDaoStub dpDao = new DataPropertyDaoStub();
-
-		FauxPropertyDaoStub fpDao = new FauxPropertyDaoStub();
-		fpDao.insertFauxProperty(emptyFaux);
-		fpDao.insertFauxProperty(restrictedFaux);
-
-		WebappDaoFactoryStub wadf = new WebappDaoFactoryStub();
-		wadf.setObjectPropertyDao(opDao);
-		wadf.setDataPropertyDao(dpDao);
-		wadf.setFauxPropertyDao(fpDao);
-
-		ContextModelAccessStub models = new ContextModelAccessStub();
-		models.setWebappDaoFactory(wadf);
-
-		bean = new PropertyRestrictionBeanImpl(PROHIBITED_NAMESPACES,
-				PERMITTED_EXCEPTIONS, models);
-	}
-
-	private ObjectProperty createObjectProperty(String domainUri, String uri,
-			String rangeUri, RoleLevel displayThreshold,
-			RoleLevel modifyThreshold, RoleLevel publishThreshold) {
-		ObjectProperty op = new ObjectProperty();
-		op.setURI(uri);
-		op.setDomainVClassURI(domainUri);
-		op.setRangeVClassURI(rangeUri);
-		op.setHiddenFromDisplayBelowRoleLevel(displayThreshold);
-		op.setProhibitedFromUpdateBelowRoleLevel(modifyThreshold);
-		op.setHiddenFromPublishBelowRoleLevel(publishThreshold);
-		return op;
-	}
-
-	private FauxProperty createFauxProperty(String domainUri, String uri,
-			String rangeUri, RoleLevel displayThreshold,
-			RoleLevel modifyThreshold, RoleLevel publishThreshold) {
-		FauxProperty fp = new FauxProperty(domainUri, uri, rangeUri);
-		fp.setHiddenFromDisplayBelowRoleLevel(displayThreshold);
-		fp.setProhibitedFromUpdateBelowRoleLevel(modifyThreshold);
-		fp.setHiddenFromPublishBelowRoleLevel(publishThreshold);
-		return fp;
-	}
-
-	// ----------------------------------------------------------------------
-	// Resources
-	// ----------------------------------------------------------------------
-
-	@Test
-	public void nullResource_display_false() {
-		assertFalse(bean.canDisplayResource(null, highestRole()));
-	}
-
-	@Test
-	public void anyResource_display_true() {
-		assertTrue(bean.canDisplayResource(URI_RESOURCE_ANY, lowestRole()));
-	}
-
-	@Test
-	public void anyResource_nullUserRole_display_false() {
-		assertFalse(bean.canDisplayResource(URI_RESOURCE_ANY, null));
-	}
-
-	@Test
-	public void nullResource_modify_false() {
-		assertFalse(bean.canModifyResource(null, highestRole()));
-	}
-
-	@Test
-	public void prohibitedResource_modify_false() {
-		assertFalse(bean.canModifyResource(URI_RESOURCE_PROHIBITED,
-				highestRole()));
-	}
-
-	@Test
-	public void exceptionalResource_modify_true() {
-		assertTrue(bean.canModifyResource(URI_RESOURCE_EXCEPTIONAL,
-				lowestRole()));
-	}
-
-	@Test
-	public void unremarkableResource_modify_true() {
-		assertTrue(bean.canModifyResource(URI_RESOURCE_ANY, lowestRole()));
-	}
-
-	@Test
-	public void unremarkableResource_nullUserRole_modify_false() {
-		assertFalse(bean.canModifyResource(URI_RESOURCE_ANY, null));
-	}
-
-	@Test
-	public void nullResource_publish_false() {
-		assertFalse(bean.canPublishResource(null, highestRole()));
-	}
-
-	@Test
-	public void anyResource_publish_true() {
-		assertTrue(bean.canPublishResource(URI_RESOURCE_ANY, lowestRole()));
-	}
-
-	@Test
-	public void anyResource_nullUserRole_publish_false() {
-		assertFalse(bean.canPublishResource(URI_RESOURCE_ANY, null));
-	}
-
-	// ----------------------------------------------------------------------
-	// Predicates
-	// ----------------------------------------------------------------------
-
-	// ----- display
-
-	@Test
-	public void nullPredicate_display_false() {
-		assertFalse(bean.canDisplayPredicate(null, highestRole()));
-	}
-
-	@Test
-	public void barePredicate_display_byRole() {
-		assertTrue(bean.canDisplayPredicate(barePredicate,
-				higherRole(barePredicate, DISPLAY)));
-		assertTrue(bean.canDisplayPredicate(barePredicate,
-				sameRole(barePredicate, DISPLAY)));
-		assertFalse(bean.canDisplayPredicate(barePredicate,
-				lowerRole(barePredicate, DISPLAY)));
-	}
-
-	@Test
-	public void unknownBarePredicate_display_true() {
-		assertTrue(bean.canDisplayPredicate(unknownPredicate, lowestRole()));
-	}
-
-	@Test
-	public void emptyQualifiedPredicate_display_byBareRole() {
-		assertTrue(bean.canDisplayPredicate(asProperty(emptyFaux),
-				higherRole(barePredicate, DISPLAY)));
-		assertTrue(bean.canDisplayPredicate(asProperty(emptyFaux),
-				sameRole(barePredicate, DISPLAY)));
-		assertFalse(bean.canDisplayPredicate(asProperty(emptyFaux),
-				lowerRole(barePredicate, DISPLAY)));
-	}
-
-	@Test
-	public void restrictedQualifiedPredicate_display_byRole() {
-		assertTrue(bean.canDisplayPredicate(asProperty(restrictedFaux),
-				higherRole(restrictedFaux, DISPLAY)));
-		assertTrue(bean.canDisplayPredicate(asProperty(restrictedFaux),
-				sameRole(restrictedFaux, DISPLAY)));
-		assertFalse(bean.canDisplayPredicate(asProperty(restrictedFaux),
-				lowerRole(restrictedFaux, DISPLAY)));
-	}
-
-	@Test
-	public void unknownQualifiedPredicate_display_true() {
-		assertTrue(bean.canDisplayPredicate(asProperty(unknownFaux),
-				lowestRole()));
-	}
-
-	// ----- modify
-
-	@Test
-	public void nullPredicate_modify_false() {
-		assertFalse(bean.canModifyPredicate(null, highestRole()));
-	}
-
-	@Test
-	public void prohibitedPredicate_modify_false() {
-		assertFalse(bean.canModifyPredicate(prohibitedPredicate, lowestRole()));
-	}
-
-	@Test
-	public void exceptionalPredicate_modify_byRole() {
-		assertTrue(bean.canModifyPredicate(exceptionalPredicate,
-				higherRole(exceptionalPredicate, MODIFY)));
-		assertTrue(bean.canModifyPredicate(exceptionalPredicate,
-				sameRole(exceptionalPredicate, MODIFY)));
-		assertFalse(bean.canModifyPredicate(exceptionalPredicate,
-				lowerRole(exceptionalPredicate, MODIFY)));
-	}
-
-	@Test
-	public void barePredicate_modify_byRole() {
-		assertTrue(bean.canModifyPredicate(barePredicate,
-				higherRole(barePredicate, MODIFY)));
-		assertTrue(bean.canModifyPredicate(barePredicate,
-				sameRole(barePredicate, MODIFY)));
-		assertFalse(bean.canModifyPredicate(barePredicate,
-				lowerRole(barePredicate, MODIFY)));
-	}
-
-	@Test
-	public void unknownBarePredicate_modify_true() {
-		assertTrue(bean.canModifyPredicate(unknownPredicate, lowestRole()));
-	}
-
-	@Test
-	public void emptyQualifiedPredicate_modify_byBareRole() {
-		assertTrue(bean.canModifyPredicate(asProperty(emptyFaux),
-				higherRole(barePredicate, MODIFY)));
-		assertTrue(bean.canModifyPredicate(asProperty(emptyFaux),
-				sameRole(barePredicate, MODIFY)));
-		assertFalse(bean.canModifyPredicate(asProperty(emptyFaux),
-				lowerRole(barePredicate, MODIFY)));
-	}
-
-	@Test
-	public void restrictedQualifiedPredicate_modify_byRole() {
-		assertTrue(bean.canModifyPredicate(asProperty(restrictedFaux),
-				higherRole(restrictedFaux, MODIFY)));
-		assertTrue(bean.canModifyPredicate(asProperty(restrictedFaux),
-				sameRole(restrictedFaux, MODIFY)));
-		assertFalse(bean.canModifyPredicate(asProperty(restrictedFaux),
-				lowerRole(restrictedFaux, MODIFY)));
-	}
-
-	@Test
-	public void unknownQualifiedPredicate_modify_true() {
-		assertTrue(bean.canModifyPredicate(asProperty(unknownFaux),
-				lowestRole()));
-	}
-
-	// ----- publish
-
-	@Test
-	public void nullPredicate_publish_false() {
-		assertFalse(bean.canPublishPredicate(null, highestRole()));
-	}
-
-	@Test
-	public void barePredicate_publish_byRole() {
-		assertTrue(bean.canPublishPredicate(barePredicate,
-				higherRole(barePredicate, PUBLISH)));
-		assertTrue(bean.canPublishPredicate(barePredicate,
-				sameRole(barePredicate, PUBLISH)));
-		assertFalse(bean.canPublishPredicate(barePredicate,
-				lowerRole(barePredicate, PUBLISH)));
-	}
-
-	@Test
-	public void unknownBarePredicate_publish_true() {
-		assertTrue(bean.canPublishPredicate(unknownPredicate, lowestRole()));
-	}
-
-	@Test
-	public void emptyQualifiedPredicate_publish_byBareRole() {
-		assertTrue(bean.canPublishPredicate(asProperty(emptyFaux),
-				higherRole(barePredicate, PUBLISH)));
-		assertTrue(bean.canPublishPredicate(asProperty(emptyFaux),
-				sameRole(barePredicate, PUBLISH)));
-		assertFalse(bean.canPublishPredicate(asProperty(emptyFaux),
-				lowerRole(barePredicate, PUBLISH)));
-	}
-
-	@Test
-	public void restrictedQualifiedPredicate_publish_byRole() {
-		assertTrue(bean.canPublishPredicate(asProperty(restrictedFaux),
-				higherRole(restrictedFaux, PUBLISH)));
-		assertTrue(bean.canPublishPredicate(asProperty(restrictedFaux),
-				sameRole(restrictedFaux, PUBLISH)));
-		assertFalse(bean.canPublishPredicate(asProperty(restrictedFaux),
-				lowerRole(restrictedFaux, PUBLISH)));
-	}
-
-	@Test
-	public void unknownQualifiedPredicate_publish_true() {
-		assertTrue(bean.canPublishPredicate(asProperty(unknownFaux),
-				lowestRole()));
-	}
-
-	// ----------------------------------------------------------------------
-	// update permissions
-	// ----------------------------------------------------------------------
-
-	@Test
-	public void updateToAllowDisplay() {
-		RoleLevel desiredDisplayLevel = lowerRole(barePredicate, DISPLAY);
-
-		assertFalse(bean
-				.canDisplayPredicate(barePredicate, desiredDisplayLevel));
-
-		bean.updateProperty(updatedLevels(barePredicate, desiredDisplayLevel,
-				sameRole(barePredicate, MODIFY),
-				sameRole(barePredicate, PUBLISH)));
-
-		assertTrue(bean.canDisplayPredicate(barePredicate, desiredDisplayLevel));
-	}
-
-	@Test
-	public void updateToAllowModify() {
-		RoleLevel desiredModifyLevel = lowerRole(barePredicate, MODIFY);
-
-		assertFalse(bean.canModifyPredicate(barePredicate, desiredModifyLevel));
-
-		bean.updateProperty(updatedLevels(barePredicate,
-				sameRole(barePredicate, DISPLAY), desiredModifyLevel,
-				sameRole(barePredicate, PUBLISH)));
-
-		assertTrue(bean.canModifyPredicate(barePredicate, desiredModifyLevel));
-	}
-
-	@Test
-	public void updateToAllowPublish() {
-		RoleLevel desiredPublishLevel = lowerRole(barePredicate, PUBLISH);
-
-		assertFalse(bean
-				.canPublishPredicate(barePredicate, desiredPublishLevel));
-
-		bean.updateProperty(updatedLevels(barePredicate,
-				sameRole(barePredicate, DISPLAY),
-				sameRole(barePredicate, MODIFY), desiredPublishLevel));
-
-		assertTrue(bean.canPublishPredicate(barePredicate, desiredPublishLevel));
-	}
-
-	@Test
-	public void updateToDisallowDisplay() {
-		RoleLevel desiredDisplayLevel = sameRole(barePredicate, DISPLAY);
-
-		assertTrue(bean.canDisplayPredicate(barePredicate, desiredDisplayLevel));
-
-		bean.updateProperty(updatedLevels(barePredicate,
-				higherRole(barePredicate, DISPLAY),
-				sameRole(barePredicate, MODIFY),
-				sameRole(barePredicate, PUBLISH)));
-
-		assertFalse(bean
-				.canDisplayPredicate(barePredicate, desiredDisplayLevel));
-	}
-
-	@Test
-	public void updateToDisallowModify() {
-		RoleLevel desiredModifyLevel = sameRole(barePredicate, MODIFY);
-
-		assertTrue(bean.canModifyPredicate(barePredicate, desiredModifyLevel));
-
-		bean.updateProperty(updatedLevels(barePredicate,
-				sameRole(barePredicate, DISPLAY),
-				higherRole(barePredicate, MODIFY),
-				sameRole(barePredicate, PUBLISH)));
-
-		assertFalse(bean.canModifyPredicate(barePredicate, desiredModifyLevel));
-	}
-
-	@Test
-	public void updateToDisallowPublish() {
-		RoleLevel desiredPublishLevel = sameRole(barePredicate, PUBLISH);
-
-		assertTrue(bean.canPublishPredicate(barePredicate, desiredPublishLevel));
-
-		bean.updateProperty(updatedLevels(barePredicate,
-				sameRole(barePredicate, DISPLAY),
-				sameRole(barePredicate, MODIFY),
-				higherRole(barePredicate, PUBLISH)));
-
-		assertFalse(bean
-				.canPublishPredicate(barePredicate, desiredPublishLevel));
-	}
-
-	// ----------------------------------------------------------------------
-	// Helper methods
-	// ----------------------------------------------------------------------
-
-	private RoleLevel lowestRole() {
-		return RoleLevel.values()[0];
-	}
-
-	private RoleLevel highestRole() {
-		RoleLevel[] values = RoleLevel.values();
-		return values[values.length - 1];
-	}
-
-	private RoleLevel sameRole(RoleRestrictedProperty p, Which which) {
-		switch (which) {
-		case DISPLAY:
-			return p.getHiddenFromDisplayBelowRoleLevel();
-		case MODIFY:
-			return p.getProhibitedFromUpdateBelowRoleLevel();
-		default: // PUBLISH
-			return p.getHiddenFromPublishBelowRoleLevel();
-		}
-	}
-
-	private RoleLevel lowerRole(RoleRestrictedProperty p, Which which) {
-		return RoleLevel.values()[sameRole(p, which).ordinal() - 1];
-	}
-
-	private RoleLevel higherRole(RoleRestrictedProperty p, Which which) {
-		return RoleLevel.values()[sameRole(p, which).ordinal() + 1];
-	}
-
-	private Property asProperty(FauxProperty fp) {
-		Property p = new Property();
-		p.setURI(fp.getBaseURI());
-		p.setDomainVClassURI(fp.getDomainURI());
-		p.setRangeVClassURI(fp.getRangeURI());
-		return p;
-	}
-
-	private PropertyRestrictionLevels updatedLevels(RoleRestrictedProperty p,
-			RoleLevel displayLevel, RoleLevel modifyLevel,
-			RoleLevel publishLevel) {
-		return new PropertyRestrictionLevels(new FullPropertyKey(p),
-				displayLevel, modifyLevel, publishLevel);
-	}
-
-}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequestTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequestTest.java
index 4af7e727a4..4def3b6e56 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequestTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequestTest.java
@@ -8,7 +8,8 @@
 
 import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
 
 /**
  * Test the functions of the base class.
@@ -17,45 +18,31 @@ public class AuthorizationRequestTest extends AbstractTestClass {
 	private MyAuth one = new MyAuth("one");
 	private MyAuth two = new MyAuth("two");
 
-	@Test
-	public void and() {
-		assertEquals("and", "(MyAuth[one] && MyAuth[two])", one.and(two)
-				.toString());
-	}
-
-	@Test
-	public void andNull() {
-		assertEquals("andNull", "MyAuth[one]", one.and(null).toString());
-	}
-
-	@Test
-	public void or() {
-		assertEquals("or", "(MyAuth[one] || MyAuth[two])", one.or(two)
-				.toString());
-	}
-
-	@Test
-	public void orNull() {
-		assertEquals("orNull", "MyAuth[one]", one.or(null).toString());
-	}
+    /*
+     * @Test public void and() { assertEquals("and",
+     * "(MyAuth[one] && MyAuth[two])", one.and(two) .toString()); }
+     * 
+     * @Test public void andNull() { assertEquals("andNull", "MyAuth[one]",
+     * one.and(null).toString()); }
+     * 
+     * @Test public void or() { assertEquals("or",
+     * "(MyAuth[one] || MyAuth[two])", one.or(two) .toString()); }
+     * 
+     * @Test public void orNull() { assertEquals("orNull", "MyAuth[one]",
+     * one.or(null).toString()); }
+     */
 
 	// ----------------------------------------------------------------------
 	// Helper classes
 	// ----------------------------------------------------------------------
 
-	private static class MyAuth extends AuthorizationRequest {
+	private static class MyAuth extends AccessObject {
 		private final String name;
 
 		public MyAuth(String name) {
 			this.name = name;
 		}
 
-		@Override
-		public boolean isAuthorized(IdentifierBundle ids, PolicyIface policy) {
-			throw new RuntimeException(
-					"AuthorizationRequest.isAuthorized() not implemented.");
-		}
-
 		@Override
 		public String toString() {
 			return "MyAuth[" + name + "]";
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStoreTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStoreTest.java
new file mode 100644
index 0000000000..4daed66b75
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStoreTest.java
@@ -0,0 +1,104 @@
+package edu.cornell.mannlib.vitro.webapp.auth.rules;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.ModelFactory;
+import org.apache.jena.shared.Lock;
+import org.junit.Before;
+import org.junit.Test;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+
+public class AccessRuleStoreTest {
+
+    private static final String RDFS_LABEL_URI = "http://www.w3.org/2000/01/rdf-schema#label";
+    private static final String ROLE_ADMIN_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
+    private static final String ROLE_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
+    private static final String ROLE_CURATOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR";
+
+    public static final String RULES_PATH = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/rules.n3";
+    private Model model;
+    private AccessRuleStore store;
+
+    @Before
+    public void init() {
+        model = ModelFactory.createDefaultModel();
+        try {
+            model.enterCriticalSection(Lock.WRITE);
+            model.read(RULES_PATH);    
+        } finally {
+            model.leaveCriticalSection();
+        }
+        AccessRuleStore.initialize(model);
+        store = AccessRuleStore.getInstance();
+    }
+    
+    public void testInitilization() {
+        assertEquals(3, store.getRulesCount());
+    }
+    
+    public void testGetGrantedRoleUris() {
+        List<String> grantedRoles = store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.DISPLAY);
+        assertEquals(1, grantedRoles.size());
+        assertTrue(grantedRoles.contains(ROLE_ADMIN_URI));
+    }
+    
+    public void testGetGrantedRoleUrisNotExists() {
+        List<String> grantedRoles = store.getGrantedRoleUris(RDFS_LABEL_URI + "_NOT_EXISTS", AccessOperation.DISPLAY);
+        assertEquals(0, grantedRoles.size());
+    }
+    
+    public void testDeleteRule() {
+        long initialSize = store.getModelSize();
+        long initialRulesCount = store.getRulesCount();
+        store.removeEntityRule(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, ROLE_ADMIN_URI);
+        assertTrue(store.getModelSize() < initialSize);
+        assertTrue(store.getRulesCount() < initialRulesCount);
+    }
+    
+    public void testCreateRule() {
+        long initialSize = store.getModelSize();
+        long initialRulesCount = store.getRulesCount();
+        store.createEntityRule(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, ROLE_EDITOR_URI);
+        assertTrue(store.getModelSize() > initialSize);
+        assertTrue(store.getRulesCount() > initialRulesCount);
+    }
+    
+    public void testGrantedRolesModification() {
+        List<String> grantedRoles = store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.PUBLISH);
+        int prevRolesCount = grantedRoles.size();
+        store.createEntityRule(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, ROLE_EDITOR_URI);
+        grantedRoles = store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.PUBLISH);
+        assertTrue(grantedRoles.size() > prevRolesCount);
+        prevRolesCount = grantedRoles.size();
+        store.createEntityRule(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, ROLE_CURATOR_URI);
+        grantedRoles = store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.PUBLISH);
+        assertTrue(grantedRoles.size() > prevRolesCount);
+        prevRolesCount = grantedRoles.size();
+        store.removeEntityRule(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, ROLE_EDITOR_URI);
+        grantedRoles = store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.PUBLISH);
+        assertTrue(grantedRoles.size() < prevRolesCount);
+    }
+    
+    
+    public void getGetAttributeUri() {
+        assertEquals("https://vivoweb.org/ontology/vitro-application/auth/individual/PublishOperationAttribute", store.getAttributeUriFromModel("EQUALS","OPERATION","PUBLISH",true));
+        assertEquals("", store.getAttributeUriFromModel("EQUALS","OPERATION","DO_SOMETHING_NEW", true));
+    }
+    
+    public void testUpdateEntityRules() {
+        HashSet<String> roles = new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_EDITOR_URI ));
+        HashSet<String> newRoles = new HashSet<String>(Arrays.asList(ROLE_CURATOR_URI));
+        store.updateEntityRules(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, roles);
+        HashSet<String> grantedRoles = new HashSet<String>(store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.PUBLISH));
+        assertEquals(roles, grantedRoles);
+        store.updateEntityRules(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, newRoles);
+        grantedRoles = new HashSet<String>(store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.PUBLISH));
+        assertEquals(newRoles, grantedRoles);
+    }
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java
index c849fa411a..afbf18a1d2 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java
@@ -40,11 +40,8 @@
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
 import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasPermissionFactory;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionRegistry;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PermissionsPolicy;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyStore;
 import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
@@ -139,6 +136,7 @@ public static void prepareUserAccounts() {
 
 	@Before
 	public void setup() throws Exception {
+	    //PermissionRegistry.setInstance(null);
 		I18nStub.setup();
 
 		authenticatorFactory = new AuthenticatorStub.Factory();
@@ -158,7 +156,7 @@ public void setup() throws Exception {
 		PermissionSet adminPermissionSet = new PermissionSet();
 		adminPermissionSet.setUri(URI_DBA);
 		adminPermissionSet.setPermissionUris(Collections
-				.singleton(SimplePermission.SEE_SITE_ADMIN_PAGE.getUri()));
+				.singleton(SimplePermission.SEE_SITE_ADMIN_PAGE.ACTION.getObject().getUri()));
 
 		userAccountsDao = new UserAccountsDaoStub();
 		userAccountsDao.addPermissionSet(adminPermissionSet);
@@ -175,10 +173,11 @@ public void setup() throws Exception {
 		ModelAccessFactoryStub mafs = new ModelAccessFactoryStub();
 		mafs.get(servletContext).setWebappDaoFactory(webappDaoFactory);
 
-		setLoggerLevel(ServletPolicyList.class, Level.WARN);
-		ServletPolicyList.addPolicy(servletContext, new PermissionsPolicy());
-		PermissionRegistry.createRegistry(servletContext,
-				Collections.singleton(SimplePermission.SEE_SITE_ADMIN_PAGE));
+		setLoggerLevel(PolicyStore.class, Level.WARN);
+		//PolicyStore.addPolicy(new PermissionsPolicy());
+		
+		//PermissionRegistry.createRegistry(servletContext,
+		//		Collections.singleton(SimplePermission.SEE_SITE_ADMIN_PAGE.getAccessRule()));
 
 		servletConfig = new ServletConfigStub();
 		servletConfig.setServletContext(servletContext);
@@ -200,8 +199,6 @@ public void setup() throws Exception {
 		setLoggerLevel(ConfigurationProperties.class, Level.WARN);
 		new ConfigurationPropertiesStub().setBean(servletContext);
 
-		ActiveIdentifierBundleFactories.addFactory(servletContext,
-				new HasPermissionFactory(servletContext));
 	}
 
 	private static UserAccount createUserFromUserInfo(UserInfo userInfo) {
@@ -509,7 +506,7 @@ public void exitUnrecognizedSelfEditor() {
 
 		assertNoProcessBean();
 		assertNewLoginSessions(OLD_STRANGER_NAME);
-		assertRedirect(URL_HOME);
+		assertRedirect(URL_WITH_LINK);
 	}
 
 	@Test
@@ -524,6 +521,7 @@ public void exitDbaNormal() {
 		assertRedirect(URL_RESTRICTED);
 	}
 
+	@Ignore
 	@Test
 	public void exitDbaFromLoginPage() {
 		setProcessBean(LOGGING_IN, NO_USER, URL_LOGIN, URL_LOGIN);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/individual/IndividualRdfAssemblerTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/individual/IndividualRdfAssemblerTest.java
index 3069df3789..1388606e10 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/individual/IndividualRdfAssemblerTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/individual/IndividualRdfAssemblerTest.java
@@ -37,15 +37,17 @@
 import org.apache.jena.rdf.model.Statement;
 
 import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.BasicPolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyStore;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish.PublishDataPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish.PublishObjectPropertyStatement;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
@@ -100,7 +102,7 @@ public void setup() throws IOException {
 		ctx = new ServletContextStub();
 		session = new HttpSessionStub();
 		session.setServletContext(ctx);
-
+		PolicyStore.getInstance().clear();
 		req = new HttpServletRequestStub();
 		req.setSession(session);
 
@@ -320,17 +322,17 @@ private OntModel includeDocInfo(OntModel m) {
 	}
 
 	private void policyUnrestricted() {
-		ServletPolicyList.addPolicy(ctx, new UnrestrictedPolicy());
+		PolicyStore.getInstance().add(new UnrestrictedPolicy());
 	}
 
 	private void policyRestrictByPredicate(String... predicateUris) {
-		ServletPolicyList.addPolicy(ctx, new RestrictionsPolicy(predicateUris,
-				new String[0]));
+		PolicyStore.getInstance().add(new RestrictionsPolicy(predicateUris,
+        new String[0]));
 	}
 
 	private void policyRestrictByClass(String... classUris) {
-		ServletPolicyList.addPolicy(ctx, new RestrictionsPolicy(new String[0],
-				classUris));
+		PolicyStore.getInstance().add(new RestrictionsPolicy(new String[0],
+        classUris));
 	}
 
 	private void filterAndCompare(String message) {
@@ -430,29 +432,30 @@ private void removeMatchingDateStatements(List<Statement> list1,
 	// Helper class
 	// ----------------------------------------------------------------------
 
-	private abstract static class AbstractTestPolicy implements PolicyIface {
+	private abstract static class AbstractTestPolicy implements Policy {
 		@Override
-		public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
-				RequestedAction whatToAuth) {
-			if (whatToAuth instanceof PublishDataPropertyStatement) {
-				return filterDataProperty((PublishDataPropertyStatement) whatToAuth);
-			} else if (whatToAuth instanceof PublishObjectPropertyStatement) {
-				return filterObjectProperty((PublishObjectPropertyStatement) whatToAuth);
+		public PolicyDecision decide(AuthorizationRequest ar) {
+	          AccessObject whatToAuth = ar.getAccessObject();
+	          AccessOperation operation = ar.getAccessOperation();
+			if (whatToAuth instanceof DataPropertyStatementAccessObject) {
+				return filterDataProperty((DataPropertyStatementAccessObject) whatToAuth);
+			} else if (AccessOperation.PUBLISH.equals(operation) && whatToAuth instanceof ObjectPropertyStatementAccessObject) {
+				return filterObjectProperty((ObjectPropertyStatementAccessObject) whatToAuth);
 			} else {
 				return inconclusive("Bogus");
 			}
 		}
 
 		private PolicyDecision filterDataProperty(
-				PublishDataPropertyStatement pdps) {
-			return filter(pdps.getPredicateUri(), null);
+		        DataPropertyStatementAccessObject pdps) {
+			return filter(pdps.getStatementPredicateUri(), null);
 		}
 
 		private PolicyDecision filterObjectProperty(
-				PublishObjectPropertyStatement pops) {
-			String propertyUri = pops.getPredicateUri();
+		        ObjectPropertyStatementAccessObject pops) {
+			String propertyUri = pops.getStatementPredicateUri();
 			if (VitroVocabulary.RDF_TYPE.equals(propertyUri)) {
-				return filter(propertyUri, pops.getObjectUri());
+				return filter(propertyUri, pops.getStatementObject());
 			} else {
 				return filter(propertyUri, null);
 			}
@@ -462,11 +465,11 @@ protected abstract PolicyDecision filter(String propertyUri,
 				String classUri);
 
 		protected BasicPolicyDecision authorized(String message) {
-			return new BasicPolicyDecision(Authorization.AUTHORIZED, message);
+			return new BasicPolicyDecision(DecisionResult.AUTHORIZED, message);
 		}
 
 		protected BasicPolicyDecision inconclusive(String message) {
-			return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message);
+			return new BasicPolicyDecision(DecisionResult.INCONCLUSIVE, message);
 		}
 	}
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/IndividualFilteringByStatementTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/IndividualFilteringByStatementTest.java
index 7572764655..fc303a2bf2 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/IndividualFilteringByStatementTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/IndividualFilteringByStatementTest.java
@@ -2,7 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.dao.filtering;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction.SOME_URI;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/DataPropertyDaoJenaTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/DataPropertyDaoJenaTest.java
index 6e436c8f85..7cbd22ebf3 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/DataPropertyDaoJenaTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/DataPropertyDaoJenaTest.java
@@ -71,9 +71,6 @@ public void minimalUpdates(){
 		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.PUBLIC_DESCRIPTION_ANNOT), ResourceFactory.createLangLiteral("this is the public description", lang));
 		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.DISPLAY_RANK_ANNOT), subModel.createTypedLiteral(21));
 		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.DISPLAY_LIMIT), subModel.createTypedLiteral(5));
-		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT), subModel.createResource("http://vitro.mannlib.cornell.edu/ns/vitro/role#curator"));
-		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT), subModel.createResource("http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor"));
-		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT), subModel.createResource("http://vitro.mannlib.cornell.edu/ns/vitro/role#editor"));
 		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROPERTY_INPROPERTYGROUPANNOT), subModel.createResource("http://thisIsTheInPropertyGroupURI"));
 		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROPERTY_CUSTOMENTRYFORMANNOT), subModel.createResource("http://thisIsTheCustomFormEntryURI"));
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/ObjectPropertyDaoJenaTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/ObjectPropertyDaoJenaTest.java
index 32aab2131f..53a7484d22 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/ObjectPropertyDaoJenaTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/ObjectPropertyDaoJenaTest.java
@@ -145,9 +145,6 @@ public void minimalUpdates(){
 		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROPERTY_ENTITYSORTDIRECTION), subModel.createTypedLiteral("this is the entity sort direction"));
 		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.DISPLAY_RANK_ANNOT), subModel.createTypedLiteral(21));
 		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROPERTY_OBJECTINDIVIDUALSORTPROPERTY), subModel.createResource("http://thisIsTheObjectIndividualSortProperty"));
-		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT), subModel.createResource("http://vitro.mannlib.cornell.edu/ns/vitro/role#curator"));
-		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT), subModel.createResource("http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor"));
-		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT), subModel.createResource("http://vitro.mannlib.cornell.edu/ns/vitro/role#editor"));
 		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROPERTY_INPROPERTYGROUPANNOT), subModel.createResource("http://thisIsTheInPropertyGroupURI"));
 		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROPERTY_CUSTOMENTRYFORMANNOT), subModel.createResource("http://thisIsTheCustomFormEntryURI"));
 		property1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROPERTY_SELECTFROMEXISTINGANNOT), subModel.createTypedLiteral(true));
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassDaoTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassDaoTest.java
index 9a305f7aa5..666d844e55 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassDaoTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassDaoTest.java
@@ -88,9 +88,6 @@ public void modelIsolation(){
 		class1.setPropertyValue(subModel.createProperty(VitroVocabulary.DISPLAY_LIMIT), subModel.createTypedLiteral(-1));
 		class1.setPropertyValue(subModel.createProperty(VitroVocabulary.DISPLAY_RANK_ANNOT), subModel.createTypedLiteral(-11));
 		class1.setPropertyValue(subModel.createProperty(VitroVocabulary.SEARCH_BOOST_ANNOT), subModel.createTypedLiteral(2.4f));
-		class1.setPropertyValue(subModel.createProperty(VitroVocabulary.HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT), subModel.createResource("http://vitro.mannlib.cornell.edu/ns/vitro/role#curator"));
-		class1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT), subModel.createResource("http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor"));
-		class1.setPropertyValue(subModel.createProperty(VitroVocabulary.HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT), subModel.createResource("http://vitro.mannlib.cornell.edu/ns/vitro/role#editor"));
 		class1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROPERTY_CUSTOMENTRYFORMANNOT), subModel.createTypedLiteral("this is the custom entry form annotation"));
 		class1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROPERTY_CUSTOMDISPLAYVIEWANNOT), subModel.createTypedLiteral("this is the custom display view annotation"));
 		class1.setPropertyValue(subModel.createProperty(VitroVocabulary.PROPERTY_CUSTOMSHORTVIEWANNOT), subModel.createTypedLiteral("this is the custom short view annotation"));
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassJenaTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassJenaTest.java
index ddc914f3a2..dfd0015590 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassJenaTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/VClassJenaTest.java
@@ -102,9 +102,6 @@ public void correctValues(){
 		class1.setPropertyValue(ontModel.createProperty(VitroVocabulary.DISPLAY_LIMIT), ontModel.createTypedLiteral(-1));
 		class1.setPropertyValue(ontModel.createProperty(VitroVocabulary.DISPLAY_RANK_ANNOT), ontModel.createTypedLiteral(-11));
 		class1.setPropertyValue(ontModel.createProperty(VitroVocabulary.SEARCH_BOOST_ANNOT), ontModel.createTypedLiteral(2.4f));
-		class1.setPropertyValue(ontModel.createProperty(VitroVocabulary.HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT), ontModel.createResource("http://vitro.mannlib.cornell.edu/ns/vitro/role#curator"));
-		class1.setPropertyValue(ontModel.createProperty(VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT), ontModel.createResource("http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor"));
-		class1.setPropertyValue(ontModel.createProperty(VitroVocabulary.HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT), ontModel.createResource("http://vitro.mannlib.cornell.edu/ns/vitro/role#editor"));
 		class1.setPropertyValue(ontModel.createProperty(VitroVocabulary.PROPERTY_CUSTOMENTRYFORMANNOT), ontModel.createTypedLiteral("this is the custom entry form annotation"));
 		class1.setPropertyValue(ontModel.createProperty(VitroVocabulary.PROPERTY_CUSTOMDISPLAYVIEWANNOT), ontModel.createTypedLiteral("this is the custom display view annotation"));
 		class1.setPropertyValue(ontModel.createProperty(VitroVocabulary.PROPERTY_CUSTOMSHORTVIEWANNOT), ontModel.createTypedLiteral("this is the custom short view annotation"));
@@ -127,19 +124,16 @@ public void correctValues(){
 		Assert.assertEquals(vClassJena.getName(), vClass.getName());
 		Assert.assertEquals(vClassJena.getLocalNameWithPrefix(), vClass.getLocalNameWithPrefix());
 
-		Assert.assertEquals(vClassJena.getPickListName(), vClass.getPickListName());
-		Assert.assertEquals(vClassJena.getExample(), vClass.getExample());
-		Assert.assertEquals(vClassJena.getDescription(), vClass.getDescription());
-		Assert.assertEquals(vClassJena.getShortDef(), vClass.getShortDef());
-		Assert.assertEquals(vClassJena.getDisplayRank(), vClass.getDisplayRank());
-		Assert.assertEquals(vClassJena.getGroupURI(), vClass.getGroupURI());
-		Assert.assertEquals(vClassJena.getCustomEntryForm(), vClass.getCustomEntryForm());
-		Assert.assertEquals(vClassJena.getCustomShortView(), vClass.getCustomShortView());
-		Assert.assertEquals(vClassJena.getCustomSearchView(), vClass.getCustomSearchView());
-		Assert.assertEquals(vClassJena.getSearchBoost(), vClass.getSearchBoost());
-		Assert.assertEquals(vClassJena.getHiddenFromDisplayBelowRoleLevel(), vClass.getHiddenFromDisplayBelowRoleLevel());
-		Assert.assertEquals(vClassJena.getProhibitedFromUpdateBelowRoleLevel(), vClass.getProhibitedFromUpdateBelowRoleLevel());
-		Assert.assertEquals(vClassJena.getHiddenFromPublishBelowRoleLevel(), vClass.getHiddenFromPublishBelowRoleLevel());
+		Assert.assertEquals(vClassJena.getPickListName(), vClass.getPickListName());  
+		Assert.assertEquals(vClassJena.getExample(), vClass.getExample());  
+		Assert.assertEquals(vClassJena.getDescription(), vClass.getDescription());  
+		Assert.assertEquals(vClassJena.getShortDef(), vClass.getShortDef());  
+		Assert.assertEquals(vClassJena.getDisplayRank(), vClass.getDisplayRank());  
+		Assert.assertEquals(vClassJena.getGroupURI(), vClass.getGroupURI());  
+		Assert.assertEquals(vClassJena.getCustomEntryForm(), vClass.getCustomEntryForm());  
+		Assert.assertEquals(vClassJena.getCustomShortView(), vClass.getCustomShortView());  
+		Assert.assertEquals(vClassJena.getCustomSearchView(), vClass.getCustomSearchView());  
+		Assert.assertEquals(vClassJena.getSearchBoost(), vClass.getSearchBoost());  
 
 	}
 
@@ -168,9 +162,6 @@ void printModels(OntModel ontModel) {
     protected AnnotationProperty LOCAL_PROPERTY_CUSTOMDISPLAYVIEWANNOT = _constModel.createAnnotationProperty(VitroVocabulary.PROPERTY_CUSTOMDISPLAYVIEWANNOT);
     protected AnnotationProperty LOCAL_PROPERTY_CUSTOMSHORTVIEWANNOT = _constModel.createAnnotationProperty(VitroVocabulary.PROPERTY_CUSTOMSHORTVIEWANNOT);
     protected AnnotationProperty LOCAL_PROPERTY_CUSTOMSEARCHVIEWANNOT = _constModel.createAnnotationProperty(VitroVocabulary.PROPERTY_CUSTOMSEARCHVIEWANNOT);
-    protected AnnotationProperty LOCAL_HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT = _constModel.createAnnotationProperty(VitroVocabulary.HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT);
-    protected AnnotationProperty LOCAL_PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT = _constModel.createAnnotationProperty(VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT);
-    protected AnnotationProperty LOCAL_HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT = _constModel.createAnnotationProperty(VitroVocabulary.HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT);
     protected AnnotationProperty LOCAL_IN_CLASSGROUP = _constModel.createAnnotationProperty(VitroVocabulary.IN_CLASSGROUP);
 
 
@@ -210,64 +201,6 @@ private VClass vClassWebappFromOntClass(OntClass cls, WebappDaoFactoryJena wadf)
             vcw.setCustomShortView(getPropertyStringValue(cls,LOCAL_PROPERTY_CUSTOMSHORTVIEWANNOT));
             vcw.setCustomSearchView(getPropertyStringValue(cls,LOCAL_PROPERTY_CUSTOMSEARCHVIEWANNOT));
             vcw.setSearchBoost(getPropertyFloatValue(cls,LOCAL_SEARCH_BOOST_ANNOT));
-
-            //There might be multiple HIDDEN_FROM_EDIT_DISPLAY_ANNOT properties, only use the highest
-            StmtIterator it = cls.listProperties(LOCAL_HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT);
-            BaseResourceBean.RoleLevel hiddenRoleLevel = null;
-            while( it.hasNext() ){
-                Statement stmt = it.nextStatement();
-                RDFNode obj;
-                if( stmt != null && (obj = stmt.getObject()) != null && obj.isURIResource() ){
-                    Resource res = (Resource)obj.as(Resource.class);
-                    if( res != null && res.getURI() != null ){
-                        BaseResourceBean.RoleLevel roleFromModel = BaseResourceBean.RoleLevel.getRoleByUri(res.getURI());
-                        if( roleFromModel != null &&
-                            (hiddenRoleLevel == null || roleFromModel.compareTo(hiddenRoleLevel) > 0 )){
-                            hiddenRoleLevel = roleFromModel;
-                        }
-                    }
-                }
-            }
-            vcw.setHiddenFromDisplayBelowRoleLevel(hiddenRoleLevel);//this might get set to null
-
-            //There might be multiple PROHIBITED_FROM_UPDATE_DISPLAY_ANNOT properties, only use the highest
-            it = cls.listProperties(LOCAL_PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT);
-            BaseResourceBean.RoleLevel prohibitedRoleLevel = null;
-            while( it.hasNext() ){
-                Statement stmt = it.nextStatement();
-                RDFNode obj;
-                if( stmt != null && (obj = stmt.getObject()) != null && obj.isURIResource() ){
-                    Resource res = (Resource)obj.as(Resource.class);
-                    if( res != null && res.getURI() != null ){
-                        BaseResourceBean.RoleLevel roleFromModel = BaseResourceBean.RoleLevel.getRoleByUri(res.getURI());
-                        if( roleFromModel != null &&
-                            (prohibitedRoleLevel == null || roleFromModel.compareTo(prohibitedRoleLevel) > 0 )){
-                            prohibitedRoleLevel = roleFromModel;
-                        }
-                    }
-                }
-            }
-            vcw.setProhibitedFromUpdateBelowRoleLevel(prohibitedRoleLevel);//this might get set to null
-
-            //There might be multiple LOCAL_HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT properties, only use the highest
-            it = cls.listProperties(LOCAL_HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT);
-            BaseResourceBean.RoleLevel publishRoleLevel = null;
-            while( it.hasNext() ){
-                Statement stmt = it.nextStatement();
-                RDFNode obj;
-                if( stmt != null && (obj = stmt.getObject()) != null && obj.isURIResource() ){
-                    Resource res = (Resource)obj.as(Resource.class);
-                    if( res != null && res.getURI() != null ){
-                        BaseResourceBean.RoleLevel roleFromModel = BaseResourceBean.RoleLevel.getRoleByUri(res.getURI());
-                        if( roleFromModel != null &&
-                            (publishRoleLevel == null || roleFromModel.compareTo(publishRoleLevel) > 0 )){
-                            publishRoleLevel = roleFromModel;
-                        }
-                    }
-                }
-            }
-            vcw.setHiddenFromPublishBelowRoleLevel(publishRoleLevel);//this might get set to null
-
         } finally {
             cls.getModel().leaveCriticalSection();
         }
diff --git a/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBeanStub.java b/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBeanStub.java
deleted file mode 100644
index fdb660b11e..0000000000
--- a/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionBeanStub.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.jena.rdf.model.impl.Util;
-
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBean;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-
-/**
- * Allow the unit test to specify a variety of restrictions
- */
-public class PropertyRestrictionBeanStub extends PropertyRestrictionBean {
-
-	// ----------------------------------------------------------------------
-	// Stub infrastructure
-	// ----------------------------------------------------------------------
-
-	/** Don't prohibit or restrict anything. */
-	public static PropertyRestrictionBean getInstance() {
-		return getInstance(null, null);
-	}
-
-	/** Prohibit some namespaces. */
-	public static PropertyRestrictionBeanStub getInstance(
-			String[] restrictedNamespaces) {
-		return getInstance(restrictedNamespaces, null);
-	}
-
-	/**
-	 * Prohibit some namespaces and restrict some properties from modification
-	 * by anybody. They may still be displayed or published.
-	 *
-	 * We can implement more granular control if we need it.
-	 */
-	public static PropertyRestrictionBeanStub getInstance(
-			String[] restrictedNamespaces, String[] restrictedProperties) {
-		PropertyRestrictionBeanStub stub = new PropertyRestrictionBeanStub(
-				restrictedNamespaces, restrictedProperties);
-		PropertyRestrictionBean.instance = stub;
-		return stub;
-	}
-
-	private final Set<String> restrictedNamespaces;
-	private final Set<String> restrictedProperties;
-
-	private PropertyRestrictionBeanStub(String[] restrictedNamespaces,
-			String[] restrictedProperties) {
-		this.restrictedNamespaces = (restrictedNamespaces == null) ? Collections
-				.<String> emptySet() : new HashSet<>(
-				Arrays.asList(restrictedNamespaces));
-		this.restrictedProperties = (restrictedProperties == null) ? Collections
-				.<String> emptySet() : new HashSet<>(
-				Arrays.asList(restrictedProperties));
-	}
-
-	private boolean isPermittedNamespace(String uri) {
-		return !restrictedNamespaces.contains(namespace(uri));
-	}
-
-	private String namespace(String uri) {
-		return uri.substring(0, Util.splitNamespaceXML(uri));
-	}
-
-	private boolean isPermittedProperty(String uri) {
-		return !restrictedProperties.contains(uri);
-	}
-
-	// ----------------------------------------------------------------------
-	// Stub methods
-	// ----------------------------------------------------------------------
-
-	@Override
-	public boolean canDisplayResource(String resourceUri, RoleLevel userRole) {
-		return isPermittedNamespace(resourceUri);
-	}
-
-	@Override
-	public boolean canModifyResource(String resourceUri, RoleLevel userRole) {
-		return isPermittedNamespace(resourceUri)
-				&& isPermittedProperty(resourceUri);
-	}
-
-	@Override
-	public boolean canPublishResource(String resourceUri, RoleLevel userRole) {
-		return isPermittedNamespace(resourceUri);
-	}
-
-	@Override
-	public boolean canDisplayPredicate(Property predicate, RoleLevel userRole) {
-		return isPermittedNamespace(predicate.getURI());
-	}
-
-	@Override
-	public boolean canModifyPredicate(Property predicate, RoleLevel userRole) {
-		return isPermittedNamespace(predicate.getURI())
-				&& isPermittedProperty(predicate.getURI());
-	}
-
-	@Override
-	public boolean canPublishPredicate(Property predicate, RoleLevel userRole) {
-		return isPermittedNamespace(predicate.getURI());
-	}
-
-	// ----------------------------------------------------------------------
-	// Un-implemented methods
-	// ----------------------------------------------------------------------
-
-	@Override
-	public void updateProperty(PropertyRestrictionLevels levels) {
-		throw new RuntimeException(
-				"PropertyRestrictionBeanStub.updateProperty() not implemented.");
-	}
-
-}
diff --git a/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/beans/IndividualStub.java b/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/beans/IndividualStub.java
index 53b0dddc98..adbb3c67e0 100644
--- a/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/beans/IndividualStub.java
+++ b/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/beans/IndividualStub.java
@@ -13,7 +13,6 @@
 import org.apache.jena.rdf.model.Resource;
 import org.apache.jena.rdf.model.ResourceFactory;
 
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
@@ -232,60 +231,6 @@ public void setLocalName(String localName) {
 				"IndividualStub.setLocalName() not implemented.");
 	}
 
-	@Override
-	public RoleLevel getHiddenFromDisplayBelowRoleLevel() {
-		throw new RuntimeException(
-				"IndividualStub.getHiddenFromDisplayBelowRoleLevel() not implemented.");
-	}
-
-	@Override
-	public void setHiddenFromDisplayBelowRoleLevel(RoleLevel eR) {
-		throw new RuntimeException(
-				"IndividualStub.setHiddenFromDisplayBelowRoleLevel() not implemented.");
-	}
-
-	@Override
-	public void setHiddenFromDisplayBelowRoleLevelUsingRoleUri(String roleUri) {
-		throw new RuntimeException(
-				"IndividualStub.setHiddenFromDisplayBelowRoleLevelUsingRoleUri() not implemented.");
-	}
-
-	@Override
-	public RoleLevel getProhibitedFromUpdateBelowRoleLevel() {
-		throw new RuntimeException(
-				"IndividualStub.getProhibitedFromUpdateBelowRoleLevel() not implemented.");
-	}
-
-	@Override
-	public void setProhibitedFromUpdateBelowRoleLevel(RoleLevel eR) {
-		throw new RuntimeException(
-				"IndividualStub.setProhibitedFromUpdateBelowRoleLevel() not implemented.");
-	}
-
-	@Override
-	public void setProhibitedFromUpdateBelowRoleLevelUsingRoleUri(String roleUri) {
-		throw new RuntimeException(
-				"IndividualStub.setProhibitedFromUpdateBelowRoleLevelUsingRoleUri() not implemented.");
-	}
-
-	@Override
-	public RoleLevel getHiddenFromPublishBelowRoleLevel() {
-		throw new RuntimeException(
-				"IndividualStub.getHiddenFromPublishBelowRoleLevel() not implemented.");
-	}
-
-	@Override
-	public void setHiddenFromPublishBelowRoleLevel(RoleLevel eR) {
-		throw new RuntimeException(
-				"IndividualStub.setHiddenFromPublishBelowRoleLevel() not implemented.");
-	}
-
-	@Override
-	public void setHiddenFromPublishBelowRoleLevelUsingRoleUri(String roleUri) {
-		throw new RuntimeException(
-				"IndividualStub.setHiddenFromPublishBelowRoleLevelUsingRoleUri() not implemented.");
-	}
-
 	@Override
 	public int compareTo(Individual o) {
 		throw new RuntimeException(
diff --git a/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/config/ConfigurationPropertiesStub.java b/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/config/ConfigurationPropertiesStub.java
index 23a35bfbb4..90d371f240 100644
--- a/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/config/ConfigurationPropertiesStub.java
+++ b/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/config/ConfigurationPropertiesStub.java
@@ -28,7 +28,7 @@ public void setProperty(String key, String value) {
 	}
 
 	public void setBean(ServletContext ctx) {
-		setBean(ctx, this);
+		setBean(this);
 	}
 
 	@Override
diff --git a/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelAccessFactoryStub.java b/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelAccessFactoryStub.java
index 492e85e919..cb674c9fa7 100644
--- a/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelAccessFactoryStub.java
+++ b/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelAccessFactoryStub.java
@@ -35,10 +35,12 @@ public ModelAccessFactoryStub() {
 
 		contextMA = new ContextModelAccessStub();
 		requestMA = new RequestModelAccessStub();
+        ModelAccess.setInstance(contextMA);
 	}
 
 	@Override
 	public ContextModelAccess buildContextModelAccess(ServletContext ctx) {
+	    ModelAccess.setInstance(contextMA);
 		return contextMA;
 	}
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_data.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_data.n3
new file mode 100644
index 0000000000..2274ec094f
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_data.n3
@@ -0,0 +1,4 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+<test:alice> <test:has_publication> <test:publication> .
+
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
new file mode 100644
index 0000000000..8acebcdebf
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
@@ -0,0 +1,30 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:ProximityTestPolicy rdf:type ao:Policy ;
+          ao:rules ai:ProximityRuleSet .
+
+ai:ProximityRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowPersonEditOwnPublication .
+          
+ai:AllowPersonEditOwnPublication rdf:type ao:Rule ;
+          ao:attribute ai:PublicationInProximityAttribute .
+          
+ai:PublicationInProximityAttribute rdf:type ao:Attribute ;
+         ao:test ai:SparqlSelectQueryContains ;
+         ao:type ai:StatementSubjectUri ;
+         ao:value ai:PublicationProximityToPerson .
+
+ai:PublicationProximityToPerson rdf:type ao:TestData ;
+        ao:id """
+        SELECT ?resourceUri WHERE {
+                  ?personUri <test:has_publication> ?resourceUri .
+        }
+        """ .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
new file mode 100644
index 0000000000..5dbb0f96e8
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
@@ -0,0 +1,29 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:BrokenPolicyBrokenTestType rdf:type ao:Policy ;
+          ao:rules ai:BrokenTestPolicyRuleSet .
+
+ai:BrokenTestPolicyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:BrokenTestRule .
+          
+ai:BrokenTestRule rdf:type ao:Rule ;
+          ao:attribute ai:ValidTestAttribute ;
+          ao:attribute ai:BrokenTestAttribute .
+          
+ai:BrokenTestAttribute rdf:type ao:Attribute ;
+         ao:type ai:Operation ;
+         ao:value ai:PublishOperation .
+         
+ai:ValidTestAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:Operation ;
+         ao:value ai:PublishOperation .
+
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
new file mode 100644
index 0000000000..6c0f3a4abf
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
@@ -0,0 +1,29 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:BrokenPolicyType rdf:type ao:Policy ;
+          ao:rules ai:BrokenTestPolicyRuleSet .
+
+ai:BrokenTestPolicyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:BrokenTestRule .
+          
+ai:BrokenTestRule rdf:type ao:Rule ;
+          ao:attribute ai:ValidTestAttribute ;
+          ao:attribute ai:BrokenTestAttribute .
+          
+ai:BrokenTestAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:value ai:PublishOperation .
+         
+ai:ValidTestAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:Operation ;
+         ao:value ai:PublishOperation .
+
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
new file mode 100644
index 0000000000..4a0e9eb443
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
@@ -0,0 +1,30 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:BrokenPolicyBrokenTestTypeId rdf:type ao:Policy ;
+          ao:rules ai:BrokenTestPolicyRuleSet .
+
+ai:BrokenTestPolicyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:BrokenTestRule .
+          
+ai:BrokenTestRule rdf:type ao:Rule ;
+          ao:attribute ai:ValidTestAttribute ;
+          ao:attribute ai:BrokenTestAttribute .
+          
+ai:BrokenTestAttribute rdf:type ao:Attribute ;
+         ao:test ai:UnknownTest ;
+         ao:type ai:Operation ;
+         ao:value ai:PublishOperation .
+         
+ai:ValidTestAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:Operation ;
+         ao:value ai:PublishOperation .
+
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
new file mode 100644
index 0000000000..e211ac2f67
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
@@ -0,0 +1,30 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:BrokenPolicyTypeId rdf:type ao:Policy ;
+          ao:rules ai:BrokenTestPolicyRuleSet .
+
+ai:BrokenTestPolicyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:BrokenTestRule .
+          
+ai:BrokenTestRule rdf:type ao:Rule ;
+          ao:attribute ai:ValidTestAttribute ;
+          ao:attribute ai:BrokenTestAttribute .
+          
+ai:BrokenTestAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:UnknownType ;
+         ao:value ai:PublishOperation .
+         
+ai:ValidTestAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:Operation ;
+         ao:value ai:PublishOperation .
+
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
new file mode 100644
index 0000000000..f4fd658fa1
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -0,0 +1,42 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:BrokenTestSetPolicy rdf:type ao:Policy ;
+          ao:testDatasets ai:testDataSets ;
+          ao:rules ai:BrokenRuleSet .
+
+ai:BrokenRuleSet rdf:type ao:Rules ;
+          ao:rule ai:BrokenRule .
+          
+ai:BrokenRule rdf:type ao:Rule ;
+          ao:attribute ai:BrokenAttribute1 ;
+          ao:attribute ai:BrokenAttribute2 .
+          
+ai:BrokenAttribute1 rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:valueSet1 .
+         
+ai:BrokenAttribute2 rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:valueSet2 .
+
+ai:testDataSets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:testDataSet1 .
+
+ai:testDataSet1 rdf:type ao:TestDataSet ;
+          ao:testData ai:valueSet1 .
+
+ai:valueSet1 rdf:type ao:TestData ;
+        ao:dataValue <test:value1> ;
+        ao:dataValue <test:value2> ;
+        .        
+
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
new file mode 100644
index 0000000000..3ea6fb6fdc
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -0,0 +1,52 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:BrokenTestSetPolicy rdf:type ao:Policy ;
+          ao:testDatasets ai:testDataSets ;
+          ao:rules ai:BrokenRuleSet .
+
+ai:BrokenRuleSet rdf:type ao:Rules ;
+          ao:rule ai:BrokenRule .
+          
+ai:BrokenRule rdf:type ao:Rule ;
+          ao:attribute ai:BrokenSetAttribute1 ;
+          ao:attribute ai:BrokenSetAttribute2 .
+          
+ai:BrokenSetAttribute1 rdf:type ao:Attribute ;
+         ao:test ai:NotOneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:valueSet1 .
+         
+ai:BrokenSetAttribute2 rdf:type ao:Attribute ;
+         ao:test ai:NotOneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:valueSet2 .
+
+ai:testDataSets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:testDataSet1 ;
+          ao:testDataset ai:testDataSet2 .
+
+ai:testDataSet1 rdf:type ao:TestDataSet ;
+          ao:testData ai:valueSet1 .
+
+ai:testDataSet2 rdf:type ao:TestDataSet ;
+          ao:testData ai:valueSet2 .
+
+ai:valueSet1 rdf:type ao:TestData ;
+        ao:dataValue <test:value1> ;
+        ao:dataValue <test:value2> ;
+        .
+        
+ai:valueSet2 rdf:type ao:TestData ;
+        ao:dataValue <test:value3> ;
+        ao:dataValue <test:value4> ;
+        .
+        
+
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
new file mode 100644
index 0000000000..f45af6b1f9
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -0,0 +1,29 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:KeyTestPolicy rdf:type ao:Policy ;
+          ao:policyKey ai:PolicyKeyTest ;
+          ao:rules ai:KeyTestRuleSet .
+
+ai:KeyTestRuleSet rdf:type ao:Rules ;
+          ao:rule ai:KeyTestRule .
+          
+ai:KeyTestRule rdf:type ao:Rule ;
+          ao:attribute ai:KeyTestAttribute .
+          
+ai:KeyTestAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:Operation ;
+         ao:value ai:PublishOperation .
+
+ai:PolicyKeyTest rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:DisplayOperationGroup .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
new file mode 100644
index 0000000000..9ede26ef47
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
@@ -0,0 +1,24 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:ValidTestPolicy rdf:type ao:Policy ;
+          ao:rules ai:ValidRuleSet .
+
+ai:ValidRuleSet rdf:type ao:Rules ;
+          ao:rule ai:ValidRule .
+          
+ai:ValidRule rdf:type ao:Rule ;
+          ao:attribute ai:ValidAttribute .
+          
+ai:ValidAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:Operation ;
+         ao:value ai:PublishOperation .
+
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
new file mode 100644
index 0000000000..0d361d0b74
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -0,0 +1,60 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:ValidTestSetPolicy rdf:type ao:Policy ;
+          ao:testDatasets ai:testDataSets1 ;
+          ao:rules ai:ValidRuleSet .
+
+ai:ValidRuleSet rdf:type ao:Rules ;
+          ao:rule ai:ValidRule .
+          
+ai:ValidRule rdf:type ao:Rule ;
+          ao:attribute ai:ValidAttribute1 ;
+          ao:attribute ai:ValidAttribute2 .
+          
+ai:ValidAttribute1 rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:valueSet3 ;
+         ao:setValue ai:valueSet1 .
+         
+ai:ValidAttribute2 rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:valueSet4 ;
+         ao:setValue ai:valueSet2 .
+
+ai:testDataSets1 rdf:type ao:TestDatasets ;
+         ao:testDataset ai:testDataSet2 ;
+         ao:testDataset ai:testDataSet1 .
+
+ai:testDataSet1 rdf:type ao:TestDataSet ;
+         ao:testData ai:valueSet2 ;
+         ao:testData ai:valueSet1 .
+         
+ai:testDataSet2 rdf:type ao:TestDataSet ;
+         ao:testData ai:valueSet3 ;
+         ao:testData ai:valueSet4 .
+
+ai:valueSet1 rdf:type ao:TestData ;
+         ao:dataValue <test:value1> ;
+         .
+        
+ai:valueSet2 rdf:type ao:TestData ;
+         ao:dataValue <test:value2> ;
+         .
+         
+ai:valueSet3 rdf:type ao:TestData ;
+         ao:dataValue <test:value3> ;
+         .
+        
+ai:valueSet4 rdf:type ao:TestData ;
+         ao:dataValue <test:value4> ;
+         .
diff --git a/home/src/main/resources/rdf/auth/everytime/attribute_types.n3 b/home/src/main/resources/rdf/auth/everytime/attribute_types.n3
new file mode 100644
index 0000000000..f52674cd07
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/attribute_types.n3
@@ -0,0 +1,54 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:Subject rdf:type ao:AttributeType ;
+         ao:id "SUBJECT" .
+
+ai:SubjectRole rdf:type ao:AttributeType ;
+         ao:id "SUBJECT_ROLE_URI" .
+         
+ai:SubjectType rdf:type ao:AttributeType ;
+         ao:id "SUBJECT_TYPE" .
+
+ai:ObjectUri rdf:type ao:AttributeType ;
+         ao:id "OBJECT_URI" .
+         
+ai:ObjectType rdf:type ao:AttributeType ;
+         ao:id "OBJECT_TYPE" .
+
+ai:Operation rdf:type ao:AttributeType ;
+         ao:id "OPERATION" .
+         
+ai:SubjectNotMatch rdf:type ao:AttributeType ;
+         ao:id "SUBJECT_NOT_MATCH" .
+         
+ai:ObjectNotMatch rdf:type ao:AttributeType ;
+         ao:id "OBJECT_NOT_MATCH" .
+         
+ai:SubjectNotMatch rdf:type ao:AttributeType ;
+         ao:id "SUBJECT_NOT_MATCH" .
+         
+ai:RelatesToSubjectProfile rdf:type ao:AttributeType ;
+         ao:id "RELATES_TO_SUBJECT_PROFILE" .
+         
+ai:StatementPredicateUri rdf:type ao:AttributeType ;
+         ao:id "STATEMENT_PREDICATE_URI" .
+         
+ai:StatementSubjectUri rdf:type ao:AttributeType ;
+         ao:id "STATEMENT_SUBJECT_URI" .
+
+ai:ObjectPropertyUri rdf:type ao:AttributeType ;
+         ao:id "OBJECT_PROPERTY_URI" .
+         
+ai:DataPropertyUri rdf:type ao:AttributeType ;
+         ao:id "DATA_PROPERTY_URI" .
+      
+ai:StatementObjectUri rdf:type ao:AttributeType ;
+         ao:id "STATEMENT_OBJECT_URI" .
diff --git a/home/src/main/resources/rdf/auth/everytime/attributes.n3 b/home/src/main/resources/rdf/auth/everytime/attributes.n3
new file mode 100644
index 0000000000..2a05a64012
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/attributes.n3
@@ -0,0 +1,119 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+###########################################################################
+### Subject attributes
+
+ai:IsRootUserAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:SubjectType ;
+         ao:value ai:RootUserSubject .
+
+ai:SubjectRoleEqualsAdminRoleAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:SubjectRole ;
+         ao:value auth:ADMIN .
+         
+ai:SubjectRoleEqualsCuratorRoleAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:SubjectRole ;
+         ao:value auth:CURATOR .
+
+ai:SubjectRoleEqualsEditorRoleAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:SubjectRole ;
+         ao:value auth:EDITOR .
+
+ai:SubjectRoleEqualsSelfEditorRoleAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:SubjectRole ;
+         ao:value auth:SELF_EDITOR .
+
+ai:SubjectRoleEqualsPublicRoleAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:SubjectRole ;
+         ao:value auth:PUBLIC .
+
+###########################################################################
+### Operation attributes
+
+ai:DisplayOperationAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:Operation ;
+         ao:value ai:DisplayOperation .
+         
+ai:PublishOperationAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:Operation ;
+         ao:value ai:PublishOperation .
+         
+ai:UpdateOperationAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:Operation ;
+         ao:value ai:UpdateOperation .
+         
+ai:EditOperationAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:Operation ;
+         ao:value ai:EditOperation .
+         
+ai:DropOperationAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:Operation ;
+         ao:value ai:DropOperation .
+         
+ai:AddOperationAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:Operation ;
+         ao:value ai:AddOperation .
+         
+###########################################################################
+### Object attributes
+
+ai:ObjectPropertyTypeAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectType ;
+         ao:value ai:ObjectPropertyAccesObject .
+
+ai:DataPropertyTypeAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectType ;
+         ao:value ai:DataPropertyAccesObject .
+
+ai:ObjectPropertyStatementTypeAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectType ;
+         ao:value ai:ObjectPropertyStatementAccesObject .
+         
+ai:DataPropertyStatementTypeAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectType ;
+         ao:value ai:DataPropertyStatementAccesObject .
+
+ai:NamedObjectTypeAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectType ;
+         ao:value ai:NamedObject .
+         
+ai:ClassTypeAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectType ;
+         ao:value ai:Class .
+         
+ai:ObjectUriInPersonProfileProximityAttribute rdf:type ao:Attribute ;
+         ao:test ai:SparqlSelectQueryContains ;
+         ao:type ai:ObjectUri ;
+         ao:value ai:Class .
+
+ai:SubjectUriInPersonProfileProximityAttribute rdf:type ao:Attribute ;
+         ao:test ai:SparqlSelectQueryContains ;
+         ao:type ai:SubjectUri ;
+         ao:value ai:Class .
+         
diff --git a/home/src/main/resources/rdf/auth/everytime/decisions.n3 b/home/src/main/resources/rdf/auth/everytime/decisions.n3
new file mode 100644
index 0000000000..58e37f5441
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/decisions.n3
@@ -0,0 +1,15 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:Deny rdf:type ao:Decision;
+         ao:id "DENY" .
+
+ai:Allow rdf:type ao:Decison;
+         ao:id "ALLOW" .
diff --git a/home/src/main/resources/rdf/auth/everytime/object_types.n3 b/home/src/main/resources/rdf/auth/everytime/object_types.n3
new file mode 100644
index 0000000000..d45e4031da
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/object_types.n3
@@ -0,0 +1,30 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+   
+ai:ObjectPropertyAccesObject rdf:type ao:ObjectType ;
+     ao:id "OBJECT_PROPERTY" .
+
+ai:DataPropertyAccesObject rdf:type ao:ObjectType ;
+     ao:id "DATA_PROPERTY" .
+     
+ai:FauxPropertyAccesObject rdf:type ao:ObjectType ;
+     ao:id "FAUX_PROPERTY" .
+     
+ai:ObjectPropertyStatementAccesObject rdf:type ao:ObjectType ;
+     ao:id "OBJECT_PROPERTY_STATEMENT" .
+
+ai:DataPropertyStatementAccesObject rdf:type ao:ObjectType ;
+     ao:id "DATA_PROPERTY_STATEMENT" .
+
+ai:Class rdf:type ao:ObjectType ;
+     ao:id "CLASS" .
+     
+ai:NamedObject rdf:type ao:ObjectType ;
+     ao:id "NAMED_OBJECT" .
diff --git a/home/src/main/resources/rdf/auth/everytime/ontology.n3 b/home/src/main/resources/rdf/auth/everytime/ontology.n3
new file mode 100644
index 0000000000..0610eb4ae0
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/ontology.n3
@@ -0,0 +1,138 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+##### Ontology
+<https://vivoweb.org/ontology/vitro-application/auth/vocabulary> rdf:type owl:Ontology .
+
+#### Classes
+
+ao:Policy rdf:type owl:Class ;
+     rdfs:label "Access rule policy"@en-US .
+
+ao:TestDatasets rdf:type owl:Class ;
+     rdfs:label "Test datasets"@en-US .
+     
+ao:TestDataset rdf:type owl:Class ;
+     rdfs:label "Test dataset"@en-US .
+     
+ao:TestData rdf:type owl:Class ;
+     rdfs:label "Test data"@en-US .
+     
+ao:TestValue rdf:type owl:Class ;
+     rdfs:label "Test value"@en-US .
+
+ao:Rule rdf:type owl:Class ;
+     rdfs:label "Access rule"@en-US .
+     
+ao:Rules rdf:type owl:Class ;
+     rdfs:label "Access rule set"@en-US .
+     
+ao:PolicyKey rdf:type owl:Class ;
+     rdfs:label "Policy key"@en-US .
+
+ao:Attribute rdf:type owl:Class ;
+     rdfs:label "Access rule attribute"@en-US .
+     
+ao:Test rdf:type owl:Class ;
+     rdfs:label "Test type"@en-US .
+
+ao:Operation rdf:type owl:Class ;
+     rdfs:label "Operation"@en-US .
+
+ao:OperationGroup rdf:type owl:Class ;
+     rdfs:label "Operation group"@en-US .
+
+ao:ObjectType rdf:type owl:Class ;
+     rdfs:label "Object type"@en-US .
+     
+ao:SubjectType rdf:type owl:Class ;
+     rdfs:label "Subject type"@en-US .
+
+ao:AccesObject rdf:type owl:Class ;
+     rdfs:label "Access object"@en-US .
+
+ao:AttributeType rdf:type owl:Class ;
+     rdfs:label "Attribute type"@en-US .
+     
+ao:Decision rdf:type owl:Class ;
+     rdfs:label "Decision"@en-US .
+     
+#### Data properties
+
+ao:attributeName rdf:type owl:DatatypeProperty ,
+            owl:FunctionalProperty ;
+            rdfs:domain ao:Attribute ;
+            rdfs:range xsd:string ;
+            rdfs:label "Attribute name"@en-US .
+
+ao:id rdf:type owl:DatatypeProperty ,
+            owl:FunctionalProperty ;
+            rdfs:domain ao:AttributeType ;
+            rdfs:range xsd:string ;
+            rdfs:label "id"@en-US .
+
+ao:stringValue rdf:type owl:DatatypeProperty ,
+            owl:FunctionalProperty ;
+            rdfs:range xsd:string ;
+            rdfs:label "id"@en-US .            
+
+ao:priority rdf:type owl:DatatypeProperty ,
+            owl:FunctionalProperty ;
+            rdfs:range xsd:integer ;
+            rdfs:label "priority"@en-US . 
+            
+#### Object properties
+
+ao:attribute rdf:type owl:ObjectProperty ;
+          rdfs:domain ao:Rule ;
+          rdfs:range ao:Attribute .
+          
+ao:decision rdf:type owl:ObjectProperty ;
+          rdfs:domain ao:Rule ;
+          rdfs:range ao:Decision .          
+          
+ao:rules rdf:type owl:ObjectProperty ;
+          rdfs:domain ao:Policy ;
+          rdfs:range ao:Rules .
+
+ao:testDatasets rdf:type owl:ObjectProperty ;
+          rdfs:domain ao:Policy ;
+          rdfs:range ao:TestDatasets .
+
+ao:testData rdf:type owl:ObjectProperty ;
+          rdfs:domain ao:TestDatasets ;
+          rdfs:range ao:TestData .
+
+ao:uri rdf:type owl:ObjectProperty .
+
+ao:value rdf:type owl:ObjectProperty ;
+          rdfs:domain ao:Attribute .
+          
+ao:setValue rdf:type owl:ObjectProperty ;
+          rdfs:domain ao:Attribute .          
+    
+ao:operation rdf:type owl:ObjectProperty ;
+          rdfs:domain ao:Rule ;
+          rdfs:range ao:Operation .
+          
+ao:rule rdf:type owl:ObjectProperty ;
+          rdfs:domain ao:Policy ;
+          rdfs:range ao:Rule .
+
+ao:object rdf:type owl:ObjectProperty ;
+          rdfs:domain ao:Rule ;
+          rdfs:range ao:object .
+          
+ao:keyComponent rdf:type owl:ObjectProperty .
+          
+ao:policyKey rdf:type owl:ObjectProperty ;
+          rdfs:domain ao:Policy ;
+          rdfs:range ao:PolicyKey .            
+
diff --git a/home/src/main/resources/rdf/auth/everytime/operation_groups.n3 b/home/src/main/resources/rdf/auth/everytime/operation_groups.n3
new file mode 100644
index 0000000000..b8de6b2682
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/operation_groups.n3
@@ -0,0 +1,18 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:DisplayOperationGroup rdf:type ao:OperationGroup ;
+         ao:id "DISPLAY_GROUP" .
+         
+ai:UpdateOperationGroup rdf:type ao:OperationGroup ;
+         ao:id "UPDATE_GROUP" .
+         
+ai:PublishOperationGroup rdf:type ao:OperationGroup ;
+         ao:id "PUBLISH_GROUP" .         
diff --git a/home/src/main/resources/rdf/auth/everytime/operations.n3 b/home/src/main/resources/rdf/auth/everytime/operations.n3
new file mode 100644
index 0000000000..4a8ee51b30
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/operations.n3
@@ -0,0 +1,31 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:DisplayOperation rdf:type ao:Operation ;
+         ao:id "DISPLAY" .
+         
+ai:UpdateOperation rdf:type ao:Operation ;
+         ao:id "UPDATE" .
+         
+ai:PublishOperation rdf:type ao:Operation ;
+         ao:id "PUBLISH" .         
+
+ai:AddOperation rdf:type ao:Operation ;
+         ao:id "ADD" .
+         
+ai:DropOperation rdf:type ao:Operation ;
+         ao:id "DROP" .
+
+ai:EditOperation rdf:type ao:Operation ;
+         ao:id "EDIT" .
+
+ai:ExecuteOperation rdf:type ao:Operation ;
+         ao:id "EXECUTE" .
+
diff --git a/home/src/main/resources/rdf/auth/everytime/permission_config.n3 b/home/src/main/resources/rdf/auth/everytime/permission_config.n3
index f94e3516fb..cc1c71380c 100644
--- a/home/src/main/resources/rdf/auth/everytime/permission_config.n3
+++ b/home/src/main/resources/rdf/auth/everytime/permission_config.n3
@@ -3,173 +3,31 @@
 @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
-@prefix displayByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.DisplayByRolePermission#> .
-@prefix editByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.EditByRolePermission#> .
-@prefix publishByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.PublishByRolePermission#> .
 
 auth:ADMIN
     a auth:PermissionSet ;
     rdfs:label "Site Admin" ;
-
-    # ADMIN-only permissions
-    auth:hasPermission simplePermission:AccessSpecialDataModels ;
-   	auth:hasPermission simplePermission:EnableDeveloperPanel ;
-    auth:hasPermission simplePermission:LoginDuringMaintenance ;
-    auth:hasPermission simplePermission:ManageMenus ;
-    auth:hasPermission simplePermission:ManageProxies ;
-    auth:hasPermission simplePermission:ManageSearchIndex ;
-    auth:hasPermission simplePermission:ManageUserAccounts ;
-    auth:hasPermission simplePermission:RefreshVisualizationCache ;
-    auth:hasPermission simplePermission:SeeConfiguration ;
-    auth:hasPermission simplePermission:SeeStartupStatus ;
-    auth:hasPermission simplePermission:UseAdvancedDataToolsPages ;
-    auth:hasPermission simplePermission:UseMiscellaneousAdminPages ;
-    auth:hasPermission simplePermission:UseSparqlQueryPage ;
-    auth:hasPermission simplePermission:PageViewableAdmin ;
-
-    # Uncomment the following permission line to enable the SPARQL update API.
-    # Before enabling, be sure that the URL api/sparqlUpdate is secured by HTTPS,
-    # so passwords will not be sent in clear text.
-    #auth:hasPermission simplePermission:UseSparqlUpdateApi ;
-
-    # permissions for CURATOR and above.
-    auth:hasPermission simplePermission:EditOntology ;
-    auth:hasPermission simplePermission:EditSiteInformation ;
-    auth:hasPermission simplePermission:SeeVerbosePropertyInformation ;
-    auth:hasPermission simplePermission:UseMiscellaneousCuratorPages ;
-	auth:hasPermission simplePermission:PageViewableCurator ;
-
-    # permissions for EDITOR and above.
-    auth:hasPermission simplePermission:DoBackEndEditing ;
-    auth:hasPermission simplePermission:SeeIndividualEditingPanel ;
-    auth:hasPermission simplePermission:SeeRevisionInfo ;
-    auth:hasPermission simplePermission:SeeSiteAdminPage ;
-    auth:hasPermission simplePermission:UseIndividualControlPanel ;
-    auth:hasPermission simplePermission:PageViewableEditor ;
-
-    # permissions for ANY logged-in user.
-    auth:hasPermission simplePermission:DoFrontEndEditing ;
-    auth:hasPermission simplePermission:EditOwnAccount ;
-    auth:hasPermission simplePermission:ManageOwnProxies ;
-    auth:hasPermission simplePermission:QueryUserAccountsModel ;
-    auth:hasPermission simplePermission:UseBasicAjaxControllers ;
-    auth:hasPermission simplePermission:UseMiscellaneousPages ;
-  	auth:hasPermission simplePermission:PageViewableLoggedIn ;
-
-    # permissions for ANY user, even if they are not logged in.
-    auth:hasPermission simplePermission:QueryFullModel ;
-	auth:hasPermission simplePermission:PageViewablePublic ;
-
-    # role-based permissions for ADMIN
-    auth:hasPermission displayByRole:Admin ;
-    auth:hasPermission editByRole:Admin ;
-    auth:hasPermission publishByRole:Admin ;
     .
 
 auth:CURATOR
     a auth:PermissionSet ;
     rdfs:label "Curator" ;
-
-    # permissions for CURATOR and above.
-    auth:hasPermission simplePermission:EditOntology ;
-    auth:hasPermission simplePermission:EditSiteInformation ;
-    auth:hasPermission simplePermission:SeeVerbosePropertyInformation ;
-    auth:hasPermission simplePermission:UseMiscellaneousCuratorPages ;
-    auth:hasPermission simplePermission:PageViewableCurator ;
-
-    # permissions for EDITOR and above.
-    auth:hasPermission simplePermission:DoBackEndEditing ;
-    auth:hasPermission simplePermission:SeeIndividualEditingPanel ;
-    auth:hasPermission simplePermission:SeeRevisionInfo ;
-    auth:hasPermission simplePermission:SeeSiteAdminPage ;
-    auth:hasPermission simplePermission:UseIndividualControlPanel ;
-    auth:hasPermission simplePermission:PageViewableEditor ;
-
-    # permissions for ANY logged-in user.
-    auth:hasPermission simplePermission:DoFrontEndEditing ;
-    auth:hasPermission simplePermission:EditOwnAccount ;
-    auth:hasPermission simplePermission:ManageOwnProxies ;
-    auth:hasPermission simplePermission:QueryUserAccountsModel ;
-    auth:hasPermission simplePermission:UseBasicAjaxControllers ;
-    auth:hasPermission simplePermission:UseMiscellaneousPages ;
-   	auth:hasPermission simplePermission:PageViewableLoggedIn ;
-
-    # permissions for ANY user, even if they are not logged in.
-    auth:hasPermission simplePermission:QueryFullModel ;
-    auth:hasPermission simplePermission:PageViewablePublic ;
-
-    # role-based permissions for CURATOR
-    auth:hasPermission displayByRole:Curator ;
-    auth:hasPermission editByRole:Curator ;
-    auth:hasPermission publishByRole:Curator ;
     .
 
 auth:EDITOR
     a auth:PermissionSet ;
     rdfs:label "Editor" ;
-
-    # permissions for EDITOR and above.
-    auth:hasPermission simplePermission:DoBackEndEditing ;
-    auth:hasPermission simplePermission:SeeIndividualEditingPanel ;
-    auth:hasPermission simplePermission:SeeRevisionInfo ;
-    auth:hasPermission simplePermission:SeeSiteAdminPage ;
-    auth:hasPermission simplePermission:UseIndividualControlPanel ;
-    auth:hasPermission simplePermission:PageViewableEditor ;
-
-    # permissions for ANY logged-in user.
-    auth:hasPermission simplePermission:DoFrontEndEditing ;
-    auth:hasPermission simplePermission:EditOwnAccount ;
-    auth:hasPermission simplePermission:ManageOwnProxies ;
-    auth:hasPermission simplePermission:QueryUserAccountsModel ;
-    auth:hasPermission simplePermission:UseBasicAjaxControllers ;
-    auth:hasPermission simplePermission:UseMiscellaneousPages ;
-    auth:hasPermission simplePermission:PageViewableLoggedIn ;
-
-    # permissions for ANY user, even if they are not logged in.
-    auth:hasPermission simplePermission:QueryFullModel ;
-   	auth:hasPermission simplePermission:PageViewablePublic ;
-
-    # role-based permissions for EDITOR
-    auth:hasPermission displayByRole:Editor ;
-    auth:hasPermission editByRole:Editor ;
-    auth:hasPermission publishByRole:Editor ;
     .
 
 auth:SELF_EDITOR
     a auth:PermissionSet ;
     a auth:PermissionSetForNewUsers ;
     rdfs:label "Self Editor" ;
-
-    # permissions for ANY logged-in user.
-    auth:hasPermission simplePermission:DoFrontEndEditing ;
-    auth:hasPermission simplePermission:EditOwnAccount ;
-    auth:hasPermission simplePermission:ManageOwnProxies ;
-    auth:hasPermission simplePermission:QueryUserAccountsModel ;
-    auth:hasPermission simplePermission:UseBasicAjaxControllers ;
-    auth:hasPermission simplePermission:UseMiscellaneousPages ;
-    auth:hasPermission simplePermission:PageViewableLoggedIn ;
-
-    # permissions for ANY user, even if they are not logged in.
-    auth:hasPermission simplePermission:QueryFullModel ;
-	auth:hasPermission simplePermission:PageViewablePublic ;
-
-    # role-based permissions for SELF_EDITOR
-    #     For role-based display and editing, SelfEditor is like Public.
-    #     SelfEditor uses its special permissions to edit/display its own values.
-    auth:hasPermission displayByRole:Public ;
-    auth:hasPermission publishByRole:Public ;
     .
 
 auth:PUBLIC
     a auth:PermissionSet ;
     a auth:PermissionSetForPublic ;
     rdfs:label "Public" ;
-
-    # permissions for ANY user, even if they are not logged in.
-    auth:hasPermission simplePermission:QueryFullModel ;
-	auth:hasPermission simplePermission:PageViewablePublic ;
-
-    # role-based permissions for PUBLIC
-    auth:hasPermission displayByRole:Public ;
-    auth:hasPermission publishByRole:Public ;
     .
+
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_display_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_display_class.n3
new file mode 100644
index 0000000000..05aefb2b42
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_display_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminDisplayClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminDisplayClassRuleSet ;
+          ao:testDatasets ai:AdminDisplayClassTestDatasets ;
+          ao:policyKey ai:AdminDisplayClassPolicyKey .
+
+ai:AdminDisplayClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminDisplayClassRule .
+
+ai:AdminDisplayClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminDisplayClassDataset .
+
+ai:AdminDisplayClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminDisplayClassTestData .
+          
+ai:AdminDisplayClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowAdminDisplayClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:AdminDisplayClassAttribute .
+         
+ai:AdminDisplayClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminDisplayClassTestData .
+         
+ai:AdminDisplayClassTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_display_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_display_data_property.n3
new file mode 100644
index 0000000000..4cb6807143
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_display_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminDisplayDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminDisplayDataPropertyRuleSet ;
+          ao:testDatasets ai:AdminDisplayDataPropertyTestDatasets ;
+          ao:policyKey ai:AdminDisplayDataPropertyPolicyKey .
+
+ai:AdminDisplayDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AdminDisplayDataPropertyStatementAttribute ;
+          ao:rule ai:AllowAdminDisplayDataPropertyRule .
+
+ai:AdminDisplayDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminDisplayDataPropertyDataset .
+
+ai:AdminDisplayDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminDisplayDataPropertyTestData .
+          
+ai:AdminDisplayDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowAdminDisplayDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:AdminDisplayDataPropertyAttribute .
+
+ai:AllowAdminDisplayDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminDisplayDataPropertyStatementAttribute .
+         
+ai:AdminDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:AdminDisplayDataPropertyTestData .
+
+ai:AdminDisplayDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminDisplayDataPropertyTestData .
+         
+ai:AdminDisplayDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_display_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_display_object_property.n3
new file mode 100644
index 0000000000..3946a22b77
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_display_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminDisplayObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminDisplayObjectPropertyRuleSet ;
+          ao:testDatasets ai:AdminDisplayObjectPropertyTestDatasets ;
+          ao:policyKey ai:AdminDisplayObjectPropertyPolicyKey .
+
+ai:AdminDisplayObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminDisplayObjectStatementPropertyRule ;
+          ao:rule ai:AllowAdminDisplayObjectPropertyRule .
+
+ai:AdminDisplayObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminDisplayObjectPropertyDataset .
+
+ai:AdminDisplayObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminDisplayObjectPropertyTestData .
+          
+ai:AdminDisplayObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowAdminDisplayObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:AdminDisplayObjectPropertyAttribute .
+
+ai:AllowAdminDisplayObjectStatementPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminDisplayObjectPropertyStatementAttribute .
+         
+ai:AdminDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:AdminDisplayObjectPropertyTestData .
+         
+ai:AdminDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminDisplayObjectPropertyTestData .
+         
+ai:AdminDisplayObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_class.n3
new file mode 100644
index 0000000000..527486f38a
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminPublishClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminPublishClassRuleSet ;
+          ao:testDatasets ai:AdminPublishClassTestDatasets ;
+          ao:policyKey ai:AdminPublishClassPolicyKey .
+
+ai:AdminPublishClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminPublishClassRule .
+
+ai:AdminPublishClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminPublishClassDataset .
+
+ai:AdminPublishClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminPublishClassTestData .
+          
+ai:AdminPublishClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowAdminPublishClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:AdminPublishClassAttribute .
+         
+ai:AdminPublishClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminPublishClassTestData .
+         
+ai:AdminPublishClassTestData rdf:type ao:TestData ;
+  .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_data_property.n3
new file mode 100644
index 0000000000..8d86a4d2d6
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminPublishDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminPublishDataPropertyRuleSet ;
+          ao:testDatasets ai:AdminPublishDataPropertyTestDatasets ;
+          ao:policyKey ai:AdminPublishDataPropertyPolicyKey .
+
+ai:AdminPublishDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminPublishDataPropertyStatementRule ;
+          ao:rule ai:AllowAdminPublishDataPropertyRule .
+
+ai:AdminPublishDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminPublishDataPropertyDataset .
+
+ai:AdminPublishDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminPublishDataPropertyTestData .
+          
+ai:AdminPublishDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowAdminPublishDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:AdminPublishDataPropertyAttribute .
+
+ai:AllowAdminPublishDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminPublishDataPropertyStatementAttribute .
+         
+ai:AdminPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:AdminPublishDataPropertyTestData .
+
+ai:AdminPublishDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminPublishDataPropertyTestData .
+         
+ai:AdminPublishDataPropertyTestData rdf:type ao:TestData ;
+   .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_object_property.n3
new file mode 100644
index 0000000000..1b113aa80f
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminPublishObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminPublishObjectPropertyRuleSet ;
+          ao:testDatasets ai:AdminPublishObjectPropertyTestDatasets ;
+          ao:policyKey ai:AdminPublishObjectPropertyPolicyKey .
+
+ai:AdminPublishObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminPublishObjectPropertyStatementRule ;
+          ao:rule ai:AllowAdminPublishObjectPropertyRule .
+
+ai:AdminPublishObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminPublishObjectPropertyDataset .
+
+ai:AdminPublishObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminPublishObjectPropertyTestData .
+          
+ai:AdminPublishObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowAdminPublishObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:AdminPublishObjectPropertyAttribute .
+
+ai:AllowAdminPublishObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminPublishObjectPropertyStatementAttribute .
+         
+ai:AdminPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:AdminPublishObjectPropertyTestData .
+
+ai:AdminPublishObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminPublishObjectPropertyTestData .
+         
+ai:AdminPublishObjectPropertyTestData rdf:type ao:TestData ;
+   .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_simple_permissions.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_simple_permissions.n3
new file mode 100644
index 0000000000..62459d23ea
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_simple_permissions.n3
@@ -0,0 +1,37 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+
+ai:AdminSimplePermissionsPolicy rdf:type ao:Policy ;
+        ao:priority 1000 ;
+        ao:testDatasets ai:AdminSimplePermissionsDatasets ;
+        ao:rules ai:AdminSimplePermissionsRuleSet .
+
+ai:AdminSimplePermissionsDatasets rdf:type ao:TestDatasets ;
+        ao:testDataset ai:AdminSimplePermissionsDataset .
+          
+ai:AdminSimplePermissionsDataset rdf:type ao:TestDataSet ;
+        ao:testData ai:AdminSimplePermissionsTestData .
+
+ai:AdminSimplePermissionsRuleSet rdf:type ao:Rules ;
+        ao:rule ai:AllowAdminSimplePermissions .
+          
+ai:AllowAdminSimplePermissions rdf:type ao:Rule;
+        ao:attribute ai:NamedObjectTypeAttribute ;
+        ao:attribute ai:PermissionNameInAdminAllowed ;
+        ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute .
+          
+ai:PermissionNameInAdminAllowed rdf:type ao:Attribute ;
+        ao:test ai:OneOf ;
+        ao:type ai:ObjectUri ;
+        ao:setValue ai:AdminSimplePermissionsTestData .
+
+ai:AdminSimplePermissionsTestData rdf:type ao:TestData ;
+        .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_class.n3
new file mode 100644
index 0000000000..c4de1a4085
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminUpdateClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminUpdateClassRuleSet ;
+          ao:testDatasets ai:AdminUpdateClassTestDatasets ;
+          ao:policyKey ai:AdminUpdateClassPolicyKey .
+
+ai:AdminUpdateClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminUpdateClassRule .
+
+ai:AdminUpdateClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminUpdateClassDataset .
+
+ai:AdminUpdateClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminUpdateClassTestData .
+          
+ai:AdminUpdateClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowAdminUpdateClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:AdminUpdateClassAttribute .
+         
+ai:AdminUpdateClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminUpdateClassTestData .
+         
+ai:AdminUpdateClassTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_data_property.n3
new file mode 100644
index 0000000000..a2a78c6ffa
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminUpdateDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminUpdateDataPropertyRuleSet ;
+          ao:testDatasets ai:AdminUpdateDataPropertyTestDatasets ;
+          ao:policyKey ai:AdminUpdateDataPropertyPolicyKey .
+
+ai:AdminUpdateDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminUpdateDataPropertyStatementRule ;
+          ao:rule ai:AllowAdminUpdateDataPropertyRule .
+
+ai:AdminUpdateDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminUpdateDataPropertyDataset .
+
+ai:AdminUpdateDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminUpdateDataPropertyTestData .
+          
+ai:AdminUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowAdminUpdateDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:AdminUpdateDataPropertyAttribute .
+
+ai:AllowAdminUpdateDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminUpdateDataPropertyStatementAttribute .
+         
+ai:AdminUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:AdminUpdateDataPropertyTestData .
+
+ai:AdminUpdateDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminUpdateDataPropertyTestData .
+         
+ai:AdminUpdateDataPropertyTestData rdf:type ao:TestData ;
+        .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
new file mode 100644
index 0000000000..c7551112a2
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminUpdateObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminUpdateObjectPropertyRuleSet ;
+          ao:testDatasets ai:AdminUpdateObjectPropertyTestDatasets ;
+          ao:policyKey ai:AdminUpdateObjectPropertyPolicyKey .
+
+ai:AdminUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminUpdateObjectPropertyStatementRule ;
+          ao:rule ai:AllowAdminUpdateObjectPropertyRule .
+
+ai:AdminUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminUpdateObjectPropertyDataset .
+
+ai:AdminUpdateObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminUpdateObjectPropertyTestData .
+          
+ai:AdminUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowAdminUpdateObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:AdminUpdateObjectPropertyAttribute .
+
+ai:AllowAdminUpdateObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminUpdateObjectPropertyStatementAttribute .
+         
+ai:AdminUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:AdminUpdateObjectPropertyTestData .
+
+ai:AdminUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminUpdateObjectPropertyTestData .
+         
+ai:AdminUpdateObjectPropertyTestData rdf:type ao:TestData ;
+      .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_display_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_display_class.n3
new file mode 100644
index 0000000000..60676cbd1d
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_display_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorDisplayClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorDisplayClassRuleSet ;
+          ao:testDatasets ai:CuratorDisplayClassTestDatasets ;
+          ao:policyKey ai:CuratorDisplayClassPolicyKey .
+
+ai:CuratorDisplayClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorDisplayClassRule .
+
+ai:CuratorDisplayClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorDisplayClassDataset .
+
+ai:CuratorDisplayClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorDisplayClassTestData .
+          
+ai:CuratorDisplayClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowCuratorDisplayClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:CuratorDisplayClassAttribute .
+         
+ai:CuratorDisplayClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorDisplayClassTestData .
+         
+ai:CuratorDisplayClassTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_display_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_display_data_property.n3
new file mode 100644
index 0000000000..e45d071ee7
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_display_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorDisplayDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorDisplayDataPropertyRuleSet ;
+          ao:testDatasets ai:CuratorDisplayDataPropertyTestDatasets ;
+          ao:policyKey ai:CuratorDisplayDataPropertyPolicyKey .
+
+ai:CuratorDisplayDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorDisplayDataPropertyStatementRule;
+          ao:rule ai:AllowCuratorDisplayDataPropertyRule .
+
+ai:CuratorDisplayDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorDisplayDataPropertyDataset .
+
+ai:CuratorDisplayDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorDisplayDataPropertyTestData .
+          
+ai:CuratorDisplayDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowCuratorDisplayDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:CuratorDisplayDataPropertyAttribute .
+
+ai:AllowCuratorDisplayDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:CuratorDisplayDataPropertyStatementAttribute .
+         
+ai:CuratorDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:CuratorDisplayDataPropertyTestData .
+
+ai:CuratorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorDisplayDataPropertyTestData .
+         
+ai:CuratorDisplayDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_display_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_display_object_property.n3
new file mode 100644
index 0000000000..c18079872b
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_display_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorDisplayObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorDisplayObjectPropertyRuleSet ;
+          ao:testDatasets ai:CuratorDisplayObjectPropertyTestDatasets ;
+          ao:policyKey ai:CuratorDisplayObjectPropertyPolicyKey .
+
+ai:CuratorDisplayObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorDisplayObjectPropertyStatementRule ;
+          ao:rule ai:AllowCuratorDisplayObjectPropertyRule .
+
+ai:CuratorDisplayObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorDisplayObjectPropertyDataset .
+
+ai:CuratorDisplayObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorDisplayObjectPropertyTestData .
+          
+ai:CuratorDisplayObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowCuratorDisplayObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:CuratorDisplayObjectPropertyAttribute .
+
+ai:AllowCuratorDisplayObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:CuratorDisplayObjectPropertyStatementAttribute .
+         
+ai:CuratorDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:CuratorDisplayObjectPropertyTestData .
+
+ai:CuratorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorDisplayObjectPropertyTestData .
+         
+ai:CuratorDisplayObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_class.n3
new file mode 100644
index 0000000000..adc4aff06f
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorPublishClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorPublishClassRuleSet ;
+          ao:testDatasets ai:CuratorPublishClassTestDatasets ;
+          ao:policyKey ai:CuratorPublishClassPolicyKey .
+
+ai:CuratorPublishClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorPublishClassRule .
+
+ai:CuratorPublishClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorPublishClassDataset .
+
+ai:CuratorPublishClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorPublishClassTestData .
+          
+ai:CuratorPublishClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowCuratorPublishClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:CuratorPublishClassAttribute .
+         
+ai:CuratorPublishClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorPublishClassTestData .
+         
+ai:CuratorPublishClassTestData rdf:type ao:TestData ;
+  .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_data_property.n3
new file mode 100644
index 0000000000..ea4024c0f6
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorPublishDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorPublishDataPropertyRuleSet ;
+          ao:testDatasets ai:CuratorPublishDataPropertyTestDatasets ;
+          ao:policyKey ai:CuratorPublishDataPropertyPolicyKey .
+
+ai:CuratorPublishDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorPublishDataPropertyStatementRule ;
+          ao:rule ai:AllowCuratorPublishDataPropertyRule .
+
+ai:CuratorPublishDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorPublishDataPropertyDataset .
+
+ai:CuratorPublishDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorPublishDataPropertyTestData .
+          
+ai:CuratorPublishDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowCuratorPublishDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:CuratorPublishDataPropertyAttribute .
+
+ai:AllowCuratorPublishDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:CuratorPublishDataPropertyStatementAttribute .
+         
+ai:CuratorPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:CuratorPublishDataPropertyTestData .
+
+ai:CuratorPublishDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorPublishDataPropertyTestData .
+         
+ai:CuratorPublishDataPropertyTestData rdf:type ao:TestData ;
+   .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_object_property.n3
new file mode 100644
index 0000000000..9eab3a32b1
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorPublishObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorPublishObjectPropertyRuleSet ;
+          ao:testDatasets ai:CuratorPublishObjectPropertyTestDatasets ;
+          ao:policyKey ai:CuratorPublishObjectPropertyPolicyKey .
+
+ai:CuratorPublishObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorPublishObjectPropertyStatementRule ;
+          ao:rule ai:AllowCuratorPublishObjectPropertyRule .
+
+ai:CuratorPublishObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorPublishObjectPropertyDataset .
+
+ai:CuratorPublishObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorPublishObjectPropertyTestData .
+          
+ai:CuratorPublishObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowCuratorPublishObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:CuratorPublishObjectPropertyAttribute .
+
+ai:AllowCuratorPublishObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:CuratorPublishObjectPropertyStatementAttribute .
+         
+ai:CuratorPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:CuratorPublishObjectPropertyTestData .
+         
+ai:CuratorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorPublishObjectPropertyTestData .
+         
+ai:CuratorPublishObjectPropertyTestData rdf:type ao:TestData ;
+     .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_simple_permissions.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_simple_permissions.n3
new file mode 100644
index 0000000000..0fc6045eb7
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_simple_permissions.n3
@@ -0,0 +1,37 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+
+ai:CuratorSimplePermissionsPolicy rdf:type ao:Policy ;
+        ao:priority 1000 ;
+        ao:testDatasets ai:CuratorSimplePermissionsDatasets ;
+        ao:rules ai:CuratorSimplePermissionsRuleSet .
+
+ai:CuratorSimplePermissionsDatasets rdf:type ao:TestDatasets ;
+        ao:testDataset ai:CuratorSimplePermissionsDataset .
+          
+ai:CuratorSimplePermissionsDataset rdf:type ao:TestDataSet ;
+        ao:testData ai:CuratorSimplePermissionsTestData .
+
+ai:CuratorSimplePermissionsRuleSet rdf:type ao:Rules ;
+        ao:rule ai:AllowCuratorSimplePermissions .
+          
+ai:AllowCuratorSimplePermissions rdf:type ao:Rule;
+        ao:attribute ai:NamedObjectTypeAttribute ;
+        ao:attribute ai:PermissionNameInCuratorAllowed ;
+        ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute .
+          
+ai:PermissionNameInCuratorAllowed rdf:type ao:Attribute ;
+        ao:test ai:OneOf ;
+        ao:type ai:ObjectUri ;
+        ao:setValue ai:CuratorSimplePermissionsTestData .
+
+ai:CuratorSimplePermissionsTestData rdf:type ao:TestData ;
+        .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_update_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_update_class.n3
new file mode 100644
index 0000000000..db4a1f57c9
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_update_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorUpdateClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorUpdateClassRuleSet ;
+          ao:testDatasets ai:CuratorUpdateClassTestDatasets ;
+          ao:policyKey ai:CuratorUpdateClassPolicyKey .
+
+ai:CuratorUpdateClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorUpdateClassRule .
+
+ai:CuratorUpdateClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorUpdateClassDataset .
+
+ai:CuratorUpdateClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorUpdateClassTestData .
+          
+ai:CuratorUpdateClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowCuratorUpdateClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:CuratorUpdateClassAttribute .
+         
+ai:CuratorUpdateClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorUpdateClassTestData .
+         
+ai:CuratorUpdateClassTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_update_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_update_data_property.n3
new file mode 100644
index 0000000000..b42f9b5eee
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_update_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorUpdateDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorUpdateDataPropertyRuleSet ;
+          ao:testDatasets ai:CuratorUpdateDataPropertyTestDatasets ;
+          ao:policyKey ai:CuratorUpdateDataPropertyPolicyKey .
+
+ai:CuratorUpdateDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorUpdateDataPropertyStatementRule ;
+          ao:rule ai:AllowCuratorUpdateDataPropertyRule .
+
+ai:CuratorUpdateDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorUpdateDataPropertyDataset .
+
+ai:CuratorUpdateDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorUpdateDataPropertyTestData .
+          
+ai:CuratorUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowCuratorUpdateDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:CuratorUpdateDataPropertyAttribute .
+          
+ai:AllowCuratorUpdateDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:CuratorUpdateDataPropertyStatementAttribute .
+         
+ai:CuratorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:CuratorUpdateDataPropertyTestData .
+         
+ai:CuratorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorUpdateDataPropertyTestData .
+         
+ai:CuratorUpdateDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_update_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_update_object_property.n3
new file mode 100644
index 0000000000..5bd00c9db6
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_update_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorUpdateObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorUpdateObjectPropertyRuleSet ;
+          ao:testDatasets ai:CuratorUpdateObjectPropertyTestDatasets ;
+          ao:policyKey ai:CuratorUpdateObjectPropertyPolicyKey .
+
+ai:CuratorUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorUpdateObjectPropertyStatementRule ;
+          ao:rule ai:AllowCuratorUpdateObjectPropertyRule .
+
+ai:CuratorUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorUpdateObjectPropertyDataset .
+
+ai:CuratorUpdateObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorUpdateObjectPropertyTestData .
+          
+ai:CuratorUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowCuratorUpdateObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:CuratorUpdateObjectPropertyAttribute .
+
+ai:AllowCuratorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:CuratorUpdateObjectPropertyStatementAttribute .
+         
+ai:CuratorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:CuratorUpdateObjectPropertyTestData .
+
+ai:CuratorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorUpdateObjectPropertyTestData .
+         
+ai:CuratorUpdateObjectPropertyTestData rdf:type ao:TestData ;
+      .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_display_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_display_class.n3
new file mode 100644
index 0000000000..c47599c95f
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_display_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorDisplayClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorDisplayClassRuleSet ;
+          ao:testDatasets ai:EditorDisplayClassTestDatasets ;
+          ao:policyKey ai:EditorDisplayClassPolicyKey .
+
+ai:EditorDisplayClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorDisplayClassRule .
+
+ai:EditorDisplayClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorDisplayClassDataset .
+
+ai:EditorDisplayClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorDisplayClassTestData .
+          
+ai:EditorDisplayClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowEditorDisplayClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:EditorDisplayClassAttribute .
+         
+ai:EditorDisplayClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorDisplayClassTestData .
+         
+ai:EditorDisplayClassTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_display_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_display_data_property.n3
new file mode 100644
index 0000000000..5893811404
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_display_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorDisplayDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorDisplayDataPropertyRuleSet ;
+          ao:testDatasets ai:EditorDisplayDataPropertyTestDatasets ;
+          ao:policyKey ai:EditorDisplayDataPropertyPolicyKey .
+
+ai:EditorDisplayDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorDisplayDataPropertyStatementRule ;
+          ao:rule ai:AllowEditorDisplayDataPropertyRule .
+
+ai:EditorDisplayDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorDisplayDataPropertyDataset .
+
+ai:EditorDisplayDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorDisplayDataPropertyTestData .
+          
+ai:EditorDisplayDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowEditorDisplayDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:EditorDisplayDataPropertyAttribute .
+
+ai:AllowEditorDisplayDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:EditorDisplayDataPropertyStatementAttribute .
+         
+ai:EditorDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:EditorDisplayDataPropertyTestData .
+
+ai:EditorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorDisplayDataPropertyTestData .
+         
+ai:EditorDisplayDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_display_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_display_object_property.n3
new file mode 100644
index 0000000000..2cfece9788
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_display_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorDisplayObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorDisplayObjectPropertyRuleSet ;
+          ao:testDatasets ai:EditorDisplayObjectPropertyTestDatasets ;
+          ao:policyKey ai:EditorDisplayObjectPropertyPolicyKey .
+
+ai:EditorDisplayObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorDisplayObjectPropertyStatementRule ;
+          ao:rule ai:AllowEditorDisplayObjectPropertyRule .
+
+ai:EditorDisplayObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorDisplayObjectPropertyDataset .
+
+ai:EditorDisplayObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorDisplayObjectPropertyTestData .
+          
+ai:EditorDisplayObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowEditorDisplayObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:EditorDisplayObjectPropertyAttribute .
+
+ai:AllowEditorDisplayObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:EditorDisplayObjectPropertyStatementAttribute .
+         
+ai:EditorDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:EditorDisplayObjectPropertyTestData .
+
+ai:EditorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorDisplayObjectPropertyTestData .
+         
+ai:EditorDisplayObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_class.n3
new file mode 100644
index 0000000000..fe42957867
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorPublishClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorPublishClassRuleSet ;
+          ao:testDatasets ai:EditorPublishClassTestDatasets ;
+          ao:policyKey ai:EditorPublishClassPolicyKey .
+
+ai:EditorPublishClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorPublishClassRule .
+
+ai:EditorPublishClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorPublishClassDataset .
+
+ai:EditorPublishClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorPublishClassTestData .
+          
+ai:EditorPublishClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowEditorPublishClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:EditorPublishClassAttribute .
+         
+ai:EditorPublishClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorPublishClassTestData .
+         
+ai:EditorPublishClassTestData rdf:type ao:TestData ;
+    .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_data_property.n3
new file mode 100644
index 0000000000..0cc328e0a5
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorPublishDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorPublishDataPropertyRuleSet ;
+          ao:testDatasets ai:EditorPublishDataPropertyTestDatasets ;
+          ao:policyKey ai:EditorPublishDataPropertyPolicyKey .
+
+ai:EditorPublishDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorPublishDataPropertyStatementRule ;
+          ao:rule ai:AllowEditorPublishDataPropertyRule .
+
+ai:EditorPublishDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorPublishDataPropertyDataset .
+
+ai:EditorPublishDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorPublishDataPropertyTestData .
+          
+ai:EditorPublishDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowEditorPublishDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:EditorPublishDataPropertyAttribute .
+
+ai:AllowEditorPublishDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:EditorPublishDataPropertyStatementAttribute .
+         
+ai:EditorPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:EditorPublishDataPropertyTestData .
+
+ai:EditorPublishDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorPublishDataPropertyTestData .
+         
+ai:EditorPublishDataPropertyTestData rdf:type ao:TestData ;
+  .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_object_property.n3
new file mode 100644
index 0000000000..f1ecbc5412
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorPublishObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorPublishObjectPropertyRuleSet ;
+          ao:testDatasets ai:EditorPublishObjectPropertyTestDatasets ;
+          ao:policyKey ai:EditorPublishObjectPropertyPolicyKey .
+
+ai:EditorPublishObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorPublishObjectPropertyStatementRule ;
+          ao:rule ai:AllowEditorPublishObjectPropertyRule .
+
+ai:EditorPublishObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorPublishObjectPropertyDataset .
+
+ai:EditorPublishObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorPublishObjectPropertyTestData .
+          
+ai:EditorPublishObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowEditorPublishObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:EditorPublishObjectPropertyAttribute .
+
+ai:AllowEditorPublishObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:EditorPublishObjectPropertyStatementAttribute .
+         
+ai:EditorPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:EditorPublishObjectPropertyTestData .
+
+ai:EditorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorPublishObjectPropertyTestData .
+         
+ai:EditorPublishObjectPropertyTestData rdf:type ao:TestData ;
+      .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_simple_permissions.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_simple_permissions.n3
new file mode 100644
index 0000000000..056a777b6e
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_simple_permissions.n3
@@ -0,0 +1,37 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+
+ai:EditorSimplePermissionsPolicy rdf:type ao:Policy ;
+        ao:priority 1000 ;
+        ao:testDatasets ai:EditorSimplePermissionsDatasets ;
+        ao:rules ai:EditorSimplePermissionsRuleSet .
+
+ai:EditorSimplePermissionsDatasets rdf:type ao:TestDatasets ;
+        ao:testDataset ai:EditorSimplePermissionsDataset .
+          
+ai:EditorSimplePermissionsDataset rdf:type ao:TestDataSet ;
+        ao:testData ai:EditorSimplePermissionsTestData .
+
+ai:EditorSimplePermissionsRuleSet rdf:type ao:Rules ;
+        ao:rule ai:AllowEditorSimplePermissions .
+          
+ai:AllowEditorSimplePermissions rdf:type ao:Rule;
+        ao:attribute ai:NamedObjectTypeAttribute ;
+        ao:attribute ai:PermissionNameInEditorAllowed ;
+        ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute .
+          
+ai:PermissionNameInEditorAllowed rdf:type ao:Attribute ;
+        ao:test ai:OneOf ;
+        ao:type ai:ObjectUri ;
+        ao:setValue ai:EditorSimplePermissionsTestData .
+
+ai:EditorSimplePermissionsTestData rdf:type ao:TestData ;
+        .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_update_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_update_class.n3
new file mode 100644
index 0000000000..0f7dbc52d8
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_update_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorUpdateClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorUpdateClassRuleSet ;
+          ao:testDatasets ai:EditorUpdateClassTestDatasets ;
+          ao:policyKey ai:EditorUpdateClassPolicyKey .
+
+ai:EditorUpdateClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorUpdateClassRule .
+
+ai:EditorUpdateClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorUpdateClassDataset .
+
+ai:EditorUpdateClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorUpdateClassTestData .
+          
+ai:EditorUpdateClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowEditorUpdateClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:EditorUpdateClassAttribute .
+         
+ai:EditorUpdateClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorUpdateClassTestData .
+         
+ai:EditorUpdateClassTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_update_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_update_data_property.n3
new file mode 100644
index 0000000000..a9bed27642
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_update_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorUpdateDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorUpdateDataPropertyRuleSet ;
+          ao:testDatasets ai:EditorUpdateDataPropertyTestDatasets ;
+          ao:policyKey ai:EditorUpdateDataPropertyPolicyKey .
+
+ai:EditorUpdateDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorUpdateDataPropertyStatementRule ;
+          ao:rule ai:AllowEditorUpdateDataPropertyRule .
+
+ai:EditorUpdateDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorUpdateDataPropertyDataset .
+
+ai:EditorUpdateDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorUpdateDataPropertyTestData .
+          
+ai:EditorUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowEditorUpdateDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:EditorUpdateDataPropertyAttribute .
+
+ai:AllowEditorUpdateDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:EditorUpdateDataPropertyStatementAttribute .
+         
+ai:EditorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:EditorUpdateDataPropertyTestData .
+
+ai:EditorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorUpdateDataPropertyTestData .
+         
+ai:EditorUpdateDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_update_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_update_object_property.n3
new file mode 100644
index 0000000000..9859637ba1
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_update_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorUpdateObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorUpdateObjectPropertyRuleSet ;
+          ao:testDatasets ai:EditorUpdateObjectPropertyTestDatasets ;
+          ao:policyKey ai:EditorUpdateObjectPropertyPolicyKey .
+
+ai:EditorUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorUpdateObjectPropertyStatementRule ;
+          ao:rule ai:AllowEditorUpdateObjectPropertyRule .
+
+ai:EditorUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorUpdateObjectPropertyDataset .
+
+ai:EditorUpdateObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorUpdateObjectPropertyTestData .
+          
+ai:EditorUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowEditorUpdateObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:EditorUpdateObjectPropertyAttribute .
+
+ai:AllowEditorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:EditorUpdateObjectPropertyStatementAttribute .
+         
+ai:EditorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:EditorUpdateObjectPropertyTestData .
+
+ai:EditorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorUpdateObjectPropertyTestData .
+         
+ai:EditorUpdateObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/auth/everytime/policy_menu_items_editing.n3
new file mode 100644
index 0000000000..c9e2d56ac9
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_menu_items_editing.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:RestrictHomeMenuItemsEditingPolicy rdf:type ao:Policy ;
+          ao:priority 9000 ;
+          ao:rules ai:RestrictHomeMenuItemsEditingRuleSet .
+
+ai:RestrictHomeMenuItemsEditingRuleSet rdf:type ao:Rules ;
+          ao:rule ai:RestrictEditHomeMenuItems ;
+          ao:rule ai:RestrictDropHomeMenuItems .
+          
+ai:RestrictEditHomeMenuItems rdf:type ao:Rule ;
+          ao:decision ai:Deny ;
+          ao:attribute ai:EditOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute ;
+          ao:attribute ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute .
+          
+ai:RestrictDropHomeMenuItems rdf:type ao:Rule ;
+          ao:decision ai:Deny ;
+          ao:attribute ai:DropOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute ;
+          ao:attribute ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute .
+          
+ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:StatementPredicateUri ;
+         ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem> .
+
+ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:StatementObjectUri ;
+         ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement> .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_not_modifiable_statements.n3 b/home/src/main/resources/rdf/auth/everytime/policy_not_modifiable_statements.n3
new file mode 100644
index 0000000000..92e89fe2d1
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_not_modifiable_statements.n3
@@ -0,0 +1,104 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:NotModifiableStatementsPolicy rdf:type ao:Policy ;
+          ao:priority 8000 ;
+          ao:testDatasets ai:NotModifiableStatementsPolicyDataSets ;
+          ao:rules ai:NotModifiableStatementsRuleSet .
+
+ai:NotModifiableStatementsRuleSet rdf:type ao:Rules ;
+          ao:rule ai:RestrictObjectPropertyStatementsWithNotModifiablePredicate ;
+          
+          ao:rule ai:RestrictObjectPropertyStatementsWithNotModifiableSubject ;
+          
+          ao:rule ai:RestrictObjectPropertyStatementsWithNotModifiableObject ;
+          
+          ao:rule ai:RestrictDataPropertyStatementsWithNotModifiableSubject ;
+          
+          ao:rule ai:RestrictDataPropertyStatementsWithNotModifiablePredicate ;
+          .
+
+ai:RestrictObjectPropertyStatementsWithNotModifiableSubject rdf:type ao:Rule ;
+          ao:decision ai:Deny ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute ;
+          ao:attribute ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions .
+
+ai:RestrictObjectPropertyStatementsWithNotModifiablePredicate rdf:type ao:Rule ;
+          ao:decision ai:Deny ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute ;
+          ao:attribute ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions .
+
+ai:RestrictObjectPropertyStatementsWithNotModifiableObject rdf:type ao:Rule ;
+          ao:decision ai:Deny ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute ;
+          ao:attribute ai:PropertyStatementObjectUriEqualsToProhibitedExceptions .
+
+ai:RestrictDataPropertyStatementsWithNotModifiableSubject rdf:type ao:Rule ;
+          ao:decision ai:Deny ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute ;
+          ao:attribute ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions .
+
+ai:RestrictDataPropertyStatementsWithNotModifiablePredicate rdf:type ao:Rule ;
+          ao:decision ai:Deny ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute ;
+          ao:attribute ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions .
+
+### Not modifiable property statement attributes
+ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute rdf:type ao:Attribute ;
+         ao:test ai:StartsWith ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:ProhibitedNamespaceTestData .
+
+ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions rdf:type ao:Attribute ;
+         ao:test ai:NotOneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:ProhibitedNamespaceExceptionsTestData .
+         
+ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute rdf:type ao:Attribute ;
+         ao:test ai:StartsWith ;
+         ao:type ai:StatementSubjectUri ;
+         ao:setValue ai:ProhibitedNamespaceTestData .
+
+ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions rdf:type ao:Attribute ;
+         ao:test ai:NotOneOf ;
+         ao:type ai:StatementSubjectUri ;
+         ao:setValue ai:ProhibitedNamespaceExceptionsTestData .         
+         
+ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute rdf:type ao:Attribute ;
+         ao:test ai:StartsWith ;
+         ao:type ai:StatementObjectUri ;
+         ao:setValue ai:ProhibitedNamespaceTestData .
+
+ai:PropertyStatementObjectUriEqualsToProhibitedExceptions rdf:type ao:Attribute ;
+         ao:test ai:NotOneOf ;
+         ao:type ai:StatementObjectUri ;
+         ao:setValue ai:ProhibitedNamespaceExceptionsTestData .  
+         
+### Not modifiable data property statement attributes         
+
+###DataSets
+ai:NotModifiableStatementsPolicyDataSets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:NotModifiableStatementsPolicyDataSet .
+
+ai:NotModifiableStatementsPolicyDataSet rdf:type ao:TestDataSet ;
+          ao:testData ai:ProhibitedNamespaceExceptionsTestData ;
+          ao:testData ai:ProhibitedNamespaceTestData .
+         
+ai:ProhibitedNamespaceExceptionsTestData rdf:type ao:TestData ;
+        .
+        
+ai:ProhibitedNamespaceTestData rdf:type ao:TestData ;
+        .
+        
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_display_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_public_display_class.n3
new file mode 100644
index 0000000000..a4b926d2f3
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_public_display_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:PublicDisplayClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:PublicDisplayClassRuleSet ;
+          ao:testDatasets ai:PublicDisplayClassTestDatasets ;
+          ao:policyKey ai:PublicDisplayClassPolicyKey .
+
+ai:PublicDisplayClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowPublicDisplayClassRule .
+
+ai:PublicDisplayClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:PublicDisplayClassDataset .
+
+ai:PublicDisplayClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:PublicDisplayClassTestData .
+          
+ai:PublicDisplayClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:PUBLIC ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowPublicDisplayClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:PublicDisplayClassAttribute .
+         
+ai:PublicDisplayClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:PublicDisplayClassTestData .
+         
+ai:PublicDisplayClassTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_display_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_public_display_data_property.n3
new file mode 100644
index 0000000000..cbfe027848
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_public_display_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:PublicDisplayDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:PublicDisplayDataPropertyRuleSet ;
+          ao:testDatasets ai:PublicDisplayDataPropertyTestDatasets ;
+          ao:policyKey ai:PublicDisplayDataPropertyPolicyKey .
+
+ai:PublicDisplayDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowPublicDisplayDataPropertyStatementRule ;
+          ao:rule ai:AllowPublicDisplayDataPropertyRule .
+
+ai:PublicDisplayDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:PublicDisplayDataPropertyDataset .
+
+ai:PublicDisplayDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:PublicDisplayDataPropertyTestData .
+          
+ai:PublicDisplayDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:PUBLIC ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowPublicDisplayDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:PublicDisplayDataPropertyAttribute .
+
+ai:AllowPublicDisplayDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:PublicDisplayDataPropertyStatementAttribute .
+         
+ai:PublicDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:PublicDisplayDataPropertyTestData .
+         
+ai:PublicDisplayDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:PublicDisplayDataPropertyTestData .
+         
+ai:PublicDisplayDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_display_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_public_display_object_property.n3
new file mode 100644
index 0000000000..e843d56f4a
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_public_display_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:PublicDisplayObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:PublicDisplayObjectPropertyRuleSet ;
+          ao:testDatasets ai:PublicDisplayObjectPropertyTestDatasets ;
+          ao:policyKey ai:PublicDisplayObjectPropertyPolicyKey .
+
+ai:PublicDisplayObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowPublicDisplayObjectPropertyStatementRule ;
+          ao:rule ai:AllowPublicDisplayObjectPropertyRule .
+
+ai:PublicDisplayObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:PublicDisplayObjectPropertyDataset .
+
+ai:PublicDisplayObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:PublicDisplayObjectPropertyTestData .
+          
+ai:PublicDisplayObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:PUBLIC ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowPublicDisplayObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:PublicDisplayObjectPropertyAttribute .
+
+ai:AllowPublicDisplayObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:PublicDisplayObjectPropertyStatementAttribute .
+         
+ai:PublicDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:PublicDisplayObjectPropertyTestData .
+
+ai:PublicDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:PublicDisplayObjectPropertyTestData .
+         
+ai:PublicDisplayObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_simple_permissions.n3 b/home/src/main/resources/rdf/auth/everytime/policy_public_simple_permissions.n3
new file mode 100644
index 0000000000..6162c2d5cb
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_public_simple_permissions.n3
@@ -0,0 +1,37 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+
+ai:PublicSimplePermissionsPolicy rdf:type ao:Policy ;
+        ao:priority 1000 ;
+        ao:testDatasets ai:PublicSimplePermissionsDatasets ;
+        ao:rules ai:PublicSimplePermissionsRuleSet .
+
+ai:PublicSimplePermissionsDatasets rdf:type ao:TestDatasets ;
+        ao:testDataset ai:PublicSimplePermissionsDataset .
+          
+ai:PublicSimplePermissionsDataset rdf:type ao:TestDataSet ;
+        ao:testData ai:PublicSimplePermissionsTestData .
+
+ai:PublicSimplePermissionsRuleSet rdf:type ao:Rules ;
+        ao:rule ai:AllowPublicSimplePermissions .
+          
+ai:AllowPublicSimplePermissions rdf:type ao:Rule;
+        ao:attribute ai:NamedObjectTypeAttribute ;
+        ao:attribute ai:PermissionNameInPublicAllowed ;
+        ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute .
+          
+ai:PermissionNameInPublicAllowed rdf:type ao:Attribute ;
+        ao:test ai:OneOf ;
+        ao:type ai:ObjectUri ;
+        ao:setValue ai:PublicSimplePermissionsTestData .
+
+ai:PublicSimplePermissionsTestData rdf:type ao:TestData ;
+        .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_update_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_public_update_class.n3
new file mode 100644
index 0000000000..42c6fc848f
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_public_update_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:PublicUpdateClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:PublicUpdateClassRuleSet ;
+          ao:testDatasets ai:PublicUpdateClassTestDatasets ;
+          ao:policyKey ai:PublicUpdateClassPolicyKey .
+
+ai:PublicUpdateClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowPublicUpdateClassRule .
+
+ai:PublicUpdateClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:PublicUpdateClassDataset .
+
+ai:PublicUpdateClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:PublicUpdateClassTestData .
+          
+ai:PublicUpdateClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:PUBLIC ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowPublicUpdateClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:PublicUpdateClassAttribute .
+         
+ai:PublicUpdateClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:PublicUpdateClassTestData .
+         
+ai:PublicUpdateClassTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_update_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_public_update_data_property.n3
new file mode 100644
index 0000000000..4011603c3a
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_public_update_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:PublicUpdateDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:PublicUpdateDataPropertyRuleSet ;
+          ao:testDatasets ai:PublicUpdateDataPropertyTestDatasets ;
+          ao:policyKey ai:PublicUpdateDataPropertyPolicyKey .
+
+ai:PublicUpdateDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowPublicUpdateDataPropertyStatementRule ;
+          ao:rule ai:AllowPublicUpdateDataPropertyRule .
+
+ai:PublicUpdateDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:PublicUpdateDataPropertyDataset .
+
+ai:PublicUpdateDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:PublicUpdateDataPropertyTestData .
+          
+ai:PublicUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:PUBLIC ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowPublicUpdateDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:PublicUpdateDataPropertyAttribute .
+
+ai:AllowPublicUpdateDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:PublicUpdateDataPropertyStatementAttribute .
+         
+ai:PublicUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:PublicUpdateDataPropertyTestData .
+
+ai:PublicUpdateDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:PublicUpdateDataPropertyTestData .
+         
+ai:PublicUpdateDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_update_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_public_update_object_property.n3
new file mode 100644
index 0000000000..424fccfe66
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_public_update_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:PublicUpdateObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:PublicUpdateObjectPropertyRuleSet ;
+          ao:testDatasets ai:PublicUpdateObjectPropertyTestDatasets ;
+          ao:policyKey ai:PublicUpdateObjectPropertyPolicyKey .
+
+ai:PublicUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowPublicUpdateObjectPropertyStatementRule ;
+          ao:rule ai:AllowPublicUpdateObjectPropertyRule .
+
+ai:PublicUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:PublicUpdateObjectPropertyDataset .
+
+ai:PublicUpdateObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:PublicUpdateObjectPropertyTestData .
+          
+ai:PublicUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:PUBLIC ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowPublicUpdateObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:PublicUpdateObjectPropertyAttribute .
+
+ai:AllowPublicUpdateObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:PublicUpdateObjectPropertyStatementAttribute .
+         
+ai:PublicUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:PublicUpdateObjectPropertyTestData .
+
+ai:PublicUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:PublicUpdateObjectPropertyTestData .
+         
+ai:PublicUpdateObjectPropertyTestData rdf:type ao:TestData ;
+        .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_root_user.n3 b/home/src/main/resources/rdf/auth/everytime/policy_root_user.n3
new file mode 100644
index 0000000000..1192d1749f
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_root_user.n3
@@ -0,0 +1,20 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:RootUserPolicy rdf:type ao:Policy ;
+          ao:priority 10000 ;
+          ao:rules ai:RootRuleSet .
+
+ai:RootRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowRootUserRule .
+          
+ai:AllowRootUserRule rdf:type ao:Rule;
+          ao:attribute ai:IsRootUserAttribute .
+
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_class.n3
new file mode 100644
index 0000000000..23fddeb254
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorDisplayClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorDisplayClassRuleSet ;
+          ao:testDatasets ai:SelfEditorDisplayClassTestDatasets ;
+          ao:policyKey ai:SelfEditorDisplayClassPolicyKey .
+
+ai:SelfEditorDisplayClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorDisplayClassRule .
+
+ai:SelfEditorDisplayClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorDisplayClassDataset .
+
+ai:SelfEditorDisplayClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorDisplayClassTestData .
+          
+ai:SelfEditorDisplayClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowSelfEditorDisplayClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:SelfEditorDisplayClassAttribute .
+         
+ai:SelfEditorDisplayClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorDisplayClassTestData .
+         
+ai:SelfEditorDisplayClassTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_data_property.n3
new file mode 100644
index 0000000000..e110869cd8
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorDisplayDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorDisplayDataPropertyRuleSet ;
+          ao:testDatasets ai:SelfEditorDisplayDataPropertyTestDatasets ;
+          ao:policyKey ai:SelfEditorDisplayDataPropertyPolicyKey .
+
+ai:SelfEditorDisplayDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorDisplayDataPropertyStatementRule ;
+          ao:rule ai:AllowSelfEditorDisplayDataPropertyRule .
+
+ai:SelfEditorDisplayDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorDisplayDataPropertyDataset .
+
+ai:SelfEditorDisplayDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorDisplayDataPropertyTestData .
+          
+ai:SelfEditorDisplayDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowSelfEditorDisplayDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:SelfEditorDisplayDataPropertyAttribute .
+          
+ai:AllowSelfEditorDisplayDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorDisplayDataPropertyStatementAttribute .
+         
+ai:SelfEditorDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:SelfEditorDisplayDataPropertyTestData .
+         
+ai:SelfEditorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorDisplayDataPropertyTestData .
+         
+ai:SelfEditorDisplayDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_object_property.n3
new file mode 100644
index 0000000000..7aac7809f7
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorDisplayObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorDisplayObjectPropertyRuleSet ;
+          ao:testDatasets ai:SelfEditorDisplayObjectPropertyTestDatasets ;
+          ao:policyKey ai:SelfEditorDisplayObjectPropertyPolicyKey .
+
+ai:SelfEditorDisplayObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorDisplayObjectPropertyStatementRule ;
+          ao:rule ai:AllowSelfEditorDisplayObjectPropertyRule .
+
+ai:SelfEditorDisplayObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorDisplayObjectPropertyDataset .
+
+ai:SelfEditorDisplayObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorDisplayObjectPropertyTestData .
+          
+ai:SelfEditorDisplayObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowSelfEditorDisplayObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:SelfEditorDisplayObjectPropertyAttribute .
+
+ai:AllowSelfEditorDisplayObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorDisplayObjectPropertyStatementAttribute .
+         
+ai:SelfEditorDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:SelfEditorDisplayObjectPropertyTestData .
+
+ai:SelfEditorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorDisplayObjectPropertyTestData .
+         
+ai:SelfEditorDisplayObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_class.n3
new file mode 100644
index 0000000000..725b350bbd
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorPublishClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorPublishClassRuleSet ;
+          ao:testDatasets ai:SelfEditorPublishClassTestDatasets ;
+          ao:policyKey ai:SelfEditorPublishClassPolicyKey .
+
+ai:SelfEditorPublishClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorPublishClassRule .
+
+ai:SelfEditorPublishClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorPublishClassDataset .
+
+ai:SelfEditorPublishClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorPublishClassTestData .
+          
+ai:SelfEditorPublishClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowSelfEditorPublishClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:SelfEditorPublishClassAttribute .
+         
+ai:SelfEditorPublishClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorPublishClassTestData .
+         
+ai:SelfEditorPublishClassTestData rdf:type ao:TestData ;
+    .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_data_property.n3
new file mode 100644
index 0000000000..de414bbc3b
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorPublishDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorPublishDataPropertyRuleSet ;
+          ao:testDatasets ai:SelfEditorPublishDataPropertyTestDatasets ;
+          ao:policyKey ai:SelfEditorPublishDataPropertyPolicyKey .
+
+ai:SelfEditorPublishDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorPublishDataPropertyStatementRule ;
+          ao:rule ai:AllowSelfEditorPublishDataPropertyRule .
+
+ai:SelfEditorPublishDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorPublishDataPropertyDataset .
+
+ai:SelfEditorPublishDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorPublishDataPropertyTestData .
+          
+ai:SelfEditorPublishDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowSelfEditorPublishDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:SelfEditorPublishDataPropertyAttribute .
+
+ai:AllowSelfEditorPublishDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorPublishDataPropertyStatementAttribute .
+
+ai:SelfEditorPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:SelfEditorPublishDataPropertyTestData .
+
+ai:SelfEditorPublishDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorPublishDataPropertyTestData .
+         
+ai:SelfEditorPublishDataPropertyTestData rdf:type ao:TestData ;
+    .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_object_property.n3
new file mode 100644
index 0000000000..f11f558ad3
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorPublishObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorPublishObjectPropertyRuleSet ;
+          ao:testDatasets ai:SelfEditorPublishObjectPropertyTestDatasets ;
+          ao:policyKey ai:SelfEditorPublishObjectPropertyPolicyKey .
+
+ai:SelfEditorPublishObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorPublishObjectPropertyStatementRule ;
+          ao:rule ai:AllowSelfEditorPublishObjectPropertyRule .
+
+ai:SelfEditorPublishObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorPublishObjectPropertyDataset .
+
+ai:SelfEditorPublishObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorPublishObjectPropertyTestData .
+          
+ai:SelfEditorPublishObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowSelfEditorPublishObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:SelfEditorPublishObjectPropertyAttribute .
+
+ai:AllowSelfEditorPublishObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorPublishObjectPropertyStatementAttribute .
+         
+ai:SelfEditorPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:SelfEditorPublishObjectPropertyTestData .
+
+ai:SelfEditorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorPublishObjectPropertyTestData .
+         
+ai:SelfEditorPublishObjectPropertyTestData rdf:type ao:TestData ;
+   .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_simple_permissions.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_simple_permissions.n3
new file mode 100644
index 0000000000..fa5b02d8e2
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_simple_permissions.n3
@@ -0,0 +1,37 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+
+ai:SelfEditorSimplePermissionsPolicy rdf:type ao:Policy ;
+        ao:priority 1000 ;
+        ao:testDatasets ai:SelfEditorSimplePermissionsDatasets ;
+        ao:rules ai:SelfEditorSimplePermissionsRuleSet .
+
+ai:SelfEditorSimplePermissionsDatasets rdf:type ao:TestDatasets ;
+        ao:testDataset ai:SelfEditorSimplePermissionsDataset .
+          
+ai:SelfEditorSimplePermissionsDataset rdf:type ao:TestDataSet ;
+        ao:testData ai:SelfEditorSimplePermissionsTestData .
+
+ai:SelfEditorSimplePermissionsRuleSet rdf:type ao:Rules ;
+        ao:rule ai:AllowSelfEditorSimplePermissions .
+          
+ai:AllowSelfEditorSimplePermissions rdf:type ao:Rule;
+        ao:attribute ai:NamedObjectTypeAttribute ;
+        ao:attribute ai:PermissionNameInSelfEditorAllowed ;
+        ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute .
+          
+ai:PermissionNameInSelfEditorAllowed rdf:type ao:Attribute ;
+        ao:test ai:OneOf ;
+        ao:type ai:ObjectUri ;
+        ao:setValue ai:SelfEditorSimplePermissionsTestData .
+
+ai:SelfEditorSimplePermissionsTestData rdf:type ao:TestData ;
+        .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_class.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_class.n3
new file mode 100644
index 0000000000..68c7df3384
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_class.n3
@@ -0,0 +1,41 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorUpdateClassPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorUpdateClassRuleSet ;
+          ao:testDatasets ai:SelfEditorUpdateClassTestDatasets ;
+          ao:policyKey ai:SelfEditorUpdateClassPolicyKey .
+
+ai:SelfEditorUpdateClassRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorUpdateClassRule .
+
+ai:SelfEditorUpdateClassTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorUpdateClassDataset .
+
+ai:SelfEditorUpdateClassDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorUpdateClassTestData .
+          
+ai:SelfEditorUpdateClassPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:Class ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowSelfEditorUpdateClassRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ClassTypeAttribute ;
+          ao:attribute ai:SelfEditorUpdateClassAttribute .
+         
+ai:SelfEditorUpdateClassAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorUpdateClassTestData .
+         
+ai:SelfEditorUpdateClassTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_data_property.n3
new file mode 100644
index 0000000000..8a4cdf9f9c
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorUpdateDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorUpdateDataPropertyRuleSet ;
+          ao:testDatasets ai:SelfEditorUpdateDataPropertyTestDatasets ;
+          ao:policyKey ai:SelfEditorUpdateDataPropertyPolicyKey .
+
+ai:SelfEditorUpdateDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorUpdateDataPropertyStatementRule ;
+          ao:rule ai:AllowSelfEditorUpdateDataPropertyRule .
+
+ai:SelfEditorUpdateDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorUpdateDataPropertyDataset .
+
+ai:SelfEditorUpdateDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorUpdateDataPropertyTestData .
+          
+ai:SelfEditorUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:DataPropertyAccesObject ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowSelfEditorUpdateDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:DataPropertyTypeAttribute ;
+          ao:attribute ai:SelfEditorUpdateDataPropertyAttribute .
+
+ai:AllowSelfEditorUpdateDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorUpdateDataPropertyStatementAttribute .
+         
+ai:SelfEditorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:SelfEditorUpdateDataPropertyTestData .
+
+ai:SelfEditorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorUpdateDataPropertyTestData .
+         
+ai:SelfEditorUpdateDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_object_property.n3
new file mode 100644
index 0000000000..d06899ec20
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorUpdateObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorUpdateObjectPropertyRuleSet ;
+          ao:testDatasets ai:SelfEditorUpdateObjectPropertyTestDatasets ;
+          ao:policyKey ai:SelfEditorUpdateObjectPropertyPolicyKey .
+
+ai:SelfEditorUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorUpdateObjectPropertyStatementRule ;
+          ao:rule ai:AllowSelfEditorUpdateObjectPropertyRule .
+
+ai:SelfEditorUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorUpdateObjectPropertyDataset .
+
+ai:SelfEditorUpdateObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorUpdateObjectPropertyTestData .
+          
+ai:SelfEditorUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:ObjectPropertyAccesObject ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowSelfEditorUpdateObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ObjectPropertyTypeAttribute ;
+          ao:attribute ai:SelfEditorUpdateObjectPropertyAttribute .
+
+ai:AllowSelfEditorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorUpdateObjectPropertyStatementAttribute .
+         
+ai:SelfEditorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:SelfEditorUpdateObjectPropertyTestData .
+
+ai:SelfEditorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorUpdateObjectPropertyTestData .
+         
+ai:SelfEditorUpdateObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/subject_types.n3 b/home/src/main/resources/rdf/auth/everytime/subject_types.n3
new file mode 100644
index 0000000000..814424aa95
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/subject_types.n3
@@ -0,0 +1,12 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:RootUserSubject rdf:type ao:SubjectType ;
+     ao:id "ROOT_USER" .
diff --git a/home/src/main/resources/rdf/auth/everytime/test_types.n3 b/home/src/main/resources/rdf/auth/everytime/test_types.n3
new file mode 100644
index 0000000000..0231095511
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/test_types.n3
@@ -0,0 +1,27 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:Equals rdf:type ao:Test;
+         ao:id "EQUALS" .
+
+ai:NotEquals rdf:type ao:Test;
+         ao:id "NOT_EQUALS" .
+         
+ai:OneOf rdf:type ao:Test;
+         ao:id "ONE_OF" .
+         
+ai:NotOneOf rdf:type ao:Test;
+         ao:id "NOT_ONE_OF" .
+         
+ai:StartsWith rdf:type ao:Test;
+         ao:id "STARTS_WITH" .
+         
+ai:SparqlSelectQueryContains rdf:type ao:Test;
+         ao:id "SPARQL_SELECT_QUERY_CONTAINS" .
diff --git a/home/src/main/resources/rdf/auth/everytime/test_values.n3 b/home/src/main/resources/rdf/auth/everytime/test_values.n3
new file mode 100644
index 0000000000..70ef028367
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/test_values.n3
@@ -0,0 +1,78 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:PersonProfileProximityToResourceUri rdf:type ao:TestData ;
+        ao:dataValue """
+        SELECT ?resourceUri WHERE {
+                {
+                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+                  ?roleUri a <http://vivoweb.org/ontology/core#AdvisorRole> .
+                  ?roleUri <http://vivoweb.org/ontology/core#relatedBy> ?resourceUri .
+                  ?resourceUri a <http://vivoweb.org/ontology/core#AdvisingRelationship> .
+                }
+                UNION
+                {
+                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+                  ?roleUri a <http://vivoweb.org/ontology/core#TeacherRole> .
+                  ?roleUri <http://purl.obolibrary.org/obo/BFO_0000054> ?resourceUri .
+                  ?resourceUri a <http://vivoweb.org/ontology/core#Course> .
+                }
+                UNION
+                {
+                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+                  ?roleUri a <http://vivoweb.org/ontology/core#PrincipalInvestigatorRole> .
+                  ?roleUri <http://vivoweb.org/ontology/core#relatedBy> ?resourceUri .
+                  ?resourceUri a <http://vivoweb.org/ontology/core#Grant> .
+                }
+                UNION
+                {
+                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+                  ?roleUri a <http://vivoweb.org/ontology/core#CoPrincipalInvestigatorRole> .
+                  ?roleUri <http://vivoweb.org/ontology/core#relatedBy> ?resourceUri .
+                  ?resourceUri a <http://vivoweb.org/ontology/core#Grant> .
+                }
+                UNION
+                {
+                  ?personUri <http://vivoweb.org/ontology/core#relatedBy> ?roleUri .
+                  ?roleUri a <http://vivoweb.org/ontology/core#Authorship> .
+                  ?roleUri <http://vivoweb.org/ontology/core#relates> ?resourceUri .
+                  ?resourceUri a <http://purl.obolibrary.org/obo/IAO_0000030> .
+                }
+                UNION
+                {
+                  ?personUri <http://vivoweb.org/ontology/core#relatedBy> ?roleUri .
+                  ?roleUri a <http://vivoweb.org/ontology/core#Editorship> .
+                  ?roleUri <http://vivoweb.org/ontology/core#relates> ?resourceUri .
+                  ?resourceUri a <http://purl.obolibrary.org/obo/IAO_0000030> .
+                }
+                UNION
+                {
+                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+                  ?roleUri a <http://vivoweb.org/ontology/core#PresenterRole> .
+                  ?roleUri <http://purl.obolibrary.org/obo/BFO_0000054> ?resourceUri .
+                  ?resourceUri a <http://vivoweb.org/ontology/core#Presentation> .
+                }
+                UNION
+                {
+                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+                  ?roleUri a <http://vivoweb.org/ontology/core#ClinicalRole> .
+                  ?roleUri <http://vivoweb.org/ontology/core#contributesTo> ?resourceUri .
+                  ?resourceUri a <http://vivoweb.org/ontology/core#Project> .
+                }
+                UNION
+                {
+                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+                  ?roleUri a <http://vivoweb.org/ontology/core#ClinicalRole> .
+                  ?roleUri <http://vivoweb.org/ontology/core#contributesTo> ?resourceUri .
+                  ?resourceUri a <http://vivoweb.org/ontology/core#Service> .
+                }
+        }
+        """ .
+
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_simple_permissions_dataset.n3
new file mode 100644
index 0000000000..e960a63705
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/firsttime/policy_admin_simple_permissions_dataset.n3
@@ -0,0 +1,60 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+
+ai:AdminSimplePermissionsTestData 
+        ao:dataValue simplePermission:AccessSpecialDataModels ;
+        ao:dataValue simplePermission:EnableDeveloperPanel ;
+        ao:dataValue simplePermission:LoginDuringMaintenance ;
+        ao:dataValue simplePermission:ManageMenus ;
+        ao:dataValue simplePermission:ManageProxies ;
+        ao:dataValue simplePermission:ManageSearchIndex ;
+        ao:dataValue simplePermission:ManageUserAccounts ;
+        ao:dataValue simplePermission:RefreshVisualizationCache ;
+        ao:dataValue simplePermission:SeeConfiguration ;
+        ao:dataValue simplePermission:SeeStartupStatus ;
+        ao:dataValue simplePermission:UseAdvancedDataToolsPages ;
+        ao:dataValue simplePermission:UseMiscellaneousAdminPages ;
+        ao:dataValue simplePermission:UseSparqlQueryPage ;
+        ao:dataValue simplePermission:PageViewableAdmin ;
+
+        # Uncomment the following permission line to enable the SPARQL update API.
+        # Before enabling, be sure that the URL api/sparqlUpdate is secured by HTTPS,
+        # so passwords will not be sent in clear text.
+        #ao:dataValue simplePermission:UseSparqlUpdateApi ;
+
+        # permissions for CURATOR and above.
+        ao:dataValue simplePermission:EditOntology ;
+        ao:dataValue simplePermission:EditSiteInformation ;
+        ao:dataValue simplePermission:SeeVerbosePropertyInformation ;
+        ao:dataValue simplePermission:UseMiscellaneousCuratorPages ;
+        ao:dataValue simplePermission:PageViewableCurator ;
+
+        # permissions for EDITOR and above.
+        ao:dataValue simplePermission:DoBackEndEditing ;
+        ao:dataValue simplePermission:SeeIndividualEditingPanel ;
+        ao:dataValue simplePermission:SeeRevisionInfo ;
+        ao:dataValue simplePermission:SeeSiteAdminPage ;
+        ao:dataValue simplePermission:UseIndividualControlPanel ;
+        ao:dataValue simplePermission:PageViewableEditor ;
+
+        # permissions for ANY logged-in user.
+        ao:dataValue simplePermission:DoFrontEndEditing ;
+        ao:dataValue simplePermission:EditOwnAccount ;
+        ao:dataValue simplePermission:ManageOwnProxies ;
+        ao:dataValue simplePermission:QueryUserAccountsModel ;
+        ao:dataValue simplePermission:UseBasicAjaxControllers ;
+        ao:dataValue simplePermission:UseMiscellaneousPages ;
+        ao:dataValue simplePermission:PageViewableLoggedIn ;
+
+        # permissions for ANY user, even if they are not logged in.
+        ao:dataValue simplePermission:QueryFullModel ;
+        ao:dataValue simplePermission:PageViewablePublic ;
+        .
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_simple_permissions_dataset.n3
new file mode 100644
index 0000000000..eccedf576f
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/firsttime/policy_curator_simple_permissions_dataset.n3
@@ -0,0 +1,39 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+
+ai:CuratorSimplePermissionsTestData
+    ao:dataValue simplePermission:EditOntology ;
+    ao:dataValue simplePermission:EditSiteInformation ;
+    ao:dataValue simplePermission:SeeVerbosePropertyInformation ;
+    ao:dataValue simplePermission:UseMiscellaneousCuratorPages ;
+    ao:dataValue simplePermission:PageViewableCurator ;
+
+    # permissions for EDITOR and above.
+    ao:dataValue simplePermission:DoBackEndEditing ;
+    ao:dataValue simplePermission:SeeIndividualEditingPanel ;
+    ao:dataValue simplePermission:SeeRevisionInfo ;
+    ao:dataValue simplePermission:SeeSiteAdminPage ;
+    ao:dataValue simplePermission:UseIndividualControlPanel ;
+    ao:dataValue simplePermission:PageViewableEditor ;
+
+    # permissions for ANY logged-in user.
+    ao:dataValue simplePermission:DoFrontEndEditing ;
+    ao:dataValue simplePermission:EditOwnAccount ;
+    ao:dataValue simplePermission:ManageOwnProxies ;
+    ao:dataValue simplePermission:QueryUserAccountsModel ;
+    ao:dataValue simplePermission:UseBasicAjaxControllers ;
+    ao:dataValue simplePermission:UseMiscellaneousPages ;
+    ao:dataValue simplePermission:PageViewableLoggedIn ;
+
+    # permissions for ANY user, even if they are not logged in.
+    ao:dataValue simplePermission:QueryFullModel ;
+    ao:dataValue simplePermission:PageViewablePublic ;
+        .
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_simple_permissions_dataset.n3
new file mode 100644
index 0000000000..10b9609284
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/firsttime/policy_editor_simple_permissions_dataset.n3
@@ -0,0 +1,33 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+
+ai:EditorSimplePermissionsTestData  
+    # permissions for EDITOR and above.
+    ao:dataValue simplePermission:DoBackEndEditing ;
+    ao:dataValue simplePermission:SeeIndividualEditingPanel ;
+    ao:dataValue simplePermission:SeeRevisionInfo ;
+    ao:dataValue simplePermission:SeeSiteAdminPage ;
+    ao:dataValue simplePermission:UseIndividualControlPanel ;
+    ao:dataValue simplePermission:PageViewableEditor ;
+
+    # permissions for ANY logged-in user.
+    ao:dataValue simplePermission:DoFrontEndEditing ;
+    ao:dataValue simplePermission:EditOwnAccount ;
+    ao:dataValue simplePermission:ManageOwnProxies ;
+    ao:dataValue simplePermission:QueryUserAccountsModel ;
+    ao:dataValue simplePermission:UseBasicAjaxControllers ;
+    ao:dataValue simplePermission:UseMiscellaneousPages ;
+    ao:dataValue simplePermission:PageViewableLoggedIn ;
+
+    # permissions for ANY user, even if they are not logged in.
+    ao:dataValue simplePermission:QueryFullModel ;
+    ao:dataValue simplePermission:PageViewablePublic ;
+        .
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_not_modifiable_statements_dataset.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_not_modifiable_statements_dataset.n3
new file mode 100644
index 0000000000..ac5deffc55
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/firsttime/policy_not_modifiable_statements_dataset.n3
@@ -0,0 +1,27 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:ProhibitedNamespaceExceptionsTestData 
+        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#moniker> ;
+        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime> ;
+        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/public#mainImage> ;
+        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Link> ;
+        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#primaryLink> ;
+        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#additionalLink> ;
+        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkAnchor> ;
+        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkURL> ;
+        .
+        
+ai:ProhibitedNamespaceTestData
+        ao:dataValue  ai:prohibitedNamespacePrefix ; 
+        .
+        
+ai:prohibitedNamespacePrefix rdf:type ao:TestValue ;
+        ao:id "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#" ;
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_public_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_public_simple_permissions_dataset.n3
new file mode 100644
index 0000000000..abe82d727d
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/firsttime/policy_public_simple_permissions_dataset.n3
@@ -0,0 +1,16 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+
+ai:PublicSimplePermissionsTestData  
+        # permissions for ANY user, even if they are not logged in.
+        ao:dataValue simplePermission:QueryFullModel ;
+        ao:dataValue simplePermission:PageViewablePublic ;
+        .
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_simple_permissions_dataset.n3
new file mode 100644
index 0000000000..39f148534d
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_simple_permissions_dataset.n3
@@ -0,0 +1,25 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+
+ai:SelfEditorSimplePermissionsTestData 
+        # permissions for ANY logged-in user.
+        ao:dataValue simplePermission:DoFrontEndEditing ;
+        ao:dataValue simplePermission:EditOwnAccount ;
+        ao:dataValue simplePermission:ManageOwnProxies ;
+        ao:dataValue simplePermission:QueryUserAccountsModel ;
+        ao:dataValue simplePermission:UseBasicAjaxControllers ;
+        ao:dataValue simplePermission:UseMiscellaneousPages ;
+        ao:dataValue simplePermission:PageViewableLoggedIn ;
+
+        # permissions for ANY user, even if they are not logged in.
+        ao:dataValue simplePermission:QueryFullModel ;
+	ao:dataValue simplePermission:PageViewablePublic ;
+        .
diff --git a/webapp/src/main/webapp/WEB-INF/resources/startup_listeners.txt b/webapp/src/main/webapp/WEB-INF/resources/startup_listeners.txt
index a68ba860c0..9244f325b6 100644
--- a/webapp/src/main/webapp/WEB-INF/resources/startup_listeners.txt
+++ b/webapp/src/main/webapp/WEB-INF/resources/startup_listeners.txt
@@ -29,23 +29,19 @@ edu.cornell.mannlib.vitro.webapp.web.images.PlaceholderUtil$Setup
 
 edu.cornell.mannlib.vitro.webapp.servlet.setup.FileGraphSetup
 
+edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator
+
 edu.cornell.mannlib.vitro.webapp.application.ApplicationImpl$ReasonersSetup
 edu.cornell.mannlib.vitro.webapp.servlet.setup.SimpleReasonerSetup
 
 # Must run after JenaDataSourceSetup
 edu.cornell.mannlib.vitro.webapp.servlet.setup.ThemeInfoSetup
 
-edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionRegistry$Setup
-
 edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionSetsSmokeTest
 
-edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBean$Setup
-
 edu.cornell.mannlib.vitro.webapp.auth.policy.setup.CommonPolicyFamilySetup
 
-edu.cornell.mannlib.vitro.webapp.auth.policy.RootUserPolicy$Setup
-
-edu.cornell.mannlib.vitro.webapp.auth.policy.RestrictHomeMenuItemEditingPolicy$Setup
+edu.cornell.mannlib.vitro.webapp.auth.RootUserSetup
 
 edu.cornell.mannlib.vitro.webapp.services.shortview.ShortViewServiceSetup
 
diff --git a/webapp/src/main/webapp/templates/edit/specific/dataprop_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/dataprop_retry.jsp
index 0e5cda5bcb..08757afb9e 100644
--- a/webapp/src/main/webapp/templates/edit/specific/dataprop_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/dataprop_retry.jsp
@@ -1,7 +1,8 @@
 <%-- $This file is distributed under the terms of the license in LICENSE$ --%>
 
 <%@ taglib prefix="form" uri="http://vitro.mannlib.cornell.edu/edit/tags" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib prefix="c"  uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
 <%-- colspan set to 4 in DatapropRetryController.java --%>
 <tr class="editformcell">
 	<td valign="top" colspan="2">
@@ -122,29 +123,46 @@
 	</td>
 </tr>
 <tr><td colspan="5"><hr class="formDivider"/></td></tr>
-<tr class="editformcell">
-	<td valign="top" colspan="2">
-		<b>Display level</b><br/>
-		<select name="HiddenFromDisplayBelowRoleLevelUsingRoleUri">
-		    <form:option name="HiddenFromDisplayBelowRoleLevelUsingRoleUri"/>
-		</select>
-	</td>
-	<td valign="top" colspan="2">
-		<b>Update level</b><br />
-		<select name="ProhibitedFromUpdateBelowRoleLevelUsingRoleUri">
-		    <form:option name="ProhibitedFromUpdateBelowRoleLevelUsingRoleUri"/>
-		</select>
-	</td>
-</tr>
-<tr class="editformcell">
-	<td valign="top" colspan="2">
-		<b>Publish level</b><br/>
-		<select name="HiddenFromPublishBelowRoleLevelUsingRoleUri">
-		    <form:option name="HiddenFromPublishBelowRoleLevelUsingRoleUri"/>
-		</select>
-	</td>
-</tr>
-<tr><td colspan="5"><hr class="formDivider"/></td></tr>
+<!-- Permissions -->
+<c:if test="${!empty roles}">
+	<input id="_permissions" type="hidden" name="_permissions" value="enabled" />
+	<input id="_permissionsEntityURI" type="hidden" name="_permissionsEntityURI" value="${_permissionsEntityURI}" />
+	<input id="_permissionsEntityType" type="hidden" name="_permissionsEntityType" value="DATA_PROPERTY" />
+	<tr class="editformcell">
+		<td valign="top" colspan="5">
+			<b>Display</b> permissions for this property<br/>
+			<c:forEach var="role" items="${roles}">
+				<input id="display${role.label}" type="checkbox" name="displayRoles" value="${role.uri}" ${fn:contains(displayRoles, role.uri)?'checked':''}  />
+				<label class="inline" for="display${role.label}"> ${role.label}</label>
+				&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+			</c:forEach>
+		</td>
+	</tr>
+	<tr><td colspan="5"><hr class="formDivider"/></td></tr>
+	<tr class="editformcell">
+		<td valign="top" colspan="5">
+			<b>Update</b> permissions for this property<br/>
+			<c:forEach var="role" items="${roles}">
+				<input id="update${role.label}" type="checkbox" name="updateRoles" value="${role.uri}" ${fn:contains(updateRoles, role.uri)?'checked':''} ${role.isForPublic()?'disabled':''} />
+				<label class="inline" for="update${role.label}"> ${role.label}</label>
+				&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+			</c:forEach>
+		</td>
+	</tr>
+	<tr><td colspan="5"><hr class="formDivider"/></td></tr>
+	<tr class="editformcell">
+		<td valign="top" colspan="5">
+			<b>Publish</b> permissions for this property<br/>
+			<c:forEach var="role" items="${roles}">
+				<input id="publish${role.label}" type="checkbox" name="publishRoles" value="${role.uri}" ${fn:contains(publishRoles, role.uri)?'checked':''}  />
+				<label class="inline" for="publish${role.label}"> ${role.label}</label>
+				&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+			</c:forEach>
+		</td>
+	</tr>
+	<tr><td colspan="5"><hr class="formDivider"/></td></tr>
+</c:if>
+<!-- Permissions End -->
 <tr class="editformcell">
 	<td valign="top" colspan="2">
 		<b>Display tier</b> within property group<br/>
diff --git a/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp
index beeae3259f..fe2112ff9c 100644
--- a/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp
@@ -1,7 +1,8 @@
 <%-- $This file is distributed under the terms of the license in LICENSE$ --%>
 
 <%@ taglib prefix="form" uri="http://vitro.mannlib.cornell.edu/edit/tags" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib prefix="c"  uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
 
 <tr class="editformcell">
     <td valign="top" colspan="2">
@@ -59,28 +60,46 @@
 
 <tr><td colspan="5"><hr class="formDivider"/></td></tr>
 
-<tr class="editformcell">
-    <td valign="top" colspan="2">
-        <b>Display level</b><br />
-        <select name="HiddenFromDisplayBelowRoleLevelUsingRoleUri">
-            <form:option name="HiddenFromDisplayBelowRoleLevelUsingRoleUri"/>
-        </select>
-    </td>
-    <td valign="top" colspan="1">
-        <b>Update level</b><br/>
-        <select name="ProhibitedFromUpdateBelowRoleLevelUsingRoleUri">
-            <form:option name="ProhibitedFromUpdateBelowRoleLevelUsingRoleUri"/>
-        </select>
-    </td>
-    <td valign="top" colspan="2">
-        <b>Publish level</b><br />
-        <select name="HiddenFromPublishBelowRoleLevelUsingRoleUri">
-            <form:option name="HiddenFromPublishBelowRoleLevelUsingRoleUri"/>
-        </select>
-    </td>
-</tr>
-
-<tr><td colspan="5"><hr class="formDivider"/></td></tr>
+<!-- Permissions -->
+<c:if test="${!empty roles}">
+    <input id="_permissions" type="hidden" name="_permissions" value="enabled" />
+    <input id="_permissionsEntityURI" type="hidden" name="_permissionsEntityURI" value="${_permissionsEntityURI}" />
+    <input id="_permissionsEntityType" type="hidden" name="_permissionsEntityType" value="FAUX_PROPERTY" />
+    <tr class="editformcell">
+        <td valign="top" colspan="5">
+            <b>Display</b> permissions for this property<br/>
+            <c:forEach var="role" items="${roles}">
+                <input id="display${role.label}" type="checkbox" name="displayRoles" value="${role.uri}" ${fn:contains(displayRoles, role.uri)?'checked':''}  />
+                <label class="inline" for="display${role.label}"> ${role.label}</label>
+                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+            </c:forEach>
+        </td>
+    </tr>
+    <tr><td colspan="5"><hr class="formDivider"/></td></tr>
+    <tr class="editformcell">
+        <td valign="top" colspan="5">
+            <b>Update</b> permissions for this property<br/>
+            <c:forEach var="role" items="${roles}">
+                <input id="update${role.label}" type="checkbox" name="updateRoles" value="${role.uri}" ${fn:contains(updateRoles, role.uri)?'checked':''} ${role.isForPublic()?'disabled':''} />
+                <label class="inline" for="update${role.label}"> ${role.label}</label>
+                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+            </c:forEach>
+        </td>
+    </tr>
+    <tr><td colspan="5"><hr class="formDivider"/></td></tr>
+    <tr class="editformcell">
+        <td valign="top" colspan="5">
+            <b>Publish</b> permissions for this property<br/>
+            <c:forEach var="role" items="${roles}">
+                <input id="publish${role.label}" type="checkbox" name="publishRoles" value="${role.uri}" ${fn:contains(publishRoles, role.uri)?'checked':''}  />
+                <label class="inline" for="publish${role.label}"> ${role.label}</label>
+                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+            </c:forEach>
+        </td>
+    </tr>
+    <tr><td colspan="5"><hr class="formDivider"/></td></tr>
+</c:if>
+<!-- Permissions End -->
 
 <tr class="editformcell">
     <td valign="top" colspan="1">
diff --git a/webapp/src/main/webapp/templates/edit/specific/property_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/property_retry.jsp
index 5cb3682d04..22d8486aa7 100644
--- a/webapp/src/main/webapp/templates/edit/specific/property_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/property_retry.jsp
@@ -1,7 +1,8 @@
 <%-- $This file is distributed under the terms of the license in LICENSE$ --%>
 
 <%@ taglib prefix="form" uri="http://vitro.mannlib.cornell.edu/edit/tags" %>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib prefix="c"  uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
 
 <%-- colspan set to 6 in PropertyRetryController.java --%>
 <tr class="editformcell">
@@ -186,29 +187,46 @@
     </td>
 </tr>
 <tr><td colspan="5"><hr class="formDivider"/></td></tr>
-<tr class="editformcell">
-    <td valign="top" colspan="2">
-        <b>Display level</b><br />
-        <select name="HiddenFromDisplayBelowRoleLevelUsingRoleUri">
-            <form:option name="HiddenFromDisplayBelowRoleLevelUsingRoleUri"/>
-        </select>
-    </td>
-    <td valign="top" colspan="2">
-        <b>Update level</b><br/>
-        <select name="ProhibitedFromUpdateBelowRoleLevelUsingRoleUri">
-            <form:option name="ProhibitedFromUpdateBelowRoleLevelUsingRoleUri"/>
-        </select>
-    </td>
-</tr>
-<tr class="editformcell">
-    <td valign="top" colspan="2">
-        <b>Publish level</b><br />
-        <select name="HiddenFromPublishBelowRoleLevelUsingRoleUri">
-            <form:option name="HiddenFromPublishBelowRoleLevelUsingRoleUri"/>
-        </select>
-    </td>
-</tr>
-<tr><td colspan="5"><hr class="formDivider"/></td></tr>
+<!-- Permissions -->
+<c:if test="${!empty roles}">
+    <input id="_permissions" type="hidden" name="_permissions" value="enabled" />
+    <input id="_permissionsEntityURI" type="hidden" name="_permissionsEntityURI" value="${_permissionsEntityURI}" />
+    <input id="_permissionsEntityType" type="hidden" name="_permissionsEntityType" value="OBJECT_PROPERTY" />
+    <tr class="editformcell">
+        <td valign="top" colspan="5">
+            <b>Display</b> permissions for this property<br/>
+            <c:forEach var="role" items="${roles}">
+                <input id="display${role.label}" type="checkbox" name="displayRoles" value="${role.uri}" ${fn:contains(displayRoles, role.uri)?'checked':''}  />
+                <label class="inline" for="display${role.label}"> ${role.label}</label>
+                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+            </c:forEach>
+        </td>
+    </tr>
+    <tr><td colspan="5"><hr class="formDivider"/></td></tr>
+    <tr class="editformcell">
+        <td valign="top" colspan="5">
+            <b>Update</b> permissions for this property<br/>
+            <c:forEach var="role" items="${roles}">
+                <input id="update${role.label}" type="checkbox" name="updateRoles" value="${role.uri}" ${fn:contains(updateRoles, role.uri)?'checked':''} ${role.isForPublic()?'disabled':''} />
+                <label class="inline" for="update${role.label}"> ${role.label}</label>
+                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+            </c:forEach>
+        </td>
+    </tr>
+    <tr><td colspan="5"><hr class="formDivider"/></td></tr>
+    <tr class="editformcell">
+        <td valign="top" colspan="5">
+            <b>Publish</b> permissions for this property<br/>
+            <c:forEach var="role" items="${roles}">
+                <input id="publish${role.label}" type="checkbox" name="publishRoles" value="${role.uri}" ${fn:contains(publishRoles, role.uri)?'checked':''}  />
+                <label class="inline" for="publish${role.label}"> ${role.label}</label>
+                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+            </c:forEach>
+        </td>
+    </tr>
+    <tr><td colspan="5"><hr class="formDivider"/></td></tr>
+</c:if>
+<!-- Permissions End -->
 <tr class="editformcell">
     <td valign="top" colspan="1">
         <b>Display tier</b> for this property<br/>
diff --git a/webapp/src/main/webapp/templates/edit/specific/vclass_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/vclass_retry.jsp
index f7f6dd56a1..6a567472f5 100644
--- a/webapp/src/main/webapp/templates/edit/specific/vclass_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/vclass_retry.jsp
@@ -2,7 +2,9 @@
 
 <!-- $This file is distributed under the terms of the license in LICENSE$ -->
 
-<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:c="http://java.sun.com/jsp/jstl/core" xmlns:form="http://vitro.mannlib.cornell.edu/edit/tags" version="2.0">
+<%@ taglib prefix="form" uri="http://vitro.mannlib.cornell.edu/edit/tags" %>
+<%@ taglib prefix="c"  uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
 
 <tr class="editformcell">
 	<td valign="bottom" colspan="2">
@@ -83,29 +85,46 @@
 	</td>
 </tr>
 <tr><td colspan="4"><hr class="formDivider"/></td></tr>
-<tr class="editformcell">
-    <td valign="bottom" colspan="1">
-        <b>Display level</b><br/>
-        <select name="HiddenFromDisplayBelowRoleLevelUsingRoleUri">
-            <form:option name="HiddenFromDisplayBelowRoleLevelUsingRoleUri"/>
-        </select>
-    </td>
-    <td valign="bottom" colspan="1">
-        <b>Update level</b><br/>
-        <select name="ProhibitedFromUpdateBelowRoleLevelUsingRoleUri">
-            <form:option name="ProhibitedFromUpdateBelowRoleLevelUsingRoleUri"/>
-        </select>
-    </td>
-</tr>
-<tr class="editformcell">
-    <td valign="bottom" colspan="1">
-        <b>Publish level</b><br/>
-        <select name="HiddenFromPublishBelowRoleLevelUsingRoleUri">
-            <form:option name="HiddenFromPublishBelowRoleLevelUsingRoleUri"/>
-        </select>
-    </td>
-</tr>
-<tr><td colspan="4"><hr class="formDivider"/></td></tr>
+<!-- Permissions -->
+<c:if test="${!empty roles}">
+    <input id="_permissions" type="hidden" name="_permissions" value="enabled" />
+    <input id="_permissionsEntityURI" type="hidden" name="_permissionsEntityURI" value="${_permissionsEntityURI}" />
+    <input id="_permissionsEntityType" type="hidden" name="_permissionsEntityType" value="CLASS" />
+    <tr class="editformcell">
+        <td valign="top" colspan="4">
+            <b>Display</b> permissions for this property<br/>
+            <c:forEach var="role" items="${roles}">
+                <input id="display${role.label}" type="checkbox" name="displayRoles" value="${role.uri}" ${fn:contains(displayRoles, role.uri)?'checked':''} />
+                <label class="inline" for="display${role.label}"> ${role.label}</label>
+                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+            </c:forEach>
+        </td>
+    </tr>
+    <tr><td colspan="4"><hr class="formDivider"/></td></tr>
+    <tr class="editformcell">
+        <td valign="top" colspan="4">
+            <b>Update</b> permissions for this property<br/>
+            <c:forEach var="role" items="${roles}">
+                <input id="update${role.label}" type="checkbox" name="updateRoles" value="${role.uri}" ${fn:contains(updateRoles, role.uri)?'checked':''} ${role.isForPublic()?'disabled':''} />
+                <label class="inline" for="update${role.label}"> ${role.label}</label>
+                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+            </c:forEach>
+        </td>
+    </tr>
+    <tr><td colspan="4"><hr class="formDivider"/></td></tr>
+    <tr class="editformcell">
+        <td valign="top" colspan="4">
+            <b>Publish</b> permissions for this property<br/>
+            <c:forEach var="role" items="${roles}">
+                <input id="publish${role.label}" type="checkbox" name="publishRoles" value="${role.uri}" ${fn:contains(publishRoles, role.uri)?'checked':''}  />
+                <label class="inline" for="publish${role.label}"> ${role.label}</label>
+                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+            </c:forEach>
+        </td>
+    </tr>
+    <tr><td colspan="4"><hr class="formDivider"/></td></tr>
+</c:if>
+<!-- Permissions End -->
 <tr class="editformcell">
 	<!--td valign="top" colspan="1">
 		<b>Display Limit</b><br/>
@@ -133,4 +152,3 @@
 	</td>
 </tr>
 <tr><td colspan="4"><hr class="formDivider"/></td></tr>
-</jsp:root>
diff --git a/webapp/src/main/webapp/templates/freemarker/lib/lib-properties.ftl b/webapp/src/main/webapp/templates/freemarker/lib/lib-properties.ftl
index 2d5872979f..cf4699ecf4 100644
--- a/webapp/src/main/webapp/templates/freemarker/lib/lib-properties.ftl
+++ b/webapp/src/main/webapp/templates/freemarker/lib/lib-properties.ftl
@@ -250,9 +250,6 @@ name will be used as the label. -->
             <a class="propertyLink" href="${verboseDisplay.propertyEditUrl}" title="${i18n().name}">${verboseDisplay.localName}</a>
             (<span>${property.type?lower_case}</span> property);
             order in group: <span>${verboseDisplay.displayRank}</span>;
-            display level: <span>${verboseDisplay.displayLevel}</span>;
-            update level: <span>${verboseDisplay.updateLevel}</span>;
-            publish level: <span>${verboseDisplay.publishLevel}</span>
         </section>
     </#if>
 </#macro>

From 0f7e0c0126897d51636c808cd52cd109afc5c9ab Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Tue, 6 Jun 2023 13:20:31 +0200
Subject: [PATCH 002/148] and authorization request

---
 .../webapp/auth/policy/PolicyHelper.java      | 37 ++++++-----
 .../AndAuthorizationRequest.java              | 46 ++++++++++++++
 .../auth/requestedAction/AuthHelper.java      | 61 -------------------
 .../requestedAction/AuthorizationRequest.java | 37 ++++++++++-
 .../OrAuthorizationRequest.java               | 49 +++++++++++++++
 .../ajax/ManageProxiesAjaxController.java     |  3 +-
 .../controller/jena/JenaExportController.java |  3 +-
 .../ManageLabelsForIndividualGenerator.java   |  4 +-
 .../EditRequestDispatchController.java        |  3 +-
 .../BaseIndividualTemplateModel.java          |  4 +-
 10 files changed, 159 insertions(+), 88 deletions(-)
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthHelper.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
index e6b41374c3..e2faee6dbc 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
@@ -34,6 +34,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.WRAP_TYPE;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
@@ -63,13 +64,8 @@ public static boolean isAuthorizedForActions(IdentifierBundle ids, Authorization
         if (ar.getPredefinedDecision() != DecisionResult.INCONCLUSIVE){
             return ar.getPredefinedDecision() == DecisionResult.AUTHORIZED;
         }
-        if (ar.isContainer()) {
-            List<AuthorizationRequest> items = ar.getItems();
-            boolean result = false;
-            for (AuthorizationRequest item : items ) {
-                result = result || isAuthorizedForActions(ids, item);
-            }
-            return result;
+        if (ar.getWrapType() != null) {
+            return processUnwrappedAuthorizationRequest(ar, ids);
         }
         return actionRequestIsAuthorized(ids, ar.getAccessObject(), ar.getAccessOperation());
     }
@@ -82,18 +78,29 @@ public static boolean isAuthorizedForActions(HttpServletRequest req, Authorizati
         if (ar.getPredefinedDecision() != DecisionResult.INCONCLUSIVE){
             return ar.getPredefinedDecision() == DecisionResult.AUTHORIZED;
         }
-        if (ar.isContainer()) {
-            List<AuthorizationRequest> items = ar.getItems();
-            boolean result = false;
-            for (AuthorizationRequest item : items ) {
-                result = result || isAuthorizedForActions(req, item);
-            }
-            return result;
-        }
         IdentifierBundle ids = RequestIdentifiers.getIdBundleForRequest(req);
+        if (ar.getWrapType() != null) {
+            return processUnwrappedAuthorizationRequest(ar, ids);
+        }
         return actionRequestIsAuthorized(ids, ar.getAccessObject(), ar.getAccessOperation());
     }
 
+    private static boolean processUnwrappedAuthorizationRequest(AuthorizationRequest ar, IdentifierBundle ids) {
+        List<AuthorizationRequest> items = ar.getItems();
+        boolean result = false;
+        if (WRAP_TYPE.OR == ar.getWrapType()) {
+            for (AuthorizationRequest item : items ) {
+                result = result || isAuthorizedForActions(ids, item);
+            }    
+        } else {
+            result = true;
+            for (AuthorizationRequest item : items ) {
+                result = result && isAuthorizedForActions(ids, item);
+            } 
+        }
+        return result;
+    }
+
 	private static boolean actionRequestIsAuthorized(IdentifierBundle ids, AccessObject ao, AccessOperation operation) {
 	    if (operation == null) {
 	        log.error("Opeartion is null, accessObject " + ao );
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java
new file mode 100644
index 0000000000..612cc5dde1
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java
@@ -0,0 +1,46 @@
+package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
+
+import java.util.Arrays;
+import java.util.List;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+
+public class AndAuthorizationRequest extends AuthorizationRequest {
+
+	private final AuthorizationRequest ar1;
+	private final AuthorizationRequest ar2;
+
+	AndAuthorizationRequest(AuthorizationRequest ar1, AuthorizationRequest ar2) {
+		this.ar1 = ar1;
+		this.ar2 = ar2;
+	}
+
+    @Override
+    public WRAP_TYPE getType() {
+        return WRAP_TYPE.AND;
+    }
+	
+    public List<AuthorizationRequest> getItems(){
+        return Arrays.asList(ar1, ar2);
+    };
+
+	@Override
+	public String toString() {
+		return "(" + ar1 + " && " + ar2 + ")";
+	}
+    @Override
+    public AccessObject getAccessObject() {
+        return null;
+    }
+    @Override
+    public AccessOperation getAccessOperation() {
+        return null;
+    }
+    @Override
+    public IdentifierBundle getIds() {
+        return null;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthHelper.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthHelper.java
deleted file mode 100644
index cd23112a29..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthHelper.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
-
-import java.util.Arrays;
-import java.util.List;
-
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
-
-public class AuthHelper {
-
-    static class OrAuthorizationRequest extends AuthorizationRequest {
-    	private final AuthorizationRequest ar1;
-    	private final AuthorizationRequest ar2;
-    
-    	private OrAuthorizationRequest(AuthorizationRequest ar1, AuthorizationRequest ar2) {
-    		this.ar1 = ar1;
-    		this.ar2 = ar2;
-    	}
-    	@Override
-        public boolean isContainer() {
-            return true;
-        }
-
-        public List<AuthorizationRequest> getItems(){
-            return Arrays.asList(ar1, ar2);
-        };
-
-    
-    	@Override
-    	public String toString() {
-    		return "(" + ar1 + " || " + ar2 + ")";
-    	}
-        @Override
-        public AccessObject getAccessObject() {
-            // TODO Auto-generated method stub
-            return null;
-        }
-        @Override
-        public AccessOperation getAccessOperation() {
-            // TODO Auto-generated method stub
-            return null;
-        }
-        @Override
-        public IdentifierBundle getIds() {
-            // TODO Auto-generated method stub
-            return null;
-        }
-    }
-
-    public static AuthorizationRequest logicOr(AuthorizationRequest fist, AuthorizationRequest second) {
-        if (fist == null) {
-            return second;
-        } else if (second == null) {
-            return fist;
-        } else {
-            return new AuthHelper.OrAuthorizationRequest(fist, second);
-        }
-    }
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
index 4672bee4ad..716b1ab6b8 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
@@ -13,6 +13,8 @@ public abstract class AuthorizationRequest {
     public static final AuthorizationRequest UNAUTHORIZED = new ForbiddenAuthorizationRequest();
     public static final AuthorizationRequest AUTHORIZED = new AllowedAuthorizationRequest();
     
+    public static enum WRAP_TYPE { AND , OR } ; 
+    
     IdentifierBundle ids;
     private List<String> editorUris = Collections.emptyList();
     List<String> roleUris = Collections.emptyList();
@@ -22,8 +24,8 @@ public void setRoleUris(List<String> roleUris) {
         this.roleUris = roleUris;
     }
 
-    public boolean isContainer() {
-        return false;
+    public WRAP_TYPE getWrapType() {
+        return null;
     }
 
     public DecisionResult getPredefinedDecision(){
@@ -56,6 +58,37 @@ public void setEditorUris(List<String> list) {
 
     public List<String> getEditorUris(){
         return editorUris;
+    }
+
+    public AuthorizationRequest or(AuthorizationRequest authRequest) {
+        if (authRequest == null) {
+            return this;
+        } else {
+            return new OrAuthorizationRequest(this, authRequest);
+        }
+    };
+    
+    public AuthorizationRequest and(AuthorizationRequest authRequest) {
+        if (authRequest == null) {
+            return this;
+        } else {
+            return new AndAuthorizationRequest(this, authRequest);
+        }
+    };
+    
+    public static AuthorizationRequest or(AuthorizationRequest fist, AuthorizationRequest second) {
+        if (fist == null) {
+            return second;
+        } else if (second == null) {
+            return fist;
+        } else {
+            return new OrAuthorizationRequest(fist, second);
+        }
+    }
+
+    public WRAP_TYPE getType() {
+        // TODO Auto-generated method stub
+        return null;
     };
     
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java
new file mode 100644
index 0000000000..cbbb6bd2e9
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java
@@ -0,0 +1,49 @@
+package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
+
+import java.util.Arrays;
+import java.util.List;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+
+public class OrAuthorizationRequest extends AuthorizationRequest {
+
+	private final AuthorizationRequest ar1;
+	private final AuthorizationRequest ar2;
+
+	OrAuthorizationRequest(AuthorizationRequest ar1, AuthorizationRequest ar2) {
+		this.ar1 = ar1;
+		this.ar2 = ar2;
+	}
+
+    public List<AuthorizationRequest> getItems(){
+        return Arrays.asList(ar1, ar2);
+    };
+
+    @Override
+    public WRAP_TYPE getType() {
+        return WRAP_TYPE.OR;
+    }
+    
+	@Override
+	public String toString() {
+		return "(" + ar1 + " || " + ar2 + ")";
+	}
+    @Override
+    public AccessObject getAccessObject() {
+        // TODO Auto-generated method stub
+        return null;
+    }
+    @Override
+    public AccessOperation getAccessOperation() {
+        // TODO Auto-generated method stub
+        return null;
+    }
+    @Override
+    public IdentifierBundle getIds() {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/ManageProxiesAjaxController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/ManageProxiesAjaxController.java
index 40b27ddc85..9c1296d1c3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/ManageProxiesAjaxController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/ManageProxiesAjaxController.java
@@ -12,7 +12,6 @@
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
@@ -29,7 +28,7 @@ public class ManageProxiesAjaxController extends VitroAjaxController {
 
 	@Override
 	protected AuthorizationRequest requiredActions(VitroRequest vreq) {
-		return AuthHelper.logicOr(
+		return AuthorizationRequest.or(
 		        SimplePermission.MANAGE_OWN_PROXIES.ACTION
 				,SimplePermission.MANAGE_PROXIES.ACTION);
 	}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java
index 663d84d713..7cfbdaf4e5 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java
@@ -32,7 +32,6 @@
 
 import edu.cornell.mannlib.vedit.controller.BaseEditController;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@@ -46,7 +45,7 @@
 @WebServlet(name = "JenaExportController", urlPatterns = {"/export/*"} )
 public class JenaExportController extends BaseEditController {
 	private static final AuthorizationRequest REQUIRED_ACTIONS = 
-	        AuthHelper.logicOr(
+	        AuthorizationRequest.or(
 	        SimplePermission.USE_ADVANCED_DATA_TOOLS_PAGES.ACTION,
 			SimplePermission.EDIT_ONTOLOGY.ACTION);
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/generators/ManageLabelsForIndividualGenerator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/generators/ManageLabelsForIndividualGenerator.java
index 54978536a3..779fe59e68 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/generators/ManageLabelsForIndividualGenerator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/generators/ManageLabelsForIndividualGenerator.java
@@ -32,7 +32,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthHelper;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
@@ -296,7 +296,7 @@ private Object isEditable(VitroRequest vreq, EditConfigurationVTwo config) {
 		ObjectPropertyStatementAccessObject aops = new ObjectPropertyStatementAccessObject(
 				vreq.getJenaOntModel(), individual.getURI(),
 				SOME_PREDICATE, SOME_URI);
-    	return PolicyHelper.isAuthorizedForActions(vreq, AuthHelper.logicOr(new SimpleAuthorizationRequest(aops, AccessOperation.ADD), new SimpleAuthorizationRequest(aops, AccessOperation.ADD)));
+    	return PolicyHelper.isAuthorizedForActions(vreq, AuthorizationRequest.or(new SimpleAuthorizationRequest(aops, AccessOperation.ADD), new SimpleAuthorizationRequest(aops, AccessOperation.ADD)));
 	}
 
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
index 5575a3ce08..93f093937a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
@@ -23,7 +23,6 @@
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
@@ -107,7 +106,7 @@ protected AuthorizationRequest requiredActions(VitroRequest vreq) {
 		}
 		final DataPropertyStatementAccessObject editDataPropertyStatement = new DataPropertyStatementAccessObject(ontModel, subjectUri, predicateUri, objectUri);
         boolean isAuthorized = PolicyHelper.isAuthorizedForActions(vreq, 
-		        AuthHelper.logicOr(
+		        AuthorizationRequest.or(
 		                new SimpleAuthorizationRequest(editDataPropertyStatement, AccessOperation.EDIT), 
 		                new SimpleAuthorizationRequest(objectPropertyAction, ao)));
 		if (!isAuthorized) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
index f25fd78b57..05348c82be 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
@@ -23,7 +23,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthHelper;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
@@ -128,7 +128,7 @@ public boolean isEditable() {
         ObjectPropertyStatementAccessObject aops = new ObjectPropertyStatementAccessObject(
 				vreq.getJenaOntModel(), individual.getURI(),
 				SOME_PREDICATE, SOME_URI);
-    	return PolicyHelper.isAuthorizedForActions(vreq, AuthHelper.logicOr(new SimpleAuthorizationRequest(adps, AccessOperation.ADD), new SimpleAuthorizationRequest(aops, AccessOperation.ADD)));
+    	return PolicyHelper.isAuthorizedForActions(vreq, AuthorizationRequest.or(new SimpleAuthorizationRequest(adps, AccessOperation.ADD), new SimpleAuthorizationRequest(aops, AccessOperation.ADD)));
     }
 
     public boolean getShowAdminPanel() {

From d25f02769f8ca32d07effd6cf579c138617d149c Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Tue, 6 Jun 2023 13:20:50 +0200
Subject: [PATCH 003/148] reverted page controller modifications

---
 .../requestedAction/AuthorizationRequest.java | 21 ++++---------------
 .../controller/freemarker/PageController.java | 16 ++++++++++----
 .../mannlib/vitro/webapp/dao/PageDao.java     |  2 +-
 .../vitro/webapp/dao/jena/PageDaoJena.java    |  8 ++-----
 4 files changed, 19 insertions(+), 28 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
index 716b1ab6b8..7f51a84fa9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
@@ -60,22 +60,6 @@ public List<String> getEditorUris(){
         return editorUris;
     }
 
-    public AuthorizationRequest or(AuthorizationRequest authRequest) {
-        if (authRequest == null) {
-            return this;
-        } else {
-            return new OrAuthorizationRequest(this, authRequest);
-        }
-    };
-    
-    public AuthorizationRequest and(AuthorizationRequest authRequest) {
-        if (authRequest == null) {
-            return this;
-        } else {
-            return new AndAuthorizationRequest(this, authRequest);
-        }
-    };
-    
     public static AuthorizationRequest or(AuthorizationRequest fist, AuthorizationRequest second) {
         if (fist == null) {
             return second;
@@ -85,9 +69,12 @@ public static AuthorizationRequest or(AuthorizationRequest fist, AuthorizationRe
             return new OrAuthorizationRequest(fist, second);
         }
     }
+    
+    public AuthorizationRequest and(AuthorizationRequest second) {
+        return new AndAuthorizationRequest(this, second);
+    }
 
     public WRAP_TYPE getType() {
-        // TODO Auto-generated method stub
         return null;
     };
     
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java
index 1f48adcee9..d1da6275df 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java
@@ -16,6 +16,9 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObjectImpl;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
@@ -64,11 +67,16 @@ protected AuthorizationRequest requiredActions(VitroRequest vreq) {
      * Get all the required actions directly required for the page.
      */
     private AuthorizationRequest getActionsForPage( VitroRequest vreq ) throws Exception{
-        String uri = vreq.getWebappDaoFactory().getPageDao().getRequiredActions( getPageUri(vreq) );
-        if (StringUtils.isBlank(uri)) {
-            return AuthorizationRequest.AUTHORIZED;
+        List<String> simplePremUris = vreq.getWebappDaoFactory().getPageDao().getRequiredActions( getPageUri(vreq) );
+        AuthorizationRequest auth = AuthorizationRequest.AUTHORIZED;
+        for( String uri : simplePremUris ){
+            if (StringUtils.isBlank(uri)) {
+                continue;
+            }
+            AccessObjectImpl ao = new AccessObjectImpl(uri, AccessObjectType.NAMED_OBJECT);
+            auth = auth.and( new SimpleAuthorizationRequest(ao, AccessOperation.EXECUTE));
         }
-        return new SimpleAuthorizationRequest(uri);
+        return auth;
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/PageDao.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/PageDao.java
index 2688d96004..d1651ee618 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/PageDao.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/PageDao.java
@@ -31,5 +31,5 @@ public interface PageDao {
      * Does not get required actions for any data getters that are
      * related to the page.
      */
-    String getRequiredActions(String pageUri);
+    List<String> getRequiredActions(String pageUri);
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/PageDaoJena.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/PageDaoJena.java
index 702956f79f..8585b5c9d8 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/PageDaoJena.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/jena/PageDaoJena.java
@@ -530,7 +530,7 @@ public List<String> getDataGetterClass(String pageUri) {
     /**
      * Gets the requiredActions directly associated with page.
      */
-    public String getRequiredActions(String pageUri){
+    public List<String> getRequiredActions(String pageUri){
         QuerySolutionMap initialBindings = new QuerySolutionMap();
         initialBindings.add("pageUri", ResourceFactory.createResource(pageUri));
         List<String> actions = new ArrayList<String>();
@@ -545,11 +545,7 @@ public String getRequiredActions(String pageUri){
         }finally{
             dModel.leaveCriticalSection();
         }
-        if (actions.isEmpty()) {
-            return "";
-        } else {
-            return actions.get(0);
-        }
+        return actions;
     }
 
     /* *************************** Utility methods ********************************* */

From 88d69c3a5a19b53b3a94c9de77ac10281a035114 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Tue, 6 Jun 2023 13:30:41 +0200
Subject: [PATCH 004/148] removed AccessRullStore with tests

---
 .../vedit/controller/OperationController.java |   5 -
 .../auth/attributes/AttributeFactory.java     |  14 +-
 .../auth/attributes/ObjectTypeAttribute.java  |   2 +-
 .../webapp/auth/policy/PolicyLoader.java      |   6 +
 .../webapp/auth/rules/AccessRuleFactory.java  |   3 +-
 .../webapp/auth/rules/AccessRuleStore.java    | 694 ------------------
 .../auth/rules/AccessRuleStoreTest.java       | 104 ---
 7 files changed, 16 insertions(+), 812 deletions(-)
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStore.java
 delete mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStoreTest.java

diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
index 674cace588..cb96b514f0 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
@@ -9,7 +9,6 @@
 import java.util.Arrays;
 import java.util.Enumeration;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -19,14 +18,10 @@
 import javax.servlet.http.HttpServletResponse;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
-import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRuleStore;
 import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
-import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
-import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.EnumUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
index 4c780947f0..b70425cba6 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
@@ -2,13 +2,13 @@
 
 import org.apache.jena.query.QuerySolution;
 
-import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRuleStore;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 
 public class AttributeFactory {
 
     public static Attribute createAttribute(QuerySolution qs) {
-        String typeId = qs.getLiteral(AccessRuleStore.TYPE_ID).getString();
-        String attributeUri = qs.getResource(AccessRuleStore.ATTRIBUTE).getURI();
+        String typeId = qs.getLiteral(PolicyLoader.TYPE_ID).getString();
+        String attributeUri = qs.getResource(PolicyLoader.ATTRIBUTE).getURI();
         AttributeType type = AttributeType.valueOf(typeId);
         String testId = qs.getLiteral("testId").getString();
         String value = getValue(qs);
@@ -47,12 +47,12 @@ public static Attribute createAttribute(QuerySolution qs) {
     }
 
     private static String getValue(QuerySolution qs) {
-        if (!qs.contains(AccessRuleStore.LITERAL_VALUE) ||
-            !qs.get(AccessRuleStore.LITERAL_VALUE).isLiteral()) {
-            String value = qs.getResource(AccessRuleStore.ATTR_VALUE).getURI();
+        if (!qs.contains(PolicyLoader.LITERAL_VALUE) ||
+            !qs.get(PolicyLoader.LITERAL_VALUE).isLiteral()) {
+            String value = qs.getResource(PolicyLoader.ATTR_VALUE).getURI();
             return value;
         } else {
-            String value = qs.getLiteral(AccessRuleStore.LITERAL_VALUE).toString();
+            String value = qs.getLiteral(PolicyLoader.LITERAL_VALUE).toString();
             return value;    
         }
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java
index 343583bad5..7015f48b37 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java
@@ -16,7 +16,7 @@ public ObjectTypeAttribute(String uri, String roleValue) {
 
     @Override
     public boolean match(AuthorizationRequest ar) {
-         AccessObject ao = ar.getAccessObject();
+        AccessObject ao = ar.getAccessObject();
         final String inputValue = ao.getType().toString();
         if (AttributeValueTester.test(this, ar, inputValue)) {
             log.debug("Attribute match requested object type '" + inputValue + "'");
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 1835cdfa83..1f3f746081 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -209,6 +209,12 @@ public class PolicyLoader {
 
     private Model userAccountsModel;
     private RDFService rdfService;
+    public static final String RULE = "rule";
+    public static final String LITERAL_VALUE = "lit_value";
+    public static final String ATTR_VALUE = "value";
+    public static final String ATTRIBUTE = "attribute";
+    public static final String TEST_ID = "testId";
+    public static final String TYPE_ID = "typeId";
     private static PolicyLoader INSTANCE;
     
     public static PolicyLoader getInstance() {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
index 1893fe7bec..aeacd2afd9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
@@ -5,6 +5,7 @@
 import org.apache.jena.query.QuerySolution;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 
 public class AccessRuleFactory {
 
@@ -12,7 +13,7 @@ public class AccessRuleFactory {
 
     public static AccessRule createRule(QuerySolution qs) {
         AccessRule ar = new SimpleAccessRule();
-        String ruleUri = qs.getResource(AccessRuleStore.RULE).getURI();
+        String ruleUri = qs.getResource(PolicyLoader.RULE).getURI();
         if (qs.contains("dataSetUri")) {
             ruleUri += "." + qs.getResource("dataSetUri").getURI();    
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStore.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStore.java
deleted file mode 100644
index 23b801374f..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStore.java
+++ /dev/null
@@ -1,694 +0,0 @@
-package edu.cornell.mannlib.vitro.webapp.auth.rules;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.UUID;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.jena.query.ParameterizedSparqlString;
-import org.apache.jena.query.Query;
-import org.apache.jena.query.QueryExecution;
-import org.apache.jena.query.QueryExecutionFactory;
-import org.apache.jena.query.QueryFactory;
-import org.apache.jena.query.QuerySolution;
-import org.apache.jena.query.ResultSet;
-import org.apache.jena.rdf.model.Model;
-import org.apache.jena.rdf.model.ModelFactory;
-import org.apache.jena.rdf.model.RDFNode;
-
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.TestType;
-import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
-import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObjectImpl;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.dao.jena.event.BulkUpdateEvent;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
-import edu.cornell.mannlib.vitro.webapp.rdfservice.ChangeSet;
-import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
-import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService.ModelSerializationFormat;
-import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFServiceException;
-import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
-
-public class AccessRuleStore {
-    private static final String NO_URI_VALUE = "";
-    public static final String ATTR_VALUE = "value";
-    public static final String LITERAL_VALUE = "lit_value";
-    public static final String TYPE_ID = "typeId";
-    public static final String TEST_ID = "testId";
-    public static final String ID = "id";
-    public static final String URI = "uri";
-    public static final String OBJECT_TYPE_ID = "objectTypeId";
-    public static final String OBJECT_URI = "objectUri";
-    public static final String OPERATION_ID = "operationId";
-    public static final String ATTRIBUTE = "attribute";
-    public static final String RULE = "rule";
-    
-    private static final String RULES_QUERY =
-            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
-          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-          + "SELECT ?" + RULE + " ?" + ATTRIBUTE + " ?" + TEST_ID + " ?" + TYPE_ID + " ?" + ATTR_VALUE + " ?" + LITERAL_VALUE + " \n"
-          + "WHERE {\n"
-          + "?" + RULE + " rdf:type ao:Rule .\n"
-          + "?" + RULE + " ao:attribute ?" + ATTRIBUTE + " .\n"
-          + "?" + ATTRIBUTE + " ao:test ?test .\n"
-          + "?test ao:id ?" + TEST_ID + " .\n"
-          + "?" + ATTRIBUTE + " ao:type ?type .\n"
-          + "?type ao:id ?" + TYPE_ID + " .\n"
-          + "?" + ATTRIBUTE + " ao:value ?" + ATTR_VALUE + " .\n"
-          + "OPTIONAL {?" + ATTR_VALUE + " ao:id ?" + LITERAL_VALUE + " . }\n"
-          + "} ORDER BY ?rule ?attribute";
-    
-    private static final String RULE_QUERY =
-            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
-          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-          + "SELECT ?" + RULE + " ?" + ATTRIBUTE + " ?" + TEST_ID + " ?" + TYPE_ID + " ?" + ATTR_VALUE + " ?" + LITERAL_VALUE + " \n"
-          + "WHERE {\n"
-          + "?" + RULE + " rdf:type ao:Rule .\n"
-          + "?" + RULE + " ao:attribute ?" + ATTRIBUTE + " .\n"
-          + "?" + ATTRIBUTE + " ao:test ?test .\n"
-          + "?test ao:id ?" + TEST_ID + " .\n"
-          + "?" + ATTRIBUTE + " ao:type ?type .\n"
-          + "?type ao:id ?" + TYPE_ID + " .\n"
-          + "?" + ATTRIBUTE + " ao:value ?" + ATTR_VALUE + " .\n"
-          + "OPTIONAL {?" + ATTR_VALUE + " ao:id ?" + LITERAL_VALUE + " . }\n"
-          + "FILTER (?" + RULE + " = IRI(?rule_filter) )\n"
-          + "} ORDER BY ?rule ?attribute";
-
-    private static final String DELETE_QUERY = 
-              "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
-            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "CONSTRUCT { \n"
-            + "  ?" + RULE + " rdf:type ao:Rule .\n"
-            + "  ?" + RULE + " ao:attribute ?" + ATTRIBUTE + " .\n"
-            + "  ?" + ATTRIBUTE + " rdf:type ?rdfType . \n" 
-            + "  ?" + ATTRIBUTE + " ao:test ?test .\n"
-            + "  ?" + ATTRIBUTE + " ao:type ?type .\n"
-            + "  ?" + ATTRIBUTE + " ao:value ?" + ATTR_VALUE + " .\n"
-            + "  ?" + ATTR_VALUE + " ao:id ?" + LITERAL_VALUE + " . \n"
-            + "}"
-            + "WHERE {\n"
-            + "  ?" + RULE + " rdf:type ao:Rule .\n"
-            + "  ?" + RULE + " ao:attribute ?" + ATTRIBUTE + " .\n"
-            + "  OPTIONAL {\n"
-            + "    FILTER NOT EXISTS {"
-            + "      ?rule2  ao:attribute ?" + ATTRIBUTE + " .\n"
-            + "      FILTER (?" + RULE + " != ?rule2)"
-            + "    }"
-            + "    ?" + ATTRIBUTE + " rdf:type ?rdfType . \n" 
-            + "    ?" + ATTRIBUTE + " ao:test ?test . \n"
-            + "    ?" + ATTRIBUTE + " ao:type ?type . \n"
-            + "    ?" + ATTRIBUTE + " ao:value ?" + ATTR_VALUE + " .\n"
-            + "  }"
-            + "}";
-    
-    private static final String getAttributeUriQuery(boolean hasLiteralValue) {
-            return
-            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
-          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-          + "SELECT ?" + ATTRIBUTE + " \n"
-          + "WHERE {\n"
-          + "?" + ATTRIBUTE + " rdf:type ao:Attribute .\n"
-          + "?" + ATTRIBUTE + " ao:test ?test .\n"
-          + "?test ao:id ?" + TEST_ID + " .\n"
-          + "?" + ATTRIBUTE + " ao:type ?type .\n"
-          + "?type ao:id ?" + TYPE_ID + " .\n"
-          + "?" + ATTRIBUTE + " ao:value ?" + ATTR_VALUE + " .\n"
-          + (hasLiteralValue ? "?" + ATTR_VALUE + " ao:id ?" + LITERAL_VALUE + " . \n" : NO_URI_VALUE)
-          + "}";
-    }
-    
-    private static final String URI_BY_ID_QUERY = NO_URI_VALUE
-          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-          + "SELECT ?" + URI + " \n"
-          + "WHERE {\n"
-          + "?" + URI + " ao:id ?" + ID + " .\n"
-          + "}";
-    
-    private static final Log log = LogFactory.getLog(AccessRuleStore.class);
-    
-    
-    private static AccessRuleStore INSTANCE;
-
-    public static AccessRuleStore getInstance() {
-        return INSTANCE;
-    }
-
-    private Set<AccessRule> allRules = Collections.synchronizedSet(new HashSet<>());
-    private Map<AccessOperation,Set<AccessRule>> ruleSetsByOperation;
-    private Map<AccessObjectType,Set<AccessRule>> ruleSetsByObjectType;
-    private Map<String,Set<AccessRule>> ruleSetsByObjectUri;
-    
-    private Model userAccountsModel;
-    private Model getUserAccountsModel() {
-        return userAccountsModel;
-    }
-
-    private RDFService rdfService;
-    
-    
-    private AccessRuleStore(Model model){
-        if (model != null) {
-            this.userAccountsModel = model;
-        } else {
-            this.userAccountsModel = ModelAccess.getInstance().getOntModelSelector().getUserAccountsModel();
-            //this.rdfService = ModelAccess.getInstance().getRDFService(WhichService.CONFIGURATION);
-        }
-        this.rdfService = new RDFServiceModel(userAccountsModel);
-        initilizeRuleSetsByOperation();
-        initilizeRuleSetsByObjectType();
-        initilizeRuleSetsByObjectUri();
-        loadRules();
-    }
-
-    private void initilizeRuleSetsByObjectUri() {
-        ruleSetsByObjectUri = Collections.synchronizedMap(new HashMap<>());
-        Set<AccessRule> set = Collections.synchronizedSet(new HashSet<>());
-        ruleSetsByObjectUri.put(NO_URI_VALUE, set);
-    }
-    
-    private void initilizeRuleSetsByObjectType() {
-        ruleSetsByObjectType = Collections.synchronizedMap(new HashMap<>());
-        for (AccessObjectType aot : AccessObjectType.values()) {
-            Set<AccessRule> set = Collections.synchronizedSet(new HashSet<>());
-            ruleSetsByObjectType.put(aot, set);
-        }        
-    }
-
-    private void initilizeRuleSetsByOperation() {
-        ruleSetsByOperation = Collections.synchronizedMap(new HashMap<>());
-        for (AccessOperation ao : AccessOperation.values()) {
-            Set<AccessRule> set = Collections.synchronizedSet(new HashSet<>());
-            ruleSetsByOperation.put(ao, set);
-        }
-    }
-
-    public static void initialize(Model model) {
-        INSTANCE = new AccessRuleStore(model);
-    }
-
-    private void loadRules() {
-        loadRulesFromModel(RULES_QUERY);
-    }
-    
-    private void loadRule(String uri) {
-        ParameterizedSparqlString pss = new ParameterizedSparqlString(RULE_QUERY);
-        pss.setLiteral("rule_filter", uri);
-        loadRulesFromModel(pss.toString());
-    }
-
-    private void loadRulesFromModel(String sparqlQuery) {
-        debug("SPARQL Query to get rule from the model:\n %s", sparqlQuery);
-        Query query = QueryFactory.create(sparqlQuery);
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
-        try {
-            ResultSet rs = qexec.execSelect();
-            AccessRule rule = null;
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                if (isInvalidRulesData(qs)) {
-                    return;
-                }
-                if (isRuleContinues(rule, qs)){
-                    populateRule(rule, qs);
-                } else {
-                    if (rule != null) {
-                        addRule(rule);    
-                    }
-                    rule = AccessRuleFactory.createRule(qs);
-                }
-            }
-            if (rule != null) {
-                addRule(rule);    
-            } {
-                debug("Rule wasn't loaded from the user accounts model.");
-            }
-        } catch (Exception e) {
-            log.error(e, e);
-        } finally {
-            qexec.close();
-        }
-    }
-    
-    private String getAttributeUri(String testId, String typeId, String value, boolean valueIsLiteral) throws Exception {
-        String uri = getAttributeUriFromModel(testId, typeId, value, valueIsLiteral);
-        if (StringUtils.isBlank(uri)) {
-            uri = createNewAttribute(testId, typeId, value);
-        } 
-        return uri;
-    }
-
-    private String createNewAttribute(String testId, String typeId, String value) throws Exception {
-        final String attributeUri = generateAttributeUri(testId, typeId);
-        String ttl = NO_URI_VALUE
-                + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
-                + "@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .\n"
-                + "@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .\n"
-                + "<" + attributeUri + "> rdf:type ao:Attribute . \n"
-                + "<" + attributeUri + "> ao:test <" + getUriById(testId) + "> .\n"
-                + "<" + attributeUri + "> ao:type <" + getUriById(typeId) + "> .\n"
-                + NO_URI_VALUE;
-        if (AttributeType.OBJECT_URI.toString().equals(typeId) || 
-            AttributeType.SUBJECT_ROLE_URI.toString().equals(typeId)) {
-            ttl += "<" + attributeUri + "> ao:value <" + value + "> . \n";
-        } else {
-            System.out.println(typeId);
-            ttl += "<" + attributeUri + "> ao:value <" + getUriById(value) + "> . \n";
-        }
-        try {
-            Model attributeData = ModelFactory.createDefaultModel();
-            attributeData.read(IOUtils.toInputStream(ttl, "UTF-8"), null, "TTL");
-            updateUserAccountsModel(attributeData, false);
-        } catch (IOException e) {
-            log.error(e, e);
-        }
-        return attributeUri;
-    }
-    
-    private String getUriById(String id) throws Exception {
-        ParameterizedSparqlString pss = new ParameterizedSparqlString(URI_BY_ID_QUERY);
-        pss.setLiteral(ID, id);    
-        Query query = QueryFactory.create(pss.toString());
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
-        try {
-            ResultSet rs = qexec.execSelect();
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                RDFNode uri = qs.get(URI);
-                if (uri.isResource()) {
-                    return uri.asResource().toString();
-                }
-            }
-        } catch (Exception e) {
-            log.error(e, e);
-        } finally {
-            qexec.close();
-        }
-        throw new Exception(String.format("Uri by id '%s' not found.", id ));
-    }
-
-    private String generateUUID() {
-        return UUID.randomUUID().toString();
-    }
-
-    protected String getAttributeUriFromModel(String testId, String typeId, String value, boolean valueIsLiteral) {
-        ParameterizedSparqlString pss = new ParameterizedSparqlString(getAttributeUriQuery(valueIsLiteral));
-        if (testId != null) {
-            pss.setLiteral(TEST_ID,testId);    
-        }
-        if (typeId != null) {
-            pss.setLiteral(TYPE_ID, typeId);    
-        }
-        if (value != null) {
-            if (valueIsLiteral) {
-                pss.setLiteral(LITERAL_VALUE, value);    
-            } else {
-                pss.setIri(ATTR_VALUE, value);    
-            }
-        }
-        Query query = QueryFactory.create(pss.toString());
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
-        try {
-            ResultSet rs = qexec.execSelect();
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                RDFNode uri = qs.get(ATTRIBUTE);
-                if (uri.isResource()) {
-                    return uri.asResource().toString();
-                }
-            }
-        } catch (Exception e) {
-            log.error(e, e);
-        } finally {
-            qexec.close();
-        }
-        return NO_URI_VALUE;
-    }
-    
-    private void removeRuleFromModel(String ruleUri) {
-        ParameterizedSparqlString pss = new ParameterizedSparqlString(DELETE_QUERY);
-        pss.setIri(RULE, ruleUri);
-        Query query = QueryFactory.create(pss.toString());
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
-        Model ruleData = null;
-        try {
-              ruleData = qexec.execConstruct();
-        } catch (Exception e) {
-            log.error(e, e);
-        } finally {
-            qexec.close();
-        }
-        if (ruleData != null) {
-            updateUserAccountsModel(ruleData, true);
-        }
-    }
-    
-    private void updateUserAccountsModel(Model ruleData, boolean isRemove) {
-        try {
-            ChangeSet changeSet = makeChangeSet();
-            ByteArrayOutputStream baos = new ByteArrayOutputStream();
-            ruleData.write(baos, "TTL");
-            InputStream in = new ByteArrayInputStream(baos.toByteArray());
-            debug(modelToString(ruleData, isRemove));
-            if (isRemove) {
-                changeSet.addRemoval(in, ModelSerializationFormat.N3, ModelNames.USER_ACCOUNTS);  
-            } else {
-                changeSet.addAddition(in, ModelSerializationFormat.N3, ModelNames.USER_ACCOUNTS);    
-            }
-            rdfService.changeSetUpdate(changeSet);
-        } catch (RDFServiceException e) {
-            String message = modelToString(ruleData, isRemove);
-            log.error(message);
-            log.error(e,e);
-        }
-    }
-
-    private String modelToString(Model ruleData, boolean isRemove) {
-        StringWriter sw = new StringWriter();
-        ruleData.write(sw, "TTL");
-        String message = (isRemove ? "Removing from" : "Adding to") + " user accounts model \n" + sw.toString();
-        return message;
-    }
-
-    private void addRule(AccessRule rule) {
-        rule.addToSet(allRules);
-        addRuleToOperationSets(rule);
-        addRuleToObjectTypeSets(rule);
-        addRuleToObjectUriSets(rule);
-        debug("Added rule %s with %s attributes to store sets ", rule.getRuleUri(), rule.attributes.size());
-    }
-
-    private synchronized void addRuleToObjectUriSets(AccessRule rule) {
-        String uri = rule.getObjectUri();
-        Set<AccessRule> set;
-        if (ruleSetsByObjectUri.containsKey(uri)) {
-            set = ruleSetsByObjectUri.get(uri);
-        } else {
-            set = Collections.synchronizedSet(new HashSet<>());
-            ruleSetsByObjectUri.put(uri, set);
-        }
-        rule.addToSet(set);
-    }
-
-    private void addRuleToObjectTypeSets(AccessRule rule) {
-        AccessObjectType aot = rule.getObjectType();
-        Set<AccessRule> set = ruleSetsByObjectType.get(aot);
-        rule.addToSet(set);
-    }
-
-    private void addRuleToOperationSets(AccessRule rule) {
-        AccessOperation operation = rule.getOperation();
-        Set<AccessRule> set = ruleSetsByOperation.get(operation);
-        rule.addToSet(set);
-    }
-
-    private static void populateRule(AccessRule ar, QuerySolution qs) {
-        if (ar == null) {
-            return;
-        }
-        String attributeUri = qs.getResource(ATTRIBUTE).getURI();
-        if (ar.getAttributeUris().contains(attributeUri)) {
-            log.error("Attribute has already been processed. Shouldn't be here.");
-            return;
-        }
-        try {
-            ar.addAttribute(AttributeFactory.createAttribute(qs));
-        } catch (Exception e) {
-            log.error(e, e);
-        }
-    }
-
-    private static boolean isRuleContinues(AccessRule rule, QuerySolution qs) {
-        if (rule == null) {
-            return false;
-        }
-        return rule.getRuleUri().equals(qs.getResource(RULE).getURI());
-    }
-
-    private static boolean isInvalidRulesData(QuerySolution qs) {
-        if (!qs.contains(RULE) || !qs.get(RULE).isResource()) {
-            log.error("Rules data doesn't contain rule resource");
-            return true;
-        }
-        if (!qs.contains(ATTRIBUTE) || !qs.get(ATTRIBUTE).isResource()) {
-            log.error("Rules data doesn't contain attribute resource");
-            return true;
-        }
-        return false;
-    }
-
-    public Set<AccessRule> getFilteredRules(AuthorizationRequest ar) {
-        Set<Set<AccessRule>> ruleSets = new HashSet<>();
-        getFilteredByOperation(ar.getAccessOperation(), ruleSets);
-        AccessObject accessObject = ar.getAccessObject();
-        if (accessObject != null) {
-            getFilteredByObjectType(accessObject.getType(), ruleSets);
-            getFilteredByObjectUri(accessObject.getUri(), ruleSets);
-        }
-        return getIntersection(ruleSets);
-    }
-
-
-    private Set<AccessRule> getGrantedRoleRulesForEntityUri(String entityURI, AccessOperation operation) {
-        Set<Set<AccessRule>> ruleSets = new HashSet<>();
-        Set<AccessRule> filteredByObjectUri = ruleSetsByObjectUri.get(entityURI);
-        if (filteredByObjectUri == null) {
-            filteredByObjectUri = new HashSet<>();
-        }
-        filteredByObjectUri.addAll(ruleSetsByObjectUri.get(NO_URI_VALUE));
-        ruleSets.add(filteredByObjectUri); 
-        
-        Set<AccessRule> filteredByOperation = ruleSetsByOperation.get(operation);
-        if (filteredByOperation == null) {
-            filteredByOperation = new HashSet<>();
-        }
-        filteredByObjectUri.addAll(ruleSetsByOperation.get(AccessOperation.ANY));
-        ruleSets.add(filteredByOperation);
-
-        Set<AccessRule> ruleset = getIntersection(ruleSets);
-        return ruleset;
-    }
-    
-    private void getFilteredByObjectUri(String uri, Set<Set<AccessRule>> ruleSets) {
-        if (uri == null) {
-            return;
-        }
-        Set<AccessRule> filteredByObjectUri = ruleSetsByObjectUri.get(uri);
-        if (filteredByObjectUri != null) {
-            ruleSets.add(filteredByObjectUri);
-        }
-    }
-
-    private void getFilteredByObjectType(AccessObjectType aot, Set<Set<AccessRule>> ruleSets) {
-        if (aot == AccessObjectType.ANY) {
-            return;
-        }
-        Set<AccessRule> filteredByObjectType = ruleSetsByObjectType.get(aot);
-        if (filteredByObjectType != null) {
-            ruleSets.add(filteredByObjectType);
-        }
-    }
-
-    private void getFilteredByOperation(AccessOperation aop, Set<Set<AccessRule>> ruleSets) {
-        if (aop == null) {
-            log.error("Access operation is null in request " + aop);
-            return;
-        }
-        Set<AccessRule> filteredByOperation = ruleSetsByOperation.get(aop);
-        if (filteredByOperation != null) {
-            ruleSets.add(filteredByOperation);
-        }
-    }
-
-    private Set<AccessRule> getIntersection(Set<Set<AccessRule>> ruleSets) {
-        if (ruleSets.isEmpty()) {
-            return Collections.emptySet();
-        }
-        Set<AccessRule> intersection = new HashSet<>(findMinimalSet(ruleSets));
-        if (intersection.isEmpty()) {
-            return intersection;
-        }
-        for (Set<AccessRule> set : ruleSets) {
-            intersection.retainAll(set);
-            if (intersection.isEmpty()) {
-                return intersection;
-            }
-        }
-        return intersection;
-    }
-
-    private Set<AccessRule> findMinimalSet(Set<Set<AccessRule>> ruleSets) {
-        Set<AccessRule> min = ruleSets.iterator().next();
-        for (Set<AccessRule> set : ruleSets) {
-            if (set.size() < min.size()) {
-                min = set;
-            }
-        }
-        return min;
-    }
-
-    public void updateEntityRules(String entityUri, AccessObjectType aot, AccessOperation operation, Set<String> newRoleUris) {
-        debug("Update entity rules uri: %s object type %s operation %s roleUris %s", entityUri, aot, operation, newRoleUris);
-        Set<String> currentRoleUris = new HashSet<>(getGrantedRoleUris(entityUri, operation));
-        //remove already existing roles, now list contains roles to allow access.
-        Set<String> roleUrisToCreate = new HashSet<String>(newRoleUris);
-        roleUrisToCreate.removeAll(currentRoleUris);
-        debug("Going to create rules for objectUri: %s objectType: %s operation %s roles %s", entityUri, aot, operation, roleUrisToCreate);
-        for (String roleUri : roleUrisToCreate) {
-            createEntityRule(entityUri, aot, operation, roleUri);
-        }
-        Set<String> rolesUrisToRemove = new HashSet<String>(currentRoleUris);
-        rolesUrisToRemove.removeAll(newRoleUris);
-        debug("Going to remove rules for objectUri: %s objectType: %s operation %s roles %s", entityUri, aot, operation, rolesUrisToRemove);
-        for (String roleUri : rolesUrisToRemove) {
-            removeEntityRule(entityUri, aot, operation, roleUri);
-        }
-    }
-    
-    protected void removeEntityRule(String entityUri, AccessObjectType aot, AccessOperation operation, String roleUri) {
-        AccessObjectImpl ao = new AccessObjectImpl(entityUri, aot);
-        AuthorizationRequest ar = new SimpleAuthorizationRequest(ao, operation);
-        ar.setRoleUris(Collections.singletonList(roleUri));
-        Set<AccessRule> rules = getFilteredRules(ar);
-        for (AccessRule rule : rules) {
-            //Check number of attributes to avoid removing custom rules
-            if (rule.match(ar) && rule.getAttributesCount() == 4) {
-                rule.removeFromSets();
-                removeRuleFromModel(rule.getRuleUri());
-                debug("Removed rule for objectUri: %s objectType: %s operation %s role %s", entityUri, aot, operation, roleUri);
-            }
-            
-        }
-    }
-
-    protected void createEntityRule(String objectUri, AccessObjectType aot, AccessOperation operation, String roleUri) {
-        //create 4 attribute uris or get uris 
-        String equals = TestType.EQUALS.toString();
-        String ruleUri = generateRuleUri();
-        try {
-            String subjectRoleAtt = getAttributeUri(equals, AttributeType.SUBJECT_ROLE_URI.toString(), roleUri, false);
-            String operationAtt = getAttributeUri(equals, AttributeType.OPERATION.toString(), operation.toString(), true);
-            String objectUriAtt = getAttributeUri(equals,  AttributeType.OBJECT_URI.toString(), objectUri, true);
-            String objectTypeAtt = getAttributeUri(equals, AttributeType.OBJECT_TYPE.toString(), aot.toString(), true);
-            String ttl = generateEntityRuleData(ruleUri, subjectRoleAtt, operationAtt, objectUriAtt, objectTypeAtt);
-            debug("Going to load new rule for objectUri: %s objectType: %s operation %s role. TTL: %s \n %s", objectUri, aot, operation, roleUri, ttl);
-            Model ruleData = ModelFactory.createDefaultModel();
-            ruleData.read(IOUtils.toInputStream(ttl, "UTF-8"), null, "TTL");
-            updateUserAccountsModel(ruleData, false);
-            loadRule(ruleUri);
-        } catch (Exception e) {
-            log.error(e, e);
-        }
-    }
-
-    private String generateRuleUri() {
-        return "https://vivoweb.org/ontology/vitro-application/auth/individual/rule/" + generateUUID();
-    }
-    
-    private String generateAttributeUri(String testId, String typeId) {
-        return "https://vivoweb.org/ontology/vitro-application/auth/individual/attribute/"+ typeId + "/" + testId + "/" + generateUUID();
-    }
-
-    private String generateEntityRuleData(String ruleUri, String subjectRoleAttribute, String operationAttribute,
-            String objectUriAttribute, String objectTypeAttribute) {
-        String ttl = NO_URI_VALUE
-                + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
-                + "@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .\n"
-                + "@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .\n"
-                + "<" + ruleUri + "> rdf:type ao:Rule . \n"
-                + "<" + ruleUri + "> ao:attribute <" + subjectRoleAttribute + "> .\n"
-                + "<" + ruleUri + "> ao:attribute <" + operationAttribute + "> .\n"
-                + "<" + ruleUri + "> ao:attribute <" + objectUriAttribute + "> .\n"
-                + "<" + ruleUri + "> ao:attribute <" + objectTypeAttribute + "> .";
-        return ttl;
-    }
-
-    public List<String> getGrantedRoleUris(String entityUri, AccessOperation operation) {
-        if (StringUtils.isBlank(entityUri)) {
-            return Collections.emptyList();
-        }
-        Set<AccessRule> rulesWithGrantedRoles = getGrantedRoleRulesForEntityUri(entityUri, operation);
-        List<String> grantedUrisFromRules = getGrantedUrisFromRules(rulesWithGrantedRoles);
-        debug("Execute action %s on entity with uri %s found to be allowed to %s", entityUri, operation, grantedUrisFromRules);
-        return grantedUrisFromRules;
-    }
-
-
-    private void debug(String template, Object... objects) {
-        if (true) {
-            log.error(String.format(template, objects ));
-        }
-    }
-
-    private List<String> getGrantedUrisFromRules(Set<AccessRule> ruleset) {
-        List<String> roleUris = Collections.emptyList();
-        for (AccessRule ar : ruleset) {
-            Set<Attribute> atts = ar.getAttributesByType(AttributeType.SUBJECT_ROLE_URI);
-            if (!atts.isEmpty()) {
-                String uri = atts.iterator().next().getValues().iterator().next();
-                if (uri != null) {
-                    if(roleUris.isEmpty()) {
-                        roleUris = new LinkedList<>();
-                    }
-                    roleUris.add(uri);
-                }
-            }
-        }
-        return roleUris;
-    }
-
-    
-    public long getRulesCount() {
-        return allRules.size();
-    }
-    
-    public long getModelSize() {
-        return getUserAccountsModel().size();
-    }
-    
-    private ChangeSet makeChangeSet() {
-        ChangeSet cs = rdfService.manufactureChangeSet();
-        cs.addPreChangeEvent(new BulkUpdateEvent(null, true));
-        cs.addPostChangeEvent(new BulkUpdateEvent(null, false));
-        return cs;
-    }
-
-}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStoreTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStoreTest.java
deleted file mode 100644
index 4daed66b75..0000000000
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleStoreTest.java
+++ /dev/null
@@ -1,104 +0,0 @@
-package edu.cornell.mannlib.vitro.webapp.auth.rules;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.List;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import org.apache.jena.rdf.model.Model;
-import org.apache.jena.rdf.model.ModelFactory;
-import org.apache.jena.shared.Lock;
-import org.junit.Before;
-import org.junit.Test;
-
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
-
-public class AccessRuleStoreTest {
-
-    private static final String RDFS_LABEL_URI = "http://www.w3.org/2000/01/rdf-schema#label";
-    private static final String ROLE_ADMIN_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
-    private static final String ROLE_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
-    private static final String ROLE_CURATOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR";
-
-    public static final String RULES_PATH = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/rules.n3";
-    private Model model;
-    private AccessRuleStore store;
-
-    @Before
-    public void init() {
-        model = ModelFactory.createDefaultModel();
-        try {
-            model.enterCriticalSection(Lock.WRITE);
-            model.read(RULES_PATH);    
-        } finally {
-            model.leaveCriticalSection();
-        }
-        AccessRuleStore.initialize(model);
-        store = AccessRuleStore.getInstance();
-    }
-    
-    public void testInitilization() {
-        assertEquals(3, store.getRulesCount());
-    }
-    
-    public void testGetGrantedRoleUris() {
-        List<String> grantedRoles = store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.DISPLAY);
-        assertEquals(1, grantedRoles.size());
-        assertTrue(grantedRoles.contains(ROLE_ADMIN_URI));
-    }
-    
-    public void testGetGrantedRoleUrisNotExists() {
-        List<String> grantedRoles = store.getGrantedRoleUris(RDFS_LABEL_URI + "_NOT_EXISTS", AccessOperation.DISPLAY);
-        assertEquals(0, grantedRoles.size());
-    }
-    
-    public void testDeleteRule() {
-        long initialSize = store.getModelSize();
-        long initialRulesCount = store.getRulesCount();
-        store.removeEntityRule(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, ROLE_ADMIN_URI);
-        assertTrue(store.getModelSize() < initialSize);
-        assertTrue(store.getRulesCount() < initialRulesCount);
-    }
-    
-    public void testCreateRule() {
-        long initialSize = store.getModelSize();
-        long initialRulesCount = store.getRulesCount();
-        store.createEntityRule(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, ROLE_EDITOR_URI);
-        assertTrue(store.getModelSize() > initialSize);
-        assertTrue(store.getRulesCount() > initialRulesCount);
-    }
-    
-    public void testGrantedRolesModification() {
-        List<String> grantedRoles = store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.PUBLISH);
-        int prevRolesCount = grantedRoles.size();
-        store.createEntityRule(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, ROLE_EDITOR_URI);
-        grantedRoles = store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.PUBLISH);
-        assertTrue(grantedRoles.size() > prevRolesCount);
-        prevRolesCount = grantedRoles.size();
-        store.createEntityRule(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, ROLE_CURATOR_URI);
-        grantedRoles = store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.PUBLISH);
-        assertTrue(grantedRoles.size() > prevRolesCount);
-        prevRolesCount = grantedRoles.size();
-        store.removeEntityRule(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, ROLE_EDITOR_URI);
-        grantedRoles = store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.PUBLISH);
-        assertTrue(grantedRoles.size() < prevRolesCount);
-    }
-    
-    
-    public void getGetAttributeUri() {
-        assertEquals("https://vivoweb.org/ontology/vitro-application/auth/individual/PublishOperationAttribute", store.getAttributeUriFromModel("EQUALS","OPERATION","PUBLISH",true));
-        assertEquals("", store.getAttributeUriFromModel("EQUALS","OPERATION","DO_SOMETHING_NEW", true));
-    }
-    
-    public void testUpdateEntityRules() {
-        HashSet<String> roles = new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_EDITOR_URI ));
-        HashSet<String> newRoles = new HashSet<String>(Arrays.asList(ROLE_CURATOR_URI));
-        store.updateEntityRules(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, roles);
-        HashSet<String> grantedRoles = new HashSet<String>(store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.PUBLISH));
-        assertEquals(roles, grantedRoles);
-        store.updateEntityRules(RDFS_LABEL_URI, AccessObjectType.OBJECT_PROPERTY, AccessOperation.PUBLISH, newRoles);
-        grantedRoles = new HashSet<String>(store.getGrantedRoleUris(RDFS_LABEL_URI, AccessOperation.PUBLISH));
-        assertEquals(newRoles, grantedRoles);
-    }
-}

From b1e033ef3c4454f218360f62b74e06141d806511 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Tue, 6 Jun 2023 15:15:14 +0200
Subject: [PATCH 005/148] proximity checker fixes

---
 .../webapp/auth/attributes/ProximityChecker.java      |  9 ++++++++-
 .../webapp/auth/objects/DataPropertyAccessObject.java |  5 +++++
 .../auth/objects/ObjectPropertyAccessObject.java      |  5 +++++
 .../vitro/webapp/auth/policy/PolicyDecisionPoint.java |  2 +-
 .../main/resources/rdf/auth/everytime/attributes.n3   | 11 +++--------
 .../policy_self_editor_update_data_property.n3        |  1 +
 .../policy_self_editor_update_object_property.n3      |  2 ++
 .../main/resources/rdf/auth/everytime/test_values.n3  |  2 +-
 8 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
index 4e7e20e566..64e3d0697c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
@@ -42,7 +42,9 @@ private static List<String> getRelatedUris(Model model, String personUri, String
         ParameterizedSparqlString pss = new ParameterizedSparqlString();
         pss.setCommandText(queryTemplate);
         pss.setIri("personUri", personUri);
-        Query query = QueryFactory.create(pss.toString());
+        String queryText = pss.toString();
+        debug("queryText: " + queryText);
+        Query query = QueryFactory.create(queryText);
         QueryExecution queryExecution = QueryExecutionFactory.create(query, model);
         try {
             ResultSet resultSet = queryExecution.execSelect();
@@ -57,6 +59,11 @@ private static List<String> getRelatedUris(Model model, String personUri, String
         QueryResultsMapCache.update(queryMap);
         return resourceUris;
     }
+    private static void debug(String queryText) {
+        if(log.isDebugEnabled()) {
+            log.debug(queryText);
+        }
+    }
     private static String createQueryMapKey(String personUri, String queryTemplate) {
         return queryTemplate + "." + personUri;
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
index 680e033750..39920405d0 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
@@ -13,4 +13,9 @@ public DataPropertyAccessObject(DataProperty dataProperty) {
     public AccessObjectType getType() {
         return AccessObjectType.DATA_PROPERTY;
     }
+    
+    @Override
+    public String toString() {
+        return getClass().getSimpleName() + ": " + getObjectProperty() ;
+    }
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
index 68115cf2f3..320c7c34c4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
@@ -13,4 +13,9 @@ public ObjectPropertyAccessObject(ObjectProperty objectProperty) {
     public AccessObjectType getType() {
         return AccessObjectType.OBJECT_PROPERTY;
     }
+
+    @Override
+    public String toString() {
+        return getClass().getSimpleName() + ": " + getObjectProperty() ;
+    }
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
index 366fd7a852..211d71d9eb 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
@@ -31,7 +31,7 @@ public static PolicyDecision decide(AuthorizationRequest ar) {
                     log.debug("policy " + policy.toString() + " returned a null PolicyDecision");
                 }
             }catch(Throwable th){
-                log.error("ignoring exception in policy " + policy.toString(), th );
+                log.error("ignoring exception in policy " + policy.getUri(), th );
             }
         }
 
diff --git a/home/src/main/resources/rdf/auth/everytime/attributes.n3 b/home/src/main/resources/rdf/auth/everytime/attributes.n3
index 2a05a64012..6bc0cfefba 100644
--- a/home/src/main/resources/rdf/auth/everytime/attributes.n3
+++ b/home/src/main/resources/rdf/auth/everytime/attributes.n3
@@ -107,13 +107,8 @@ ai:ClassTypeAttribute rdf:type ao:Attribute ;
          ao:type ai:ObjectType ;
          ao:value ai:Class .
          
-ai:ObjectUriInPersonProfileProximityAttribute rdf:type ao:Attribute ;
+ai:SelfEditorRelatedResourcesAttribute rdf:type ao:Attribute ;
          ao:test ai:SparqlSelectQueryContains ;
-         ao:type ai:ObjectUri ;
-         ao:value ai:Class .
-
-ai:SubjectUriInPersonProfileProximityAttribute rdf:type ao:Attribute ;
-         ao:test ai:SparqlSelectQueryContains ;
-         ao:type ai:SubjectUri ;
-         ao:value ai:Class .
+         ao:type ai:StatementSubjectUri ;
+         ao:value ai:PersonProfileProximityToResourceUri .
          
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_data_property.n3
index 8a4cdf9f9c..9393e31083 100644
--- a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_data_property.n3
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_data_property.n3
@@ -37,6 +37,7 @@ ai:AllowSelfEditorUpdateDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
           ao:attribute ai:UpdateOperationAttribute ;
           ao:attribute ai:DataPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorRelatedResourcesAttribute ;
           ao:attribute ai:SelfEditorUpdateDataPropertyStatementAttribute .
          
 ai:SelfEditorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_object_property.n3
index d06899ec20..05ca02cc40 100644
--- a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_object_property.n3
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_object_property.n3
@@ -37,6 +37,7 @@ ai:AllowSelfEditorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
           ao:attribute ai:UpdateOperationAttribute ;
           ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorRelatedResourcesAttribute ;
           ao:attribute ai:SelfEditorUpdateObjectPropertyStatementAttribute .
          
 ai:SelfEditorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
@@ -51,3 +52,4 @@ ai:SelfEditorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
          
 ai:SelfEditorUpdateObjectPropertyTestData rdf:type ao:TestData ;
        .
+       
diff --git a/home/src/main/resources/rdf/auth/everytime/test_values.n3 b/home/src/main/resources/rdf/auth/everytime/test_values.n3
index 70ef028367..cd9fd6afb0 100644
--- a/home/src/main/resources/rdf/auth/everytime/test_values.n3
+++ b/home/src/main/resources/rdf/auth/everytime/test_values.n3
@@ -9,7 +9,7 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ai:PersonProfileProximityToResourceUri rdf:type ao:TestData ;
-        ao:dataValue """
+        ao:id """
         SELECT ?resourceUri WHERE {
                 {
                   ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .

From 48532d23a97dbfd5d64f78590795fa1c43b06d22 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Tue, 6 Jun 2023 17:04:29 +0200
Subject: [PATCH 006/148] fix for prev commit

---
 .../webapp/auth/requestedAction/AndAuthorizationRequest.java | 2 +-
 .../webapp/auth/requestedAction/AuthorizationRequest.java    | 5 -----
 .../webapp/auth/requestedAction/OrAuthorizationRequest.java  | 2 +-
 3 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java
index 612cc5dde1..a72796ad69 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java
@@ -18,7 +18,7 @@ public class AndAuthorizationRequest extends AuthorizationRequest {
 	}
 
     @Override
-    public WRAP_TYPE getType() {
+    public WRAP_TYPE getWrapType() {
         return WRAP_TYPE.AND;
     }
 	
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
index 7f51a84fa9..d8994fb171 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
@@ -73,9 +73,4 @@ public static AuthorizationRequest or(AuthorizationRequest fist, AuthorizationRe
     public AuthorizationRequest and(AuthorizationRequest second) {
         return new AndAuthorizationRequest(this, second);
     }
-
-    public WRAP_TYPE getType() {
-        return null;
-    };
-    
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java
index cbbb6bd2e9..eb7b9832f3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java
@@ -22,7 +22,7 @@ public List<AuthorizationRequest> getItems(){
     };
 
     @Override
-    public WRAP_TYPE getType() {
+    public WRAP_TYPE getWrapType() {
         return WRAP_TYPE.OR;
     }
     

From 757825c3435fbbc94466f2badd44c2c50878dde1 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Tue, 6 Jun 2023 17:32:50 +0200
Subject: [PATCH 007/148] new rules in amdin update object property policy,
 debug statements

---
 .../DataPropertyStatementAccessObject.java    |  2 +-
 .../ObjectPropertyStatementAccessObject.java  |  2 +-
 .../policy_admin_update_object_property.n3    | 22 +++++++++++++++----
 .../rdf/auth/everytime/test_values.n3         |  7 ++++++
 4 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java
index b41271b4af..6ee288c591 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java
@@ -31,7 +31,7 @@ public DataPropertyStatementAccessObject(OntModel ontModel, DataPropertyStatemen
 
     @Override
     public String toString() {
-        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + getStatementPredicateUri() + ">";
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + getStatementPredicateUri() + "> <"+ getStatementObject() + ">";
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java
index aed71b9533..4863678e50 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java
@@ -27,6 +27,6 @@ public AccessObjectType getType() {
 
     @Override
     public String toString() {
-        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + getStatementPredicateUri() + ">";
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + getStatementPredicateUri() + "> <"+ getStatementObject() + ">";
     }
 }
\ No newline at end of file
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
index c7551112a2..14e9dfbbc5 100644
--- a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
@@ -14,7 +14,9 @@ ai:AdminUpdateObjectPropertyPolicy rdf:type ao:Policy ;
 
 ai:AdminUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowAdminUpdateObjectPropertyStatementRule ;
-          ao:rule ai:AllowAdminUpdateObjectPropertyRule .
+          ao:rule ai:AllowAdminAddObjectPropertyStatementRule ;
+          ao:rule ai:AllowAdminEditObjectPropertyStatementRule ;
+          ao:rule ai:AllowAdminDropObjectPropertyRule .
 
 ai:AdminUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
           ao:testDataset ai:AdminUpdateObjectPropertyDataset .
@@ -33,12 +35,24 @@ ai:AllowAdminUpdateObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:ObjectPropertyTypeAttribute ;
           ao:attribute ai:AdminUpdateObjectPropertyAttribute .
 
-ai:AllowAdminUpdateObjectPropertyStatementRule rdf:type ao:Rule;
+ai:AllowAdminEditObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:EditOperationAttribute ;
           ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
           ao:attribute ai:AdminUpdateObjectPropertyStatementAttribute .
-         
+
+ai:AllowAdminAddObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:AddOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminUpdateObjectPropertyStatementAttribute .
+
+ai:AllowAdminDropObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DropOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminUpdateObjectPropertyStatementAttribute .
+
 ai:AdminUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
diff --git a/home/src/main/resources/rdf/auth/everytime/test_values.n3 b/home/src/main/resources/rdf/auth/everytime/test_values.n3
index cd9fd6afb0..9f5f30b432 100644
--- a/home/src/main/resources/rdf/auth/everytime/test_values.n3
+++ b/home/src/main/resources/rdf/auth/everytime/test_values.n3
@@ -76,3 +76,10 @@ ai:PersonProfileProximityToResourceUri rdf:type ao:TestData ;
         }
         """ .
 
+
+ai:SomeUriTestData rdf:type ao:TestData ;
+        ao:id "?SOME_URI" .
+        
+ai:SomeLiteralTestData rdf:type ao:TestData ;
+        ao:id "?SOME_LITERAL" .
+

From 6b8173703f7795d881c15d9ed69edd0f506e2402 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Wed, 7 Jun 2023 10:50:50 +0200
Subject: [PATCH 008/148] Created faux object/data property/property statement
 access objects

---
 .../auth/attributes/AccessObjectType.java     |  4 ++
 .../auth/attributes/ProximityChecker.java     |  1 +
 .../webapp/auth/objects/AccessObject.java     |  2 +-
 .../objects/DataPropertyAccessObject.java     | 21 ++++++++-
 .../DataPropertyStatementAccessObject.java    |  8 ++++
 .../objects/FauxDataPropertyAccessObject.java | 26 +++++++++++
 ...FauxDataPropertyStatementAccessObject.java | 31 +++++++++++++
 .../FauxObjectPropertyAccessObject.java       | 26 +++++++++++
 ...uxObjectPropertyStatementAccessObject.java | 30 +++++++++++++
 .../objects/ObjectPropertyAccessObject.java   | 20 ++++++++-
 .../webapp/auth/policy/PolicyHelper.java      |  5 ++-
 .../PropertyGroupTemplateModel.java           | 44 ++++++++++++-------
 .../NonModifiableStatementsPolicyTest.java    |  8 ++--
 13 files changed, 201 insertions(+), 25 deletions(-)
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
index 7d45bc5fa3..61851d87cc 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
@@ -11,4 +11,8 @@ public enum AccessObjectType {
     OBJECT_PROPERTY_STATEMENT,
     ENTITY_URI, 
     ROOT_USER, 
+    FAUX_OBJECT_PROPERTY, 
+    FAUX_DATA_PROPERTY, 
+    FAUX_DATA_PROPERTY_STATEMENT, 
+    FAUX_OBJECT_PROPERTY_STATEMENT, 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
index 64e3d0697c..be08e6ea4d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
@@ -55,6 +55,7 @@ private static List<String> getRelatedUris(Model model, String personUri, String
         } finally {
             queryExecution.close();
         }
+        debug("query results: " + resourceUris);
         queryMap.put(queryMapKey, resourceUris);
         QueryResultsMapCache.update(queryMap);
         return resourceUris;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
index 57077a54fa..c65aa779df 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
@@ -70,7 +70,7 @@ public void setStatementPredicate(Property predicate) {
         getStatement().setPredicate(predicate);
     }
     
-    private Property getPredicate() {
+    protected Property getPredicate() {
         initializeStatement();
         return getStatement().getPredicate();
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
index 39920405d0..8f7ec42270 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
@@ -1,12 +1,20 @@
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
+import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
+import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxDataPropertyWrapper;
 
 public class DataPropertyAccessObject extends AccessObject {
 
+    private static final Log log = LogFactory.getLog(DataPropertyAccessObject.class);
+
     public DataPropertyAccessObject(DataProperty dataProperty) {
         setDataProperty(dataProperty);
+        debug(dataProperty);
     }
 
     @Override
@@ -16,6 +24,17 @@ public AccessObjectType getType() {
     
     @Override
     public String toString() {
-        return getClass().getSimpleName() + ": " + getObjectProperty() ;
+        ObjectProperty op = getObjectProperty();
+        return getClass().getSimpleName() + ": " + (op == null ? op : op.getURI());
+    }
+    
+    private void debug(DataProperty dataProperty) {
+        if (true) {
+            if (dataProperty instanceof FauxDataPropertyWrapper) {
+                Throwable t = new Throwable();
+                log.error("FauxDataPropertyWrapper provided in DataPropertyAccessObject constructor");
+                log.error(t, t);
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java
index 6ee288c591..25dc0580bc 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java
@@ -21,6 +21,14 @@ public DataPropertyStatementAccessObject(OntModel ontModel, String subjectUri, S
         setStatementObject(dataValue);
 
     }
+    
+    public DataPropertyStatementAccessObject(OntModel ontModel, String subjectUri, Property predicate, String dataValue) {
+        setStatementOntModel(ontModel);
+        setStatementSubject(subjectUri);
+        setStatementPredicate(predicate);
+        setStatementObject(dataValue);
+
+    }
 
     public DataPropertyStatementAccessObject(OntModel ontModel, DataPropertyStatement dps) {
         setStatementOntModel(ontModel);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
new file mode 100644
index 0000000000..b918683362
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
@@ -0,0 +1,26 @@
+package edu.cornell.mannlib.vitro.webapp.auth.objects;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
+import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxDataPropertyWrapper;
+
+public class FauxDataPropertyAccessObject extends AccessObject {
+
+    public FauxDataPropertyAccessObject(DataProperty dataProperty) {
+        setDataProperty(dataProperty);
+    }
+
+    @Override
+    public AccessObjectType getType() {
+        return AccessObjectType.FAUX_DATA_PROPERTY;
+    }
+    
+    @Override
+    public String toString() {
+        DataProperty dp = getDataProperty();
+        if (dp instanceof FauxDataPropertyWrapper) {
+            return getClass().getSimpleName() + ": " + ((FauxDataPropertyWrapper) dp).getConfigUri();
+        }
+        return getClass().getSimpleName() + ": " + (dp == null ? dp : dp.getURI());
+    }
+}
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java
new file mode 100644
index 0000000000..06f8372157
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java
@@ -0,0 +1,31 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.objects;
+
+import org.apache.jena.ontology.OntModel;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.beans.Property;
+import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxDataPropertyWrapper;
+
+public class FauxDataPropertyStatementAccessObject extends AccessObject {
+
+    public FauxDataPropertyStatementAccessObject(OntModel ontModel, String subjectUri, FauxDataPropertyWrapper predicate, String dataValue) {
+        setStatementOntModel(ontModel);
+        setStatementSubject(subjectUri);
+        setStatementPredicate(predicate);
+        setStatementObject(dataValue);
+
+    }
+
+    @Override
+    public String toString() {
+        Property predicate = getPredicate();
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + ((FauxDataPropertyWrapper) predicate).getConfigUri() + "> <"+ getStatementObject() + ">";
+    }
+
+    @Override
+    public AccessObjectType getType() {
+        return AccessObjectType.FAUX_DATA_PROPERTY_STATEMENT;
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
new file mode 100644
index 0000000000..25a5bb8ec5
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
@@ -0,0 +1,26 @@
+package edu.cornell.mannlib.vitro.webapp.auth.objects;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
+import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxObjectPropertyWrapper;
+
+public class FauxObjectPropertyAccessObject extends AccessObject {
+
+    public FauxObjectPropertyAccessObject(ObjectProperty objectProperty) {
+        setObjectProperty(objectProperty);
+    }
+
+    @Override
+    public AccessObjectType getType() {
+        return AccessObjectType.FAUX_OBJECT_PROPERTY;
+    }
+
+    @Override
+    public String toString() {
+        ObjectProperty op = getObjectProperty();
+        if (op instanceof FauxObjectPropertyWrapper) {
+            return getClass().getSimpleName() + ": " + ((FauxObjectPropertyWrapper) op).getConfigUri();
+        }
+        return getClass().getSimpleName() + ": " + (op == null ? op : op.getURI());
+    }
+}
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
new file mode 100644
index 0000000000..dd15e6af5f
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
@@ -0,0 +1,30 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.objects;
+
+import org.apache.jena.rdf.model.Model;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.beans.Property;
+import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxObjectPropertyWrapper;
+
+public class FauxObjectPropertyStatementAccessObject extends AccessObject {
+
+	public FauxObjectPropertyStatementAccessObject(Model ontModel, String subjectUri, FauxObjectPropertyWrapper predicate, String objectUri) {
+	    setStatementOntModel(ontModel);
+        setStatementSubject(subjectUri);
+        setStatementPredicate(predicate);
+        setStatementObject(objectUri);
+	}
+
+    @Override
+    public AccessObjectType getType() {
+        return AccessObjectType.FAUX_OBJECT_PROPERTY_STATEMENT;
+    }
+
+    @Override
+    public String toString() {
+        Property predicate = getPredicate();
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + ((FauxObjectPropertyWrapper) predicate).getConfigUri() + "> <"+ getStatementObject() + ">";
+    }
+}
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
index 320c7c34c4..f97cb4e9f3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
@@ -1,12 +1,19 @@
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
+import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxObjectPropertyWrapper;
 
 public class ObjectPropertyAccessObject extends AccessObject {
 
+    private static final Log log = LogFactory.getLog(ObjectPropertyAccessObject.class);
+
     public ObjectPropertyAccessObject(ObjectProperty objectProperty) {
         setObjectProperty(objectProperty);
+        debug(objectProperty);
     }
 
     @Override
@@ -16,6 +23,17 @@ public AccessObjectType getType() {
 
     @Override
     public String toString() {
-        return getClass().getSimpleName() + ": " + getObjectProperty() ;
+        ObjectProperty op = getObjectProperty();
+        return getClass().getSimpleName() + ": " + (op == null ? op : op.getURI());
+    }
+    
+    private void debug(ObjectProperty property) {
+        if (true) {
+            if (property instanceof FauxObjectPropertyWrapper) {
+                Throwable t = new Throwable();
+                log.error("FauxObjectPropertyWrapper provided in ObjectPropertyAccessObject constructor");
+                log.error(t, t);
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
index e2faee6dbc..d05fbee72d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
@@ -10,6 +10,7 @@
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -39,6 +40,7 @@
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
+import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxObjectPropertyWrapper;
 
 /**
  * A collection of static methods to help determine whether requested actions
@@ -122,7 +124,8 @@ private static boolean actionRequestIsAuthorized(IdentifierBundle ids, AccessObj
 
 	private static void debug(AuthorizationRequest ar, PolicyDecision decision) {
 	    if (true) {//log.isDebugEnabled()
-	        log.error(String.format("Request for %s on object %s resulted in decision %s", ar.getAccessOperation(), ar.getAccessObject(), decision.getDecisionResult()));
+	        AccessObject ao = ar.getAccessObject();
+            log.error(String.format("Request for %s on object %s resulted in decision %s", ar.getAccessOperation(), ao, decision.getDecisionResult()));
 	    }
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java
index b88e900592..462c68b0bf 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java
@@ -15,11 +15,14 @@
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.FauxDataPropertyAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.FauxDataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.FauxObjectPropertyAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.FauxObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
-import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
@@ -74,19 +77,23 @@ public class PropertyGroupTemplateModel extends BaseTemplateModel {
 	 * See if the property is permitted in its own right. If not, the property
 	 * statement might still be permitted to a self-editor.
 	 */
-	private boolean allowedToDisplay(VitroRequest vreq, ObjectProperty op,
-			Individual subject) {
-		AccessObject dop = new ObjectPropertyAccessObject(op);
-		if (PolicyHelper.isAuthorizedForActions(vreq, dop, AccessOperation.DISPLAY)) {
+	private boolean allowedToDisplay(VitroRequest vreq, ObjectProperty op, Individual subject) {
+	    AccessObject ao;
+	    if (op instanceof FauxObjectPropertyWrapper) {
+	        ao = new FauxObjectPropertyAccessObject(op);
+	    } else {
+	        ao = new ObjectPropertyAccessObject(op);    
+	    }
+		if (PolicyHelper.isAuthorizedForActions(vreq, ao, AccessOperation.DISPLAY)) {
 			return true;
 		}
-		AccessObject dops;
+        //TODO: Model should be here to correctly check authorization
 		if (op instanceof FauxObjectPropertyWrapper) {
-			dops = new ObjectPropertyStatementAccessObject(null, ((FauxObjectPropertyWrapper) op).getConfigUri(), op, SOME_URI);
+			ao = new FauxObjectPropertyStatementAccessObject(null, subject.getURI(), (FauxObjectPropertyWrapper) op, SOME_URI);
 		} else {
-			dops = new ObjectPropertyStatementAccessObject(null, subject.getURI(), op, SOME_URI);
+			ao = new ObjectPropertyStatementAccessObject(null, subject.getURI(), op, SOME_URI);
 		}
-		return PolicyHelper.isAuthorizedForActions(vreq, dops, AccessOperation.DISPLAY);
+		return PolicyHelper.isAuthorizedForActions(vreq, ao, AccessOperation.DISPLAY);
     }
 
 	/**
@@ -94,19 +101,22 @@ private boolean allowedToDisplay(VitroRequest vreq, ObjectProperty op,
 	 * statement might still be permitted to a self-editor.
 	 */
 	private boolean allowedToDisplay(VitroRequest vreq, DataProperty dp, Individual subject) {
-		AccessObject dop = new DataPropertyAccessObject(dp);
-		if (PolicyHelper.isAuthorizedForActions(vreq, dop, AccessOperation.DISPLAY)) {
+        AccessObject ao;
+        if (dp instanceof FauxDataPropertyWrapper) {
+            ao = new FauxDataPropertyAccessObject(dp);
+        } else {
+            ao = new DataPropertyAccessObject(dp);    
+        }
+		if (PolicyHelper.isAuthorizedForActions(vreq, ao, AccessOperation.DISPLAY)) {
 			return true;
 		}
-		DataPropertyStatementImpl dps;
+        //TODO: Model should be here to correctly check authorization
 		if (dp instanceof FauxDataPropertyWrapper) {
-			dps = new DataPropertyStatementImpl(subject.getURI(), ((FauxDataPropertyWrapper) dp).getConfigUri(), SOME_LITERAL);
+			ao = new FauxDataPropertyStatementAccessObject(null, subject.getURI(), (FauxDataPropertyWrapper) dp, SOME_LITERAL);
 		} else {
-			dps = new DataPropertyStatementImpl(subject.getURI(), dp.getURI(), SOME_LITERAL);
+			ao = new DataPropertyStatementAccessObject(null, subject.getURI(), dp, SOME_LITERAL);
 		}
-        //TODO: Model should be here to correctly check authorization
-		AccessObject dops = new DataPropertyStatementAccessObject(null, dps);
-        return PolicyHelper.isAuthorizedForActions(vreq, dops, AccessOperation.DISPLAY);	
+        return PolicyHelper.isAuthorizedForActions(vreq, ao, AccessOperation.DISPLAY);	
     }
 
 	protected boolean isEmpty() {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
index f2391ca6f2..4cbf3916e6 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
@@ -56,17 +56,17 @@ public void testNonModifiableStatementsPolicy() {
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
         
         //Data property statement
-        ao = new DataPropertyStatementAccessObject(null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid", null, null);
+        ao = new DataPropertyStatementAccessObject(null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid", AccessObject.SOME_URI, AccessObject.SOME_LITERAL);
         ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
         assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
-        ao = new DataPropertyStatementAccessObject(null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime", null, null);
+        ao = new DataPropertyStatementAccessObject(null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime", AccessObject.SOME_URI, AccessObject.SOME_LITERAL);
         ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
         
-        ao = new DataPropertyStatementAccessObject(null, null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid", null);
+        ao = new DataPropertyStatementAccessObject(null, AccessObject.SOME_URI, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid", AccessObject.SOME_LITERAL);
         ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
         assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
-        ao = new DataPropertyStatementAccessObject(null, null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime", null);
+        ao = new DataPropertyStatementAccessObject(null, AccessObject.SOME_URI, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime", AccessObject.SOME_LITERAL);
         ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
     }

From fba625bc59a448d5231d3c115a81b676a3bd6126 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Wed, 7 Jun 2023 12:25:37 +0200
Subject: [PATCH 009/148] refactoring and cleanup

---
 .../auth/attributes/AbstractAttribute.java    |   1 -
 .../attributes/DataPropertyUriAttribute.java  |   4 +-
 .../ObjectPropertyUriAttribute.java           |   4 +-
 .../auth/attributes/ObjectTypeAttribute.java  |   4 +-
 .../auth/attributes/OperationAttribute.java   |   4 +-
 .../StatementObjectUriAttribute.java          |   4 +-
 .../StatementPredicateUriAttribute.java       |   4 +-
 .../StatementSubjectUriAttribute.java         |   4 +-
 .../auth/attributes/SubjectTypeAttribute.java |   4 +-
 .../vitro/webapp/auth/rules/AccessRule.java   | 145 ++----------------
 .../webapp/auth/rules/AccessRuleFactory.java  |   2 +-
 .../webapp/auth/rules/AccessRuleImpl.java     | 108 +++++++++++++
 .../webapp/auth/rules/SimpleAccessRule.java   |  10 --
 13 files changed, 138 insertions(+), 160 deletions(-)
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/SimpleAccessRule.java

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
index 2a4c2be105..1457632117 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
@@ -13,7 +13,6 @@ public abstract class AbstractAttribute implements Attribute {
     private TestType testType = TestType.EQUALS;
 
     public AbstractAttribute(String uri, String value) {
-        super();
         this.uri = uri;
         values.add(value);
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/DataPropertyUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/DataPropertyUriAttribute.java
index 8e56ec8dbe..50ae122312 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/DataPropertyUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/DataPropertyUriAttribute.java
@@ -11,8 +11,8 @@ public class DataPropertyUriAttribute extends AbstractAttribute {
 
     private static final Log log = LogFactory.getLog(DataPropertyUriAttribute.class);
 
-    public DataPropertyUriAttribute(String uri, String objectUri) {
-        super(uri, objectUri);
+    public DataPropertyUriAttribute(String uri, String value) {
+        super(uri, value);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectPropertyUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectPropertyUriAttribute.java
index 14a746667c..7ce8ed249e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectPropertyUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectPropertyUriAttribute.java
@@ -11,8 +11,8 @@ public class ObjectPropertyUriAttribute extends AbstractAttribute {
 
     private static final Log log = LogFactory.getLog(ObjectPropertyUriAttribute.class);
 
-    public ObjectPropertyUriAttribute(String uri, String objectUri) {
-        super(uri, objectUri);
+    public ObjectPropertyUriAttribute(String uri, String value) {
+        super(uri, value);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java
index 7015f48b37..8370e80863 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java
@@ -10,8 +10,8 @@ public class ObjectTypeAttribute extends AbstractAttribute {
 
     private static final Log log = LogFactory.getLog(ObjectTypeAttribute.class);
 
-    public ObjectTypeAttribute(String uri, String roleValue) {
-        super(uri, roleValue);
+    public ObjectTypeAttribute(String uri, String value) {
+        super(uri, value);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
index 8a459b5e5e..6396ae2ca9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
@@ -9,8 +9,8 @@ public class OperationAttribute extends AbstractAttribute {
 
     private static final Log log = LogFactory.getLog(OperationAttribute.class);
 
-    public OperationAttribute(String uri, String roleValue) {
-        super(uri, roleValue);
+    public OperationAttribute(String uri, String operation) {
+        super(uri, operation);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
index aa8fbf6177..a85f96fb67 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
@@ -10,8 +10,8 @@ public class StatementObjectUriAttribute extends AbstractAttribute {
 
     private static final Log log = LogFactory.getLog(StatementObjectUriAttribute.class);
 
-    public StatementObjectUriAttribute(String uri, String objectUri) {
-        super(uri, objectUri);
+    public StatementObjectUriAttribute(String uri, String value) {
+        super(uri, value);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
index da8eaf55bb..4b5807d6ff 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
@@ -10,8 +10,8 @@ public class StatementPredicateUriAttribute extends AbstractAttribute {
 
     private static final Log log = LogFactory.getLog(StatementPredicateUriAttribute.class);
 
-    public StatementPredicateUriAttribute(String uri, String objectUri) {
-        super(uri, objectUri);
+    public StatementPredicateUriAttribute(String uri, String value) {
+        super(uri, value);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
index 696681e9f3..90bbc87cf7 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
@@ -10,8 +10,8 @@ public class StatementSubjectUriAttribute extends AbstractAttribute {
 
     private static final Log log = LogFactory.getLog(StatementSubjectUriAttribute.class);
 
-    public StatementSubjectUriAttribute(String uri, String objectUri) {
-        super(uri, objectUri);
+    public StatementSubjectUriAttribute(String uri, String value) {
+        super(uri, value);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
index 26edd027dd..e2ff0514a1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
@@ -11,8 +11,8 @@ public class SubjectTypeAttribute extends AbstractAttribute {
 
     private static final Log log = LogFactory.getLog(SubjectTypeAttribute.class);
 
-    public SubjectTypeAttribute(String uri, String subjectTypeValue) {
-        super(uri, subjectTypeValue);
+    public SubjectTypeAttribute(String uri, String value) {
+        super(uri, value);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
index caa191cf8f..3d323da109 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
@@ -2,155 +2,36 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.rules;
 
-import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
-import java.util.stream.Collectors;
-
-import org.apache.commons.lang3.builder.EqualsBuilder;
-import org.apache.commons.lang3.builder.HashCodeBuilder;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
-public abstract class AccessRule {
-    private static final Log log = LogFactory.getLog(AccessRule.class);
-    private AccessOperation operation = AccessOperation.ANY;
-    private AccessObjectType objectType = AccessObjectType.ANY;
-    private Set<Set<AccessRule>> ruleSets = new HashSet<>();
-    protected Map<String,Attribute> attributes = new HashMap<>();
-    private boolean allowMatched = true;
-    private String objectUri = "";
-    private String ruleUri;
+public interface AccessRule {
 
-    public boolean isAllowMatched() {
-        return allowMatched;
-    }
+    public boolean isAllowMatched();
 
-    public void setAllowMatched(boolean allowMatched) {
-        this.allowMatched = allowMatched;
-    }
+    public void setAllowMatched(boolean allowMatched);
 
-    public String getRuleUri() {
-        return ruleUri;
-    }
+    public String getRuleUri();
 
-    public void setRuleUri(String ruleUri) {
-        this.ruleUri = ruleUri;
-    }
-    
-    public void addToSet(Set<AccessRule> set) {
-        ruleSets.add(set);
-        set.add(this);
-    }
-    
-    public void removeFromSets() {
-        for (Set<AccessRule> set : ruleSets) {
-            set.remove(this);
-        }
-        ruleSets.clear();
-    }
+    public void setRuleUri(String ruleUri);
     
-	public Map<String, Attribute> getAttributes() {
-        return attributes;
-    }
+	public Map<String, Attribute> getAttributes();
 	
-	public boolean match(AuthorizationRequest ar) {
-	   for (Attribute a : attributes.values()) {
-	       if (!a.match(ar)) {
-	           return false;
-	       }
-	   }
-	   return true;
-	}
-
-    public String getObjectUri() {
-        return objectUri;
-    };
-
-    public void setObjectUri(String uri) {
-        this.objectUri = uri;
-    };
+	public boolean match(AuthorizationRequest ar);
 	
-	public void addAttribute(Attribute attr) {
-	    if (attributes.containsKey(attr.getUri())) {
-	        log.error(String.format("attribute %s already exists in the rule",attr.getUri()));
-	    }
-	    attributes.put(attr.getUri(), attr);
-	    if (attr.getAttributeType().equals(AttributeType.OPERATION)) {
-	        operation = AccessOperation.valueOf(attr.getValues().iterator().next());
-	    }
-        if (attr.getAttributeType().equals(AttributeType.OBJECT_TYPE)) {
-            objectType = AccessObjectType.valueOf(attr.getValues().iterator().next());
-        }
-        if (attr.getAttributeType().equals(AttributeType.OBJECT_URI)) {
-            objectUri = attr.getValues().iterator().next();
-        }
-	}
-
-    public AccessOperation getOperation() {
-        return operation;
-    }
-
-    public void setObjectType(AccessObjectType objectType) {
-        this.objectType = objectType;
-    }
-    
-    public AccessObjectType getObjectType() {
-        return objectType;
-    }
-    
-    @Override
-    public boolean equals(Object object) {
-        if (!(object instanceof AccessRule)) {
-            return false;
-        }
-        if (object == this) {
-            return true;
-        }
-        AccessRule compared = (AccessRule) object;
-
-        return new EqualsBuilder()
-                .append(getRuleUri(), compared.getRuleUri())
-                .append(getObjectUri(), compared.getObjectUri())
-                .append(getAttributes(), compared.getAttributes())
-                .append(getOperation(), compared.getOperation())
-                .isEquals();
-    }
-    
-    @Override
-    public int hashCode() {
-        return new HashCodeBuilder(15, 101)
-                .append(getAttributes())
-                .append(getObjectUri())
-                .append(getRuleUri())
-                .append(getOperation())
-                .toHashCode();
-    }
+	public void addAttribute(Attribute attr);
 
-    public Set<String> getAttributeUris() {
-        return attributes.keySet();
-    }
+    public Set<String> getAttributeUris();
     
-    public boolean containsAttributeUri(String uri) {
-        return attributes.containsKey(uri);
-    }
+    public boolean containsAttributeUri(String uri);
 
-    protected Set<Attribute> getAttributesByType(AttributeType type){
-        return getAttributes().values().stream().filter(a -> a.getAttributeType().equals(type)).collect(Collectors.toSet());
-    }
+    public Set<Attribute> getAttributesByType(AttributeType type);
     
-    public long getAttributesCount() {
-        return attributes.size();
-    }
+    public long getAttributesCount();
     
-    public Attribute getAttribute(String uri) {
-        return attributes.get(uri);
-    }
+    public Attribute getAttribute(String uri);
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
index aeacd2afd9..876997ad4c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
@@ -12,7 +12,7 @@ public class AccessRuleFactory {
     private static final Log log = LogFactory.getLog(AccessRuleFactory.class);
 
     public static AccessRule createRule(QuerySolution qs) {
-        AccessRule ar = new SimpleAccessRule();
+        AccessRule ar = new AccessRuleImpl();
         String ruleUri = qs.getResource(PolicyLoader.RULE).getURI();
         if (qs.contains("dataSetUri")) {
             ruleUri += "." + qs.getResource("dataSetUri").getURI();    
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
new file mode 100644
index 0000000000..ad5bd98dee
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
@@ -0,0 +1,108 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.rules;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.commons.lang3.builder.EqualsBuilder;
+import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeType;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+/**
+ * A class of simple access rules.
+ */
+public class AccessRuleImpl implements AccessRule {
+    private static final Log log = LogFactory.getLog(AccessRuleImpl.class);
+    protected Map<String,Attribute> attributes = new HashMap<>();
+    private boolean allowMatched = true;
+    private String ruleUri;
+
+    public boolean isAllowMatched() {
+        return allowMatched;
+    }
+
+    public void setAllowMatched(boolean allowMatched) {
+        this.allowMatched = allowMatched;
+    }
+
+    public String getRuleUri() {
+        return ruleUri;
+    }
+
+    public void setRuleUri(String ruleUri) {
+        this.ruleUri = ruleUri;
+    }
+    
+    public Map<String, Attribute> getAttributes() {
+        return attributes;
+    }
+    
+    public boolean match(AuthorizationRequest ar) {
+       for (Attribute a : attributes.values()) {
+           if (!a.match(ar)) {
+               return false;
+           }
+       }
+       return true;
+    }
+
+    public void addAttribute(Attribute attr) {
+        if (attributes.containsKey(attr.getUri())) {
+            log.error(String.format("attribute %s already exists in the rule",attr.getUri()));
+        }
+        attributes.put(attr.getUri(), attr);
+    }
+
+    @Override
+    public boolean equals(Object object) {
+        if (!(object instanceof AccessRule)) {
+            return false;
+        }
+        if (object == this) {
+            return true;
+        }
+        AccessRule compared = (AccessRule) object;
+
+        return new EqualsBuilder()
+                .append(getRuleUri(), compared.getRuleUri())
+                .append(getAttributes(), compared.getAttributes())
+                .isEquals();
+    }
+    
+    @Override
+    public int hashCode() {
+        return new HashCodeBuilder(15, 101)
+                .append(getAttributes())
+                .append(getRuleUri())
+                .toHashCode();
+    }
+
+    public Set<String> getAttributeUris() {
+        return attributes.keySet();
+    }
+    
+    public boolean containsAttributeUri(String uri) {
+        return attributes.containsKey(uri);
+    }
+
+    public Set<Attribute> getAttributesByType(AttributeType type){
+        return getAttributes().values().stream().filter(a -> a.getAttributeType().equals(type)).collect(Collectors.toSet());
+    }
+    
+    public long getAttributesCount() {
+        return attributes.size();
+    }
+    
+    public Attribute getAttribute(String uri) {
+        return attributes.get(uri);
+    }
+    
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/SimpleAccessRule.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/SimpleAccessRule.java
deleted file mode 100644
index c0ad23f594..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/SimpleAccessRule.java
+++ /dev/null
@@ -1,10 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.rules;
-
-/**
- * A class of simple access rules.
- */
-public class SimpleAccessRule extends AccessRule {
-    
-}

From 63be92896dd067abb96d56b3156eb24ffaf95c0d Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Wed, 7 Jun 2023 12:55:49 +0200
Subject: [PATCH 010/148] implemented getUri methods in access objects

---
 .../webapp/auth/objects/AccessObject.java     |  2 +-
 .../objects/DataPropertyAccessObject.java     |  9 ++++++++
 .../objects/FauxDataPropertyAccessObject.java | 11 +++++++++
 ...FauxDataPropertyStatementAccessObject.java | 23 ++++++++++++++-----
 .../FauxObjectPropertyAccessObject.java       | 11 +++++++++
 ...uxObjectPropertyStatementAccessObject.java | 12 ++++++++++
 .../objects/ObjectPropertyAccessObject.java   |  8 +++++++
 7 files changed, 69 insertions(+), 7 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
index c65aa779df..ca97871241 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
@@ -15,7 +15,7 @@ public abstract class AccessObject {
     public static Property SOME_PREDICATE = new Property(SOME_URI);
     public static String SOME_LITERAL = "?SOME_LITERAL";
     
-    private AccessObjectStatement statement;
+    protected AccessObjectStatement statement;
     private DataProperty dataProperty;
     private ObjectProperty objectProperty;
     
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
index 8f7ec42270..e5d8471d3c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
@@ -16,6 +16,15 @@ public DataPropertyAccessObject(DataProperty dataProperty) {
         setDataProperty(dataProperty);
         debug(dataProperty);
     }
+    
+    @Override
+    public String getUri() {
+        DataProperty dp = getDataProperty();
+        if (dp != null) {
+            return dp.getURI();
+        }
+        return null;
+    }
 
     @Override
     public AccessObjectType getType() {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
index b918683362..e44a2327cb 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
@@ -15,6 +15,17 @@ public AccessObjectType getType() {
         return AccessObjectType.FAUX_DATA_PROPERTY;
     }
     
+    public String getUri() {
+        DataProperty dp = getDataProperty();
+        if (dp instanceof FauxDataPropertyWrapper) {
+            return ((FauxDataPropertyWrapper) dp).getConfigUri();
+        }
+        if (dp != null) {
+            return dp.getURI();
+        }
+        return null;
+    }
+    
     @Override
     public String toString() {
         DataProperty dp = getDataProperty();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java
index 06f8372157..7a5d644c2d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java
@@ -15,17 +15,28 @@ public FauxDataPropertyStatementAccessObject(OntModel ontModel, String subjectUr
         setStatementSubject(subjectUri);
         setStatementPredicate(predicate);
         setStatementObject(dataValue);
-
     }
 
     @Override
-    public String toString() {
+    public AccessObjectType getType() {
+        return AccessObjectType.FAUX_DATA_PROPERTY_STATEMENT;
+    }
+    
+    @Override
+    public String getStatementPredicateUri() {
+        if (statement == null || statement.getPredicate() == null) {
+            return null;
+        }
         Property predicate = getPredicate();
-        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + ((FauxDataPropertyWrapper) predicate).getConfigUri() + "> <"+ getStatementObject() + ">";
+        if (predicate instanceof FauxDataPropertyWrapper) {
+            return ((FauxDataPropertyWrapper) predicate).getConfigUri();
+        }
+        return predicate.getURI();
     }
-
+    
     @Override
-    public AccessObjectType getType() {
-        return AccessObjectType.FAUX_DATA_PROPERTY_STATEMENT;
+    public String toString() {
+        Property predicate = getPredicate();
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + ((FauxDataPropertyWrapper) predicate).getConfigUri() + "> <"+ getStatementObject() + ">";
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
index 25a5bb8ec5..fa3e468230 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
@@ -15,6 +15,17 @@ public AccessObjectType getType() {
         return AccessObjectType.FAUX_OBJECT_PROPERTY;
     }
 
+    public String getUri() {
+        ObjectProperty op = getObjectProperty();
+        if (op instanceof FauxObjectPropertyWrapper) {
+            return ((FauxObjectPropertyWrapper) op).getConfigUri();
+        }
+        if (op != null) {
+            return op.getURI();
+        }
+        return null;
+    }
+    
     @Override
     public String toString() {
         ObjectProperty op = getObjectProperty();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
index dd15e6af5f..4fbabee3ac 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
@@ -21,6 +21,18 @@ public FauxObjectPropertyStatementAccessObject(Model ontModel, String subjectUri
     public AccessObjectType getType() {
         return AccessObjectType.FAUX_OBJECT_PROPERTY_STATEMENT;
     }
+    
+    @Override
+    public String getStatementPredicateUri() {
+        if (statement == null || statement.getPredicate() == null) {
+            return null;
+        }
+        Property predicate = getPredicate();
+        if (predicate instanceof FauxObjectPropertyWrapper) {
+            return ((FauxObjectPropertyWrapper) predicate).getConfigUri();
+        }
+        return predicate.getURI();
+    }
 
     @Override
     public String toString() {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
index f97cb4e9f3..544911a9a0 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
@@ -15,6 +15,14 @@ public ObjectPropertyAccessObject(ObjectProperty objectProperty) {
         setObjectProperty(objectProperty);
         debug(objectProperty);
     }
+    
+    public String getUri() {
+        ObjectProperty op = getObjectProperty();
+        if (op != null) {
+            return op.getURI();
+        }
+        return null;
+    }
 
     @Override
     public AccessObjectType getType() {

From 84f599cf4e432f0f9dbc97406ea295a14a23f8e6 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Wed, 7 Jun 2023 15:01:44 +0200
Subject: [PATCH 011/148] created editable pages policy

---
 .../webapp/auth/policy/DynamicPolicy.java     | 11 ++--
 .../webapp/migration/auth/AuthMigrator.java   | 30 ++++++-----
 .../BaseIndividualTemplateModel.java          | 10 ++--
 .../auth/policy/EditablePagesPolicyTest.java  | 19 +++++++
 .../rdf/auth/everytime/attributes.n3          |  7 +++
 .../rdf/auth/everytime/object_types.n3        | 15 ++++--
 ...licy_admin_display_faux_object_property.n3 | 53 +++++++++++++++++++
 .../auth/everytime/policy_editable_pages.n3   | 31 +++++++++++
 .../rdf/auth/everytime/test_values.n3         |  1 +
 9 files changed, 148 insertions(+), 29 deletions(-)
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editable_pages.n3

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
index 7658f07e17..0dce08b502 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
@@ -45,7 +45,6 @@ public DynamicPolicy(String uri, long priority) {
 
     @Override
     public PolicyDecision decide(AuthorizationRequest ar) {
-        //IdentifierBundle ac_subject = ar.getIds();
         AccessObject whatToAuth = ar.getAccessObject();
         //if (ac_subject == null) {
         //    return defaultDecision("whomToAuth was null");
@@ -56,14 +55,14 @@ public PolicyDecision decide(AuthorizationRequest ar) {
         for (AccessRule rule : getFilteredRules(ar)) {
             if (rule.match(ar)) {
                 if(rule.isAllowMatched()) {
-                    log.debug("Access rule " + rule + " approves request " + whatToAuth);
-                    return new BasicPolicyDecision(DecisionResult.AUTHORIZED, "Dynamic policy '" + uri + "' rule '" + rule + "' approved " + ar);
+                    log.debug("Access rule " + rule.getRuleUri() + " approves request " + whatToAuth);
+                    return new BasicPolicyDecision(DecisionResult.AUTHORIZED, "Dynamic policy '" + uri + "' rule '" + rule.getRuleUri() + "' approved " + ar);
                 } else {
-                    log.debug("Access rule " + rule + " rejects request " + whatToAuth);
-                    return new BasicPolicyDecision(DecisionResult.UNAUTHORIZED, "Dynamic policy '" + uri + "' rule '" + rule + "' rejected " + ar);
+                    log.debug("Access rule " + rule.getRuleUri() + " rejects request " + whatToAuth);
+                    return new BasicPolicyDecision(DecisionResult.UNAUTHORIZED, "Dynamic policy '" + uri + "' rule '" + rule.getRuleUri() + "' rejected " + ar);
                 }
             } else {
-                log.trace("Dynamic policy '" + uri + "' rule '" + rule + "' doesn't match the request " + ar);
+                log.trace("Dynamic policy '" + uri + "' rule '" + rule.getRuleUri() + "' doesn't match the request " + ar);
             }
         }
         
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index c18a7f820f..b8340acdc1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -23,18 +23,22 @@
 import java.util.HashMap;
 import java.util.Map;
 
-public class AuthMigrator implements ServletContextListener {
+import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.vitroURI;
+
+public class AuthMigrator implements ServletContextListener { 
+    private static final String PREFIX = "http://vitro.mannlib.cornell.edu/ns/vitro/role#";
+
     private static final Log log = LogFactory.getLog(AuthMigrator.class);
 
     /**
      * Old ROLE defintions that were used by the hidden / prohibited assertions
      */
-    private static final String ROLE_PUBLIC = "http://vitro.mannlib.cornell.edu/ns/vitro/role#public";
-    private static final String ROLE_SELF = "http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor";
-    private static final String ROLE_EDITOR = "http://vitro.mannlib.cornell.edu/ns/vitro/role#editor";
-    private static final String ROLE_CURATOR = "http://vitro.mannlib.cornell.edu/ns/vitro/role#curator";
-    private static final String ROLE_DB_ADMIN = "http://vitro.mannlib.cornell.edu/ns/vitro/role#dbAdmin";
-    private static final String ROLE_NOBODY = "http://vitro.mannlib.cornell.edu/ns/vitro/role#nobody";
+    private static final String ROLE_PUBLIC = PREFIX + "public";
+    private static final String ROLE_SELF = PREFIX + "selfEditor";
+    private static final String ROLE_EDITOR = PREFIX + "editor";
+    private static final String ROLE_CURATOR = PREFIX + "curator";
+    private static final String ROLE_DB_ADMIN = PREFIX + "dbAdmin";
+    private static final String ROLE_NOBODY = PREFIX + "nobody";
 
     @Override
     public void contextInitialized(ServletContextEvent sce) {
@@ -80,9 +84,9 @@ public void contextInitialized(ServletContextEvent sce) {
             publishRoleToPropertySetMap.put(ROLE_DB_ADMIN, AuthMigrator.getClassUri(AccessOperation.PUBLISH) + "#ADMIN");
 
             // Create a map between the permission and the appropriate sets
-            actionToRoleAndPropertySetMap.put("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#hiddenFromDisplayBelowRoleLevelAnnot",    displayRoleToPropertySetMap);
-            actionToRoleAndPropertySetMap.put("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#prohibitedFromUpdateBelowRoleLevelAnnot", updateRoleToPropertySetMap);
-            actionToRoleAndPropertySetMap.put("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#hiddenFromPublishBelowRoleLevelAnnot",    publishRoleToPropertySetMap);
+            actionToRoleAndPropertySetMap.put(vitroURI + "hiddenFromDisplayBelowRoleLevelAnnot",    displayRoleToPropertySetMap);
+            actionToRoleAndPropertySetMap.put(vitroURI + "prohibitedFromUpdateBelowRoleLevelAnnot", updateRoleToPropertySetMap);
+            actionToRoleAndPropertySetMap.put(vitroURI + "hiddenFromPublishBelowRoleLevelAnnot",    publishRoleToPropertySetMap);
 
             // Convert the assertions retrieved from the content and display models to the assertions in the new permission sets
             OntModel permissionsModel = convertRoleAuthsToPermissions(roleAuthContentModel, roleAuthDisplayModel, actionToRoleAndPropertySetMap);
@@ -146,9 +150,9 @@ private Model constructRoleAuthDisplayModel(ContextModelAccess models) {
 
         displayModel.enterCriticalSection(Lock.READ);
         try {
-            constructedModel.add(displayModel.listStatements(null, displayModel.getProperty("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#hiddenFromDisplayBelowRoleLevelAnnot"), (RDFNode) null));
-            constructedModel.add(displayModel.listStatements(null, displayModel.getProperty("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#prohibitedFromUpdateBelowRoleLevelAnnot"), (RDFNode) null));
-            constructedModel.add(displayModel.listStatements(null, displayModel.getProperty("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#hiddenFromPublishBelowRoleLevelAnnot"), (RDFNode) null));
+            constructedModel.add(displayModel.listStatements(null, displayModel.getProperty(vitroURI + "hiddenFromDisplayBelowRoleLevelAnnot"), (RDFNode) null));
+            constructedModel.add(displayModel.listStatements(null, displayModel.getProperty(vitroURI + "prohibitedFromUpdateBelowRoleLevelAnnot"), (RDFNode) null));
+            constructedModel.add(displayModel.listStatements(null, displayModel.getProperty(vitroURI + "hiddenFromPublishBelowRoleLevelAnnot"), (RDFNode) null));
         } finally {
             displayModel.leaveCriticalSection();
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
index 05348c82be..be4a39a94a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
@@ -122,13 +122,9 @@ public GroupedPropertyList getPropertyList() {
 	 * an object property to the Individual being shown.
 	 */
     public boolean isEditable() {
-        DataPropertyStatementAccessObject adps = new DataPropertyStatementAccessObject(
-				vreq.getJenaOntModel(), individual.getURI(),
-				SOME_URI, SOME_LITERAL);
-        ObjectPropertyStatementAccessObject aops = new ObjectPropertyStatementAccessObject(
-				vreq.getJenaOntModel(), individual.getURI(),
-				SOME_PREDICATE, SOME_URI);
-    	return PolicyHelper.isAuthorizedForActions(vreq, AuthorizationRequest.or(new SimpleAuthorizationRequest(adps, AccessOperation.ADD), new SimpleAuthorizationRequest(aops, AccessOperation.ADD)));
+        ObjectPropertyStatementAccessObject aops = new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), individual.getURI(), SOME_PREDICATE, SOME_URI);
+        SimpleAuthorizationRequest addSomeObjectProperty = new SimpleAuthorizationRequest(aops, AccessOperation.ADD);
+        return PolicyHelper.isAuthorizedForActions(vreq, addSomeObjectProperty);
     }
 
     public boolean getShowAdminPanel() {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
new file mode 100644
index 0000000000..29dc574e29
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
@@ -0,0 +1,19 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+public class EditablePagesPolicyTest extends PolicyTest{
+
+    public static final String EDITABLE_PAGES_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editable_pages.n3";
+
+    @Test
+    public void testLoadEditablePagesPolicy() {        
+        load(EDITABLE_PAGES_POLICY_PATH);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/EditIndividualPagesPolicy";
+        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        assertTrue(policy != null);
+        countRulesAndAttributes(policy, 1, 5);
+    }
+}
diff --git a/home/src/main/resources/rdf/auth/everytime/attributes.n3 b/home/src/main/resources/rdf/auth/everytime/attributes.n3
index 6bc0cfefba..6f40100838 100644
--- a/home/src/main/resources/rdf/auth/everytime/attributes.n3
+++ b/home/src/main/resources/rdf/auth/everytime/attributes.n3
@@ -40,6 +40,13 @@ ai:SubjectRoleEqualsPublicRoleAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
          ao:type ai:SubjectRole ;
          ao:value auth:PUBLIC .
+         
+ai:SubjectRoleOneOfEditorsAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:SubjectRole ;
+         ao:value auth:ADMIN ;
+         ao:value auth:CURATOR ;
+         ao:value auth:EDITOR .
 
 ###########################################################################
 ### Operation attributes
diff --git a/home/src/main/resources/rdf/auth/everytime/object_types.n3 b/home/src/main/resources/rdf/auth/everytime/object_types.n3
index d45e4031da..23fba2ca73 100644
--- a/home/src/main/resources/rdf/auth/everytime/object_types.n3
+++ b/home/src/main/resources/rdf/auth/everytime/object_types.n3
@@ -14,15 +14,24 @@ ai:ObjectPropertyAccesObject rdf:type ao:ObjectType ;
 ai:DataPropertyAccesObject rdf:type ao:ObjectType ;
      ao:id "DATA_PROPERTY" .
      
-ai:FauxPropertyAccesObject rdf:type ao:ObjectType ;
-     ao:id "FAUX_PROPERTY" .
-     
+ai:FauxDataPropertyAccesObject rdf:type ao:ObjectType ;
+     ao:id "FAUX_DATA_PROPERTY" .
+
+ai:FauxObjectPropertyAccesObject rdf:type ao:ObjectType ;
+     ao:id "FAUX_OBJECT_PROPERTY" .
+
 ai:ObjectPropertyStatementAccesObject rdf:type ao:ObjectType ;
      ao:id "OBJECT_PROPERTY_STATEMENT" .
 
 ai:DataPropertyStatementAccesObject rdf:type ao:ObjectType ;
      ao:id "DATA_PROPERTY_STATEMENT" .
 
+ai:FauxObjectPropertyStatementAccesObject rdf:type ao:ObjectType ;
+     ao:id "FAUX_OBJECT_PROPERTY_STATEMENT" .
+
+ai:FauxDataPropertyStatementAccesObject rdf:type ao:ObjectType ;
+     ao:id "FAUX_DATA_PROPERTY_STATEMENT" .
+
 ai:Class rdf:type ao:ObjectType ;
      ao:id "CLASS" .
      
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_object_property.n3
new file mode 100644
index 0000000000..44c1a38724
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminDisplayFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminDisplayFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:AdminDisplayFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:AdminDisplayFauxObjectPropertyPolicyKey .
+
+ai:AdminDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminDisplayFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowAdminDisplayFauxObjectPropertyRule .
+
+ai:AdminDisplayFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminDisplayFauxObjectPropertyDataset .
+
+ai:AdminDisplayFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminDisplayFauxObjectPropertyTestData .
+          
+ai:AdminDisplayFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowAdminDisplayFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:AdminDisplayFauxObjectPropertyAttribute .
+
+ai:AllowAdminDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminDisplayFauxObjectPropertyStatementAttribute .
+         
+ai:AdminDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:AdminDisplayFauxObjectPropertyTestData .
+         
+ai:AdminDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminDisplayFauxObjectPropertyTestData .
+         
+ai:AdminDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editable_pages.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editable_pages.n3
new file mode 100644
index 0000000000..8d35c45538
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editable_pages.n3
@@ -0,0 +1,31 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditIndividualPagesPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditIndividualPagesRuleSet .
+
+ai:EditIndividualPagesRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditIndividualPagesRule .
+
+ai:AllowEditIndividualPagesRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleOneOfEditorsAttribute ;
+          ao:attribute ai:AddOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:SomeObjectUriAttribute ;
+          ao:attribute ai:SomePredicateAttribute .
+         
+ai:SomePredicateAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:StatementPredicateUri ;
+         ao:value ai:SomeUriTestData .
+         
+ai:SomeObjectUriAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:StatementObjectUri ;
+         ao:value ai:SomeUriTestData .
diff --git a/home/src/main/resources/rdf/auth/everytime/test_values.n3 b/home/src/main/resources/rdf/auth/everytime/test_values.n3
index 9f5f30b432..8955a4a2fd 100644
--- a/home/src/main/resources/rdf/auth/everytime/test_values.n3
+++ b/home/src/main/resources/rdf/auth/everytime/test_values.n3
@@ -82,4 +82,5 @@ ai:SomeUriTestData rdf:type ao:TestData ;
         
 ai:SomeLiteralTestData rdf:type ao:TestData ;
         ao:id "?SOME_LITERAL" .
+        
 

From f011d36a955ef3c4475bad96153290f84911c4ee Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Wed, 7 Jun 2023 17:39:32 +0200
Subject: [PATCH 012/148] fixed update admin policies

---
 .../objects/DataPropertyAccessObject.java     | 10 +++++++---
 .../objects/ObjectPropertyAccessObject.java   |  5 +++++
 .../webapp/auth/policy/PolicyHelper.java      |  5 ++++-
 .../rdf/auth/everytime/attributes.n3          |  8 ++++++++
 .../policy_admin_update_data_property.n3      |  6 +++---
 .../policy_admin_update_object_property.n3    | 20 +++----------------
 6 files changed, 30 insertions(+), 24 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
index e5d8471d3c..00111aa519 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
@@ -5,7 +5,6 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
-import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxDataPropertyWrapper;
 
 public class DataPropertyAccessObject extends AccessObject {
@@ -33,8 +32,8 @@ public AccessObjectType getType() {
     
     @Override
     public String toString() {
-        ObjectProperty op = getObjectProperty();
-        return getClass().getSimpleName() + ": " + (op == null ? op : op.getURI());
+        DataProperty dp = getDataProperty();
+        return getClass().getSimpleName() + ": " + (dp == null ? dp : dp.getURI());
     }
     
     private void debug(DataProperty dataProperty) {
@@ -44,6 +43,11 @@ private void debug(DataProperty dataProperty) {
                 log.error("FauxDataPropertyWrapper provided in DataPropertyAccessObject constructor");
                 log.error(t, t);
             }
+            if (dataProperty == null) {
+                Throwable t = new Throwable();
+                log.error("null provided in DataPropertyAccessObject constructor");
+                log.error(t, t);
+            }
         }
     }
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
index 544911a9a0..41b72924ce 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
@@ -42,6 +42,11 @@ private void debug(ObjectProperty property) {
                 log.error("FauxObjectPropertyWrapper provided in ObjectPropertyAccessObject constructor");
                 log.error(t, t);
             }
+            if (property == null) {
+                Throwable t = new Throwable();
+                log.error("null provided in ObjectPropertyAccessObject constructor");
+                log.error(t, t);
+            }
         }
     }
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
index d05fbee72d..ac959f6e44 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
@@ -40,7 +40,6 @@
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
-import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxObjectPropertyWrapper;
 
 /**
  * A collection of static methods to help determine whether requested actions
@@ -126,6 +125,10 @@ private static void debug(AuthorizationRequest ar, PolicyDecision decision) {
 	    if (true) {//log.isDebugEnabled()
 	        AccessObject ao = ar.getAccessObject();
             log.error(String.format("Request for %s on object %s resulted in decision %s", ar.getAccessOperation(), ao, decision.getDecisionResult()));
+	        if (ao == null) {
+	            Throwable t = new Throwable();
+                log.error(t, t);
+	        }
 	    }
     }
 
diff --git a/home/src/main/resources/rdf/auth/everytime/attributes.n3 b/home/src/main/resources/rdf/auth/everytime/attributes.n3
index 6f40100838..d2b8f976a6 100644
--- a/home/src/main/resources/rdf/auth/everytime/attributes.n3
+++ b/home/src/main/resources/rdf/auth/everytime/attributes.n3
@@ -81,6 +81,14 @@ ai:AddOperationAttribute rdf:type ao:Attribute ;
          ao:type ai:Operation ;
          ao:value ai:AddOperation .
          
+ai:UpdateAddEditOrDropOperationsAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:Operation ;
+         ao:value ai:UpdateOperation ;
+         ao:value ai:AddOperation ;
+         ao:value ai:EditOperation ;
+         ao:value ai:DropOperation .
+         
 ###########################################################################
 ### Object attributes
 
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_data_property.n3
index a2a78c6ffa..951dad835f 100644
--- a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_data_property.n3
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_data_property.n3
@@ -13,7 +13,7 @@ ai:AdminUpdateDataPropertyPolicy rdf:type ao:Policy ;
           ao:policyKey ai:AdminUpdateDataPropertyPolicyKey .
 
 ai:AdminUpdateDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminUpdateDataPropertyStatementRule ;
+          ao:rule ai:AllowAdminUpdateAddEditorDropDataPropertyStatementRule ;
           ao:rule ai:AllowAdminUpdateDataPropertyRule .
 
 ai:AdminUpdateDataPropertyTestDatasets rdf:type ao:TestDatasets ;
@@ -33,9 +33,9 @@ ai:AllowAdminUpdateDataPropertyRule rdf:type ao:Rule;
           ao:attribute ai:DataPropertyTypeAttribute ;
           ao:attribute ai:AdminUpdateDataPropertyAttribute .
 
-ai:AllowAdminUpdateDataPropertyStatementRule rdf:type ao:Rule;
+ai:AllowAdminUpdateAddEditorDropDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:DataPropertyStatementTypeAttribute ;
           ao:attribute ai:AdminUpdateDataPropertyStatementAttribute .
          
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
index 14e9dfbbc5..0565231976 100644
--- a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
@@ -14,9 +14,7 @@ ai:AdminUpdateObjectPropertyPolicy rdf:type ao:Policy ;
 
 ai:AdminUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowAdminUpdateObjectPropertyStatementRule ;
-          ao:rule ai:AllowAdminAddObjectPropertyStatementRule ;
-          ao:rule ai:AllowAdminEditObjectPropertyStatementRule ;
-          ao:rule ai:AllowAdminDropObjectPropertyRule .
+          ao:rule ai:AllowAdminUpdateEditAddDropObjectPropertyStatementRule .
 
 ai:AdminUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
           ao:testDataset ai:AdminUpdateObjectPropertyDataset .
@@ -35,21 +33,9 @@ ai:AllowAdminUpdateObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:ObjectPropertyTypeAttribute ;
           ao:attribute ai:AdminUpdateObjectPropertyAttribute .
 
-ai:AllowAdminEditObjectPropertyStatementRule rdf:type ao:Rule;
+ai:AllowAdminUpdateEditAddDropObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:EditOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminUpdateObjectPropertyStatementAttribute .
-
-ai:AllowAdminAddObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:AddOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminUpdateObjectPropertyStatementAttribute .
-
-ai:AllowAdminDropObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DropOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
           ao:attribute ai:AdminUpdateObjectPropertyStatementAttribute .
 

From 18d364c598a93712c023527eea7baf6d9cdf5e37 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Wed, 7 Jun 2023 17:40:24 +0200
Subject: [PATCH 013/148] fixed debug log in entity policy controller

---
 .../vitro/webapp/auth/policy/EntityPolicyController.java        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index b3c985bdc0..5dff1adeac 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -69,7 +69,7 @@ public static void deletedEntityEvent(Property oldObj) {
 
     public static void updatedEntityEvent(Object oldObj, Object newObj) {
         if (oldObj instanceof Property || newObj instanceof Property) {
-            log.error("update entity event old " + oldObj + " new object " + newObj );    
+            log.debug("update entity event old " + oldObj + " new object " + newObj );    
         }
     }
 

From 2321c492fe2236be3e3d8809b127e647d6e60146 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Thu, 8 Jun 2023 19:22:41 +0200
Subject: [PATCH 014/148] Added migration script from upstream, faux property
 policies, tests

---
 .../auth/policy/EntityPolicyController.java   |   8 +-
 .../webapp/auth/policy/PolicyLoader.java      |  57 ++-
 .../webapp/migration/auth/AuthMigrator.java   | 435 +++++++++---------
 .../webapp/auth/policy/BasicPolicyTest.java   |   4 +-
 .../auth/policy/EditablePagesPolicyTest.java  |   4 +-
 .../webapp/auth/policy/EntityPolicyTests.java | 120 +++--
 .../vitro/webapp/auth/policy/PolicyTest.java  | 158 ++++++-
 .../auth/policy/RootUserPolicyTest.java       |   4 +-
 .../migration/auth/AuthMigratorTest.java      |  75 +++
 .../webapp/auth/migration/configuration.n3    |  36 ++
 .../vitro/webapp/auth/migration/content.n3    |  47 ++
 .../rdf/auth/everytime/attributes.n3          |  20 +
 ...policy_admin_display_faux_data_property.n3 |  53 +++
 ...licy_admin_display_faux_object_property.n3 |   4 +-
 ...policy_admin_publish_faux_data_property.n3 |  53 +++
 ...licy_admin_publish_faux_object_property.n3 |  53 +++
 .../policy_admin_update_faux_data_property.n3 |  53 +++
 ...olicy_admin_update_faux_object_property.n3 |  53 +++
 .../policy_admin_update_object_property.n3    |   2 +-
 ...licy_curator_display_faux_data_property.n3 |  53 +++
 ...cy_curator_display_faux_object_property.n3 |  53 +++
 ...licy_curator_publish_faux_data_property.n3 |  53 +++
 ...cy_curator_publish_faux_object_property.n3 |  53 +++
 ...olicy_curator_update_faux_data_property.n3 |  53 +++
 ...icy_curator_update_faux_object_property.n3 |  53 +++
 ...olicy_editor_display_faux_data_property.n3 |  53 +++
 ...icy_editor_display_faux_object_property.n3 |  53 +++
 ...olicy_editor_publish_faux_data_property.n3 |  53 +++
 ...icy_editor_publish_faux_object_property.n3 |  53 +++
 ...policy_editor_update_faux_data_property.n3 |  53 +++
 ...licy_editor_update_faux_object_property.n3 |  53 +++
 ...olicy_public_display_faux_data_property.n3 |  53 +++
 ...icy_public_display_faux_object_property.n3 |  53 +++
 ..._self_editor_display_faux_data_property.n3 |  53 +++
 ...elf_editor_display_faux_object_property.n3 |  53 +++
 ..._self_editor_publish_faux_data_property.n3 |  53 +++
 ...elf_editor_publish_faux_object_property.n3 |  53 +++
 ...y_self_editor_update_faux_data_property.n3 |  55 +++
 ...self_editor_update_faux_object_property.n3 |  55 +++
 .../WEB-INF/resources/startup_listeners.txt   |   4 +-
 40 files changed, 2027 insertions(+), 280 deletions(-)
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/configuration.n3
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/content.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_publish_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_publish_faux_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_update_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_admin_update_faux_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_display_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_display_faux_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_publish_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_publish_faux_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_update_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_curator_update_faux_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_display_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_display_faux_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_publish_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_publish_faux_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_update_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_editor_update_faux_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_public_display_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_public_display_faux_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_faux_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_faux_object_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_faux_data_property.n3
 create mode 100644 home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_faux_object_property.n3

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index 5dff1adeac..ed28f467ae 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -17,7 +17,13 @@
 public class EntityPolicyController {
     
     private static final Log log = LogFactory.getLog(EntityPolicyController.class);
-    
+    /**
+     * @param entityUri - entity uniform resource identifier
+     * @param aot - Access object type
+     * @param og - operation group
+     * @param selectedRoles - list of roles to assign
+     * @param allRoles - list of all available roles
+     */
     public static void updateEntityPolicy(String entityUri, AccessObjectType aot, OperationGroup og,
             List<String> selectedRoles, List<String> allRoles) {
         if (StringUtils.isBlank(entityUri)) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 1f3f746081..52a518880a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -175,7 +175,7 @@ public class PolicyLoader {
       + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
       + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
       + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-      + "SELECT DISTINCT ?" + POLICY + " ?value ?valueId ( COUNT(?key) AS ?keySize ) \n"
+      + "SELECT DISTINCT ?" + POLICY + "?testData ?value ?valueId ( COUNT(?key) AS ?keySize ) \n"
       + "WHERE {\n"
       + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n"
       + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
@@ -186,7 +186,7 @@ public class PolicyLoader {
       + "  }"
       + "  ?policyKeyUri ao:keyComponent ?key .\n";
 
-    private static final String policyKeyTemplateSuffix = "} GROUP BY ?" + POLICY + " ?value ?valueId";
+    private static final String policyKeyTemplateSuffix = "} GROUP BY ?" + POLICY + " ?value ?valueId ?testData";
    
     private static final String policyStatementByKeyTemplatePrefix = 
           "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
@@ -241,7 +241,7 @@ public static void initialize(Model model) {
         INSTANCE = new PolicyLoader(model);
     }
     
-    private void loadPolicies() {
+    public void loadPolicies() {
         List<String> policyUris = getPolicyUris();
         for (String uri : policyUris) {
             debug("Loading policy %s", uri);
@@ -360,7 +360,8 @@ public String getPolicyUriByKey(OperationGroup og, AccessObjectType aot, String
                 if (expectedSize != keySize) {
                     continue;
                 }
-                return qs.getResource(POLICY).getURI();
+                uri = qs.getResource(POLICY).getURI();
+                break;
             }
         } catch (Exception e) {
             log.error(e, e);
@@ -370,6 +371,38 @@ public String getPolicyUriByKey(OperationGroup og, AccessObjectType aot, String
         return uri;
     }
     
+    public String getEntityPolicyTestDataValue(OperationGroup og, AccessObjectType aot, String role) {
+        String valueUri = null;
+        long expectedSize = 3;
+        final String queryText = getPolicyTestValuesByKeyQuery(new String[]{role}, new String[]{og.toString(), aot.toString()});
+        debug("SPARQL Query to get policy data set value:\n %s", queryText);
+        Query query = QueryFactory.create(queryText);
+        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        try {
+            ResultSet rs = qexec.execSelect();
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                if (!qs.contains(POLICY) || 
+                    !qs.contains("keySize") || 
+                    !qs.get("keySize").isLiteral()) {
+                 continue;  
+                }
+                long keySize = qs.getLiteral("keySize").getLong();
+                if (expectedSize != keySize) {
+                    continue;
+                }
+                if (qs.contains("testData") && qs.get("testData").isResource()) {
+                    valueUri = qs.getResource("testData").getURI();
+                } 
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        } finally {
+            qexec.close();
+        }
+        return valueUri;
+    }
+    
     public void modifyPolicyDataSetValue(String entityUri, OperationGroup og, AccessObjectType aot, String role, boolean isAdd) {
         final String queryText = getPolicyDataSetValueStatementByKeyQuery(entityUri, new String[]{role}, new String[]{og.toString(), aot.toString()});
         debug("SPARQL Query to get policy data set values:\n %s", queryText);
@@ -390,11 +423,15 @@ public void modifyPolicyDataSetValue(String entityUri, OperationGroup og, Access
     }
     
     private void updateUserAccountsModel(Model data, boolean isAdd) {
+        StringWriter sw = new StringWriter();
+        data.write(sw, "TTL");
+        updateUserAccountsModel(sw.toString(), isAdd);
+    }
+
+    public void updateUserAccountsModel(String data, boolean isAdd) {
         try {
             ChangeSet changeSet = makeChangeSet();
-            ByteArrayOutputStream baos = new ByteArrayOutputStream();
-            data.write(baos, "TTL");
-            InputStream in = new ByteArrayInputStream(baos.toByteArray());
+            InputStream in = new ByteArrayInputStream(data.getBytes());
             debug(modelToString(data, isAdd));
             if (isAdd) {
                 changeSet.addAddition(in, ModelSerializationFormat.N3, ModelNames.USER_ACCOUNTS);    
@@ -409,10 +446,8 @@ private void updateUserAccountsModel(Model data, boolean isAdd) {
         }
     }
 
-    private String modelToString(Model ruleData, boolean isAdd) {
-        StringWriter sw = new StringWriter();
-        ruleData.write(sw, "TTL");
-        String message = (isAdd ? "Adding to" : "Removing from") + " user accounts model \n" + sw.toString();
+    private String modelToString(String ruleData, boolean isAdd) {
+        String message = (isAdd ? "Adding to" : "Removing from") + " user accounts model \n" + ruleData;
         return message;
     }
     
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index b8340acdc1..9009e9005b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -2,272 +2,289 @@
 
 package edu.cornell.mannlib.vitro.webapp.migration.auth;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ContextModelAccess;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess.WhichService;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
-import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFServiceException;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.RDFServiceUtils;
 import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
+
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.jena.ontology.OntModel;
-import org.apache.jena.ontology.OntModelSpec;
-import org.apache.jena.rdf.model.*;
-import org.apache.jena.shared.Lock;
+import org.apache.jena.query.QuerySolution;
+import org.apache.jena.query.ResultSet;
 
 import javax.servlet.ServletContext;
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
+
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Map;
-
-import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.vitroURI;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 public class AuthMigrator implements ServletContextListener { 
     private static final String PREFIX = "http://vitro.mannlib.cornell.edu/ns/vitro/role#";
 
     private static final Log log = LogFactory.getLog(AuthMigrator.class);
 
-    /**
-     * Old ROLE defintions that were used by the hidden / prohibited assertions
-     */
-    private static final String ROLE_PUBLIC = PREFIX + "public";
-    private static final String ROLE_SELF = PREFIX + "selfEditor";
-    private static final String ROLE_EDITOR = PREFIX + "editor";
-    private static final String ROLE_CURATOR = PREFIX + "curator";
-    private static final String ROLE_DB_ADMIN = PREFIX + "dbAdmin";
-    private static final String ROLE_NOBODY = PREFIX + "nobody";
+    private static final String OLD_ROLE_PUBLIC = PREFIX + "public";
+    private static final String OLD_ROLE_SELF = PREFIX + "selfEditor";
+    private static final String OLD_ROLE_EDITOR = PREFIX + "editor";
+    private static final String OLD_ROLE_CURATOR = PREFIX + "curator";
+    private static final String OLD_ROLE_DB_ADMIN = PREFIX + "dbAdmin";
+    private static final String OLD_ROLE_NOBODY = PREFIX + "nobody";
+    
+    private static final String ROLE_ADMIN_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
+    private static final String ROLE_CURATOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR";
+    private static final String ROLE_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
+    private static final String ROLE_SELF_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR";
+    private static final String ROLE_PUBLIC_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
+
+    private static final String fauxTypeSpecificPatterns = 
+            "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#configContextFor> ?base .\n"
+          + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#hasConfiguration> ?uri .\n"
+          + "  ?uri rdf:type <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#ObjectPropertyDisplayConfig> .\n";
+    protected static final Map<String,Set<String>> showMap;
+    protected static final Set<String> allRoles;
+
+    private RDFService contentRdfService;
+    private RDFService configurationRdfService;
+    private static Map<String,String> policyKeyToDataValueMap = new HashMap<String,String>();
+
+    static {
+        allRoles = new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI));
+        showMap = new HashMap<>();
+        showMap.put(OLD_ROLE_PUBLIC, allRoles);
+        showMap.put(OLD_ROLE_SELF, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI)));
+        showMap.put(OLD_ROLE_EDITOR, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI)));
+        showMap.put(OLD_ROLE_CURATOR, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI)));
+        showMap.put(OLD_ROLE_DB_ADMIN, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI)));
+        showMap.put(OLD_ROLE_NOBODY, Collections.emptySet());
+    }
 
     @Override
     public void contextInitialized(ServletContextEvent sce) {
         long begin = System.currentTimeMillis();
-
+        ContextModelAccess modelAccess = ModelAccess.getInstance();
+        initialize(modelAccess.getRDFService(WhichService.CONTENT), modelAccess.getRDFService(WhichService.CONFIGURATION));
         ServletContext ctx = sce.getServletContext();
         StartupStatus ss = StartupStatus.getBean(ctx);
-        ContextModelAccess models = ModelAccess.getInstance();
-
-        // Get assertions from content store
-        Model roleAuthContentModel = constructRoleAuthContentModel(models);
-
-        // Get assertions from configuration store
-        Model roleAuthDisplayModel = constructRoleAuthDisplayModel(models);
-
-        if ((roleAuthContentModel != null && !roleAuthContentModel.isEmpty()) ||
-                (roleAuthDisplayModel != null && !roleAuthDisplayModel.isEmpty()) ) {
-            Map<String, Map<String, String>> actionToRoleAndPropertySetMap = new HashMap<>();
-
-            Map<String, String> displayRoleToPropertySetMap = new HashMap<>();
-            Map<String, String> updateRoleToPropertySetMap = new HashMap<>();
-            Map<String, String> publishRoleToPropertySetMap = new HashMap<>();
-
-            // Map the roles to equivalent display permissions
-            displayRoleToPropertySetMap.put(ROLE_PUBLIC,   AuthMigrator.getClassUri(AccessOperation.DISPLAY) + "#PUBLIC");
-            displayRoleToPropertySetMap.put(ROLE_SELF,     AuthMigrator.getClassUri(AccessOperation.DISPLAY) + "#SELF_EDITOR");
-            displayRoleToPropertySetMap.put(ROLE_EDITOR,   AuthMigrator.getClassUri(AccessOperation.DISPLAY) + "#EDITOR");
-            displayRoleToPropertySetMap.put(ROLE_CURATOR,  AuthMigrator.getClassUri(AccessOperation.DISPLAY) + "#CURATOR");
-            displayRoleToPropertySetMap.put(ROLE_DB_ADMIN, AuthMigrator.getClassUri(AccessOperation.DISPLAY) + "#ADMIN");
-
-            // Map the roles to equivalent update permissions
-            updateRoleToPropertySetMap.put(ROLE_PUBLIC,   AuthMigrator.getClassUri(AccessOperation.UPDATE) + "#PUBLIC");
-            updateRoleToPropertySetMap.put(ROLE_SELF,     AuthMigrator.getClassUri(AccessOperation.UPDATE) + "#SELF_EDITOR");
-            updateRoleToPropertySetMap.put(ROLE_EDITOR,   AuthMigrator.getClassUri(AccessOperation.UPDATE) + "#EDITOR");
-            updateRoleToPropertySetMap.put(ROLE_CURATOR,  AuthMigrator.getClassUri(AccessOperation.UPDATE) + "#CURATOR");
-            updateRoleToPropertySetMap.put(ROLE_DB_ADMIN, AuthMigrator.getClassUri(AccessOperation.UPDATE) + "#ADMIN");
-
-            // Map the roles to equivalent publish permissions
-            publishRoleToPropertySetMap.put(ROLE_PUBLIC,   AuthMigrator.getClassUri(AccessOperation.PUBLISH) + "#PUBLIC");
-            publishRoleToPropertySetMap.put(ROLE_SELF,     AuthMigrator.getClassUri(AccessOperation.PUBLISH) + "#SELF_EDITOR");
-            publishRoleToPropertySetMap.put(ROLE_EDITOR,   AuthMigrator.getClassUri(AccessOperation.PUBLISH) + "#EDITOR");
-            publishRoleToPropertySetMap.put(ROLE_CURATOR,  AuthMigrator.getClassUri(AccessOperation.PUBLISH) + "#CURATOR");
-            publishRoleToPropertySetMap.put(ROLE_DB_ADMIN, AuthMigrator.getClassUri(AccessOperation.PUBLISH) + "#ADMIN");
-
-            // Create a map between the permission and the appropriate sets
-            actionToRoleAndPropertySetMap.put(vitroURI + "hiddenFromDisplayBelowRoleLevelAnnot",    displayRoleToPropertySetMap);
-            actionToRoleAndPropertySetMap.put(vitroURI + "prohibitedFromUpdateBelowRoleLevelAnnot", updateRoleToPropertySetMap);
-            actionToRoleAndPropertySetMap.put(vitroURI + "hiddenFromPublishBelowRoleLevelAnnot",    publishRoleToPropertySetMap);
-
-            // Convert the assertions retrieved from the content and display models to the assertions in the new permission sets
-            OntModel permissionsModel = convertRoleAuthsToPermissions(roleAuthContentModel, roleAuthDisplayModel, actionToRoleAndPropertySetMap);
-
-            // Store the new permissions in the user accounts model
-            OntModel accountsModel = models.getOntModel(ModelNames.USER_ACCOUNTS);
-            accountsModel.add(permissionsModel);
-
-            // Get assertions from content store
-            removeRoleAuthContentModel(models, roleAuthContentModel);
+        log.info("Started authorization configuration update");
+        convertAuthorizationConfiguration();
+        log.info("Finished authorization configuration update");
+        ss.info(this, secondsSince(begin) + " seconds to migrate auth models");
+    }
+    
+    protected void initialize(RDFService content, RDFService configuration) {
+        contentRdfService = content;
+        configurationRdfService = configuration;
+    }
 
-            // Get assertions from configuration store
-            removeRoleAuthDisplayModel(models, roleAuthDisplayModel);
+    protected void convertAuthorizationConfiguration() {
+        if(isArmConfiguration()) {
+            convertArmConfiguration();
+        } else {
+            convertAnnotationConfiguration();
         }
-
-        ss.info(this, secondsSince(begin) + " seconds to migrate auth models");
+    }
+    
+    protected void convertAnnotationConfiguration() {
+        log.info("Started annotation configuration conversion");
+        Map<String, Map<OperationGroup, Set<String>>> opConfigs = getObjectPropertyAnnotations();
+        log.info(String.format("Found %s object property annotation configurations", opConfigs.size()));
+        Map<String, Map<OperationGroup, Set<String>>> dpConfigs = getDataPropertyAnnotations();
+        log.info(String.format("Found %s data property annotation configurations", dpConfigs.size()));
+        Map<String, Map<OperationGroup, Set<String>>> classConfigs = getClassAnnotations();
+        log.info(String.format("Found %s class annotation configurations", classConfigs.size()));
+        Map<String, Map<OperationGroup, Set<String>>> fopConfigs = getFauxObjectPropertyAnnotations(opConfigs.keySet());
+        log.info(String.format("Found %s faux object property annotation configurations", fopConfigs.size()));
+        Map<String, Map<OperationGroup, Set<String>>> fdpConfigs = getFauxDataPropertyAnnotations(dpConfigs.keySet());
+        log.info(String.format("Found %s faux data property annotation configurations", fdpConfigs.size()));
+        long lines = updatePolicyDatasets(AccessObjectType.OBJECT_PROPERTY, opConfigs);
+        log.info(String.format("Updated object property datasets, added %s values", lines));
+        lines = updatePolicyDatasets(AccessObjectType.DATA_PROPERTY, dpConfigs);
+        log.info(String.format("Updated data property datasets, added %s values", lines));
+        lines = updatePolicyDatasets(AccessObjectType.CLASS, classConfigs);
+        log.info(String.format("Updated class property datasets, added %s values", lines));
+        lines = updatePolicyDatasets(AccessObjectType.FAUX_OBJECT_PROPERTY, fopConfigs);
+        log.info(String.format("Updated faux object property datasets, added %s values", lines));
+        lines = updatePolicyDatasets(AccessObjectType.FAUX_DATA_PROPERTY, fdpConfigs);
+        log.info(String.format("Updated data property datasets, added %s values", lines));
+        PolicyLoader.getInstance().loadPolicies();
     }
 
-    @Override
-    public void contextDestroyed(ServletContextEvent sce) {
-        // Nothing to tear down.
+    protected Map<String, Map<OperationGroup, Set<String>>> getFauxDataPropertyAnnotations(Set<String> dataProperties) {
+        String queryText = getAnnotationQuery(fauxTypeSpecificPatterns);
+        return getFauxConfigurations(queryText, configurationRdfService, dataProperties);
     }
 
-    private long secondsSince(long startTime) {
-        return (System.currentTimeMillis() - startTime) / 1000;
+    protected Map<String, Map<OperationGroup, Set<String>>> getFauxObjectPropertyAnnotations(Set<String> objectProperties) {
+        String queryText = getAnnotationQuery(fauxTypeSpecificPatterns);
+        return getFauxConfigurations(queryText, configurationRdfService, objectProperties);
     }
 
-    private Model constructRoleAuthContentModel(ContextModelAccess models) {
-        RDFService rdfService = models.getRDFService();
-        Model constructedModel = ModelFactory.createDefaultModel();
+    protected Map<String, Map<OperationGroup, Set<String>>> getClassAnnotations() {
+        String queryText = getAnnotationQuery("  ?uri rdf:type owl:Class .\n");
+        return getConfigurations(queryText, contentRdfService);
+    }
 
-        String construct = "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n" +
-                "CONSTRUCT \n" +
-                "{\n" +
-                "   ?displaySubj vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayObj . \n" +
-                "   ?updateSubj vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateObj . \n" +
-                "   ?publishSubj vitro:hiddenFromPublishBelowRoleLevelAnnot ?publishObj . \n" +
-                "} WHERE { \n" +
-                "   { \n" +
-                "       ?displaySubj vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayObj . \n" +
-                "   } UNION { \n" +
-                "       ?updateSubj vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateObj . \n" +
-                "   } UNION { \n" +
-                "       ?publishSubj vitro:hiddenFromPublishBelowRoleLevelAnnot ?publishObj . \n" +
-                "   }\n" +
-                "}\n";
+    protected Map<String, Map<OperationGroup, Set<String>>> getDataPropertyAnnotations() {
+        String queryText = getAnnotationQuery("  ?uri rdf:type owl:DatatypeProperty .\n");
+        return getConfigurations(queryText, contentRdfService);
+    }
+    
+    protected Map<String, Map<OperationGroup, Set<String>>> getObjectPropertyAnnotations() {
+        String queryText = getAnnotationQuery("  ?uri rdf:type owl:ObjectProperty .\n");
+        return getConfigurations(queryText, contentRdfService);
+    }
 
-        try {
-            rdfService.sparqlConstructQuery(construct, constructedModel);
-        } catch (RDFServiceException e) {
-            return null;
+    private long updatePolicyDatasets(AccessObjectType aot, Map<String, Map<OperationGroup, Set<String>>> configs) {
+        StringBuilder sb = new StringBuilder();
+        for (String entityUri : configs.keySet()) {
+            Map<OperationGroup, Set<String>> groupMap = configs.get(entityUri);
+            for (OperationGroup og : groupMap.keySet()) {
+                Set<String> roles = groupMap.get(og);
+                addDataSetStatements(entityUri, aot, og, roles, sb);
+                log.debug(String.format("Updated entity %s dataset for operation group %s access object type %s roles %s", entityUri, og, aot, roles));
+            }
         }
-
-        return constructedModel;
+        PolicyLoader.getInstance().updateUserAccountsModel(sb.toString(), true);
+        return getLineCount(sb.toString());
     }
-
-    private Model constructRoleAuthDisplayModel(ContextModelAccess models) {
-        OntModel displayModel = models.getOntModel(ModelNames.DISPLAY);
-
-        Model constructedModel = ModelFactory.createDefaultModel();
-
-        displayModel.enterCriticalSection(Lock.READ);
-        try {
-            constructedModel.add(displayModel.listStatements(null, displayModel.getProperty(vitroURI + "hiddenFromDisplayBelowRoleLevelAnnot"), (RDFNode) null));
-            constructedModel.add(displayModel.listStatements(null, displayModel.getProperty(vitroURI + "prohibitedFromUpdateBelowRoleLevelAnnot"), (RDFNode) null));
-            constructedModel.add(displayModel.listStatements(null, displayModel.getProperty(vitroURI + "hiddenFromPublishBelowRoleLevelAnnot"), (RDFNode) null));
-        } finally {
-            displayModel.leaveCriticalSection();
+    
+    public void addDataSetStatements(String entityUri, AccessObjectType aot, OperationGroup og, Set<String> selectedRoles, StringBuilder sb) {
+        if (StringUtils.isBlank(entityUri)) {
+            return;
+        }
+        for (String role : selectedRoles) {
+            String testDataUri = getPolicyTestDataUri(aot, og, role);
+            if (testDataUri == null) {
+                log.error(String.format("Policy test data wasn't found by key:\n%s\n%s\n%s", og, aot, role));
+                continue;
+            }
+            sb.append(String.format("<%s> <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue> <%s> .\n", testDataUri, entityUri));
         }
-
-        return constructedModel;
     }
 
-    private void removeRoleAuthContentModel(ContextModelAccess models, Model roleAuthContentModel) {
-        OntModel tboxModel = models.getOntModelSelector().getTBoxModel();
-        tboxModel.enterCriticalSection(Lock.WRITE);
-
-        try {
-            tboxModel.remove(roleAuthContentModel);
-        } finally {
-            tboxModel.leaveCriticalSection();
+    private static String getPolicyTestDataUri(AccessObjectType aot, OperationGroup og, String role) {
+        String key = aot.toString() + "." + og.toString() + "." + role ;
+        if (policyKeyToDataValueMap.containsKey(key)) {
+            return policyKeyToDataValueMap.get(key);
         }
+        String uri = PolicyLoader.getInstance().getEntityPolicyTestDataValue(og, aot, role);
+        policyKeyToDataValueMap.put(key, uri);
+        return uri;
     }
-
-    private void removeRoleAuthDisplayModel(ContextModelAccess models, Model roleAuthDisplayModel) {
-        OntModel displayModel = models.getOntModel(ModelNames.DISPLAY);
-
-        displayModel.enterCriticalSection(Lock.WRITE);
+    
+    /**
+     * @param targetProperties set of property URIs to get configurations from
+     * @return map of entity URIs and maps of operations and list of allowed roles  
+     */
+    private Map<String, Map<OperationGroup, Set<String>>> getFauxConfigurations(String queryText, RDFService service, Set<String> targetProperties) {
+        Map<String, Map<OperationGroup, Set<String>>> configs = new HashMap<>();
         try {
-            displayModel.remove(roleAuthDisplayModel);
-        } finally {
-            displayModel.leaveCriticalSection();
+            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, service);
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                String baseUri = qs.getResource("base").getURI();
+                if (!targetProperties.contains(baseUri)) {
+                    continue;
+                }
+                collectConfiguration(configs, qs);
+            }
+        } catch (Exception e) {
+            log.error(e, e);
         }
+        return configs;
     }
-
-    private OntModel convertRoleAuthsToPermissions(Model roleAuthContentModel, Model roleAuthDisplayModel, Map<String, Map<String, String>> actionToRoleAndPropertySetMap) {
-        OntModel permissionsModel = ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM);
-
-        if (roleAuthContentModel != null && !roleAuthContentModel.isEmpty()) {
-            convertModel(permissionsModel, roleAuthContentModel, actionToRoleAndPropertySetMap);
-        }
-
-        if (roleAuthDisplayModel != null && !roleAuthDisplayModel.isEmpty()) {
-            convertModel(permissionsModel, roleAuthDisplayModel, actionToRoleAndPropertySetMap);
+    
+    /**
+     * @return map of entity URIs and maps of operations and list of allowed roles  
+     */
+    private Map<String, Map<OperationGroup, Set<String>>> getConfigurations(String queryText, RDFService service) {
+        Map<String, Map<OperationGroup, Set<String>>> configs = new HashMap<>();
+        try {
+            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, service);
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                collectConfiguration(configs, qs);
+            }
+        } catch (Exception e) {
+            log.error(e, e);
         }
-
-        return permissionsModel;
+        return configs;
     }
 
-    private void convertModel(OntModel permissionsModel, Model roleAuthModel, Map<String, Map<String, String>> actionToRoleAndPropertySetMap) {
-        StmtIterator iterator = roleAuthModel.listStatements();
-
-        while (iterator.hasNext()) {
-            Statement stmt = iterator.next();
+    private void collectConfiguration(Map<String, Map<OperationGroup, Set<String>>> configs, QuerySolution qs) {
+        String uri = qs.getResource("uri").getURI();
+        String displayAnnotation = qs.getResource("display").getURI();
+        Set<String> displayRoles = showMap.get(displayAnnotation);
 
-            Map<String, String> roleToPropertySetUriMap = null;
+        String publishAnnotation = qs.getResource("publish").getURI();
+        Set<String> publishRoles = showMap.get(publishAnnotation);
+        publishRoles.remove(ROLE_PUBLIC_URI);
 
-            Property property = stmt.getPredicate();
-            roleToPropertySetUriMap = actionToRoleAndPropertySetMap.get(property.getURI());
-            if (roleToPropertySetUriMap != null) {
-                Resource subject = stmt.getSubject();
+        String updateAnnotation = qs.getResource("update").getURI();
+        Set<String> updateRoles = new HashSet<>(showMap.get(updateAnnotation));
+        updateRoles.remove(ROLE_PUBLIC_URI);
 
-                if (subject != null && subject.isURIResource()) {
-                    RDFNode objectNode = stmt.getObject();
-                    if (objectNode.isResource()) {
-                        String role = ((Resource) objectNode).getURI();
-                        switch (role) {
-                            case ROLE_PUBLIC:
-                                addPermissionToModel(permissionsModel, roleToPropertySetUriMap, ROLE_PUBLIC, subject.getURI());
-
-                                // Fall through to grant additional rights
-
-                            case ROLE_SELF:
-                                addPermissionToModel(permissionsModel, roleToPropertySetUriMap, ROLE_SELF, subject.getURI());
-
-                                // Fall through to grant additional rights
-
-                            case ROLE_EDITOR:
-                                addPermissionToModel(permissionsModel, roleToPropertySetUriMap, ROLE_EDITOR, subject.getURI());
-
-                                // Fall through to grant additional rights
-
-                            case ROLE_CURATOR:
-                                addPermissionToModel(permissionsModel, roleToPropertySetUriMap, ROLE_CURATOR, subject.getURI());
-
-                                // Fall through to grant additional rights
-
-                            case ROLE_DB_ADMIN:
-                                addPermissionToModel(permissionsModel, roleToPropertySetUriMap, ROLE_DB_ADMIN, subject.getURI());
+        Map<OperationGroup, Set<String>> config = new HashMap<>();
+        config.put(OperationGroup.UPDATE_GROUP, updateRoles);
+        config.put(OperationGroup.PUBLISH_GROUP, publishRoles);
+        config.put(OperationGroup.DISPLAY_GROUP, displayRoles);
+        configs.put(uri, config);
+    }
 
-                                // Fall through to grant additional rights
+    private void convertArmConfiguration() {
+        // TODO Auto-generated method stub
+    }
 
-                            case ROLE_NOBODY:
-                                break;
+    private boolean isArmConfiguration() {
+        return false;
+    }
 
-                            default:
-                                log.warn("Unknown role <" + property.getURI() + ">");
-                                break;
-                        }
-                    } else {
-                        log.warn("Object node is not a resource");
-                    }
-                } else {
-                    log.warn("Can't process this resource");
-                }
-            }
-        }
+    private String getAnnotationQuery(String typeSpecificPatterns) {
+        return ""
+                + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
+                + "PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+                + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n"
+                + "SELECT ?base ?uri ?update ?display ?publish\n"
+                + "WHERE {\n"
+                + typeSpecificPatterns
+                + "  OPTIONAL { ?uri vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayAssigned . }\n"
+                + "  BIND (COALESCE(?displayAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#public> ) AS ?display )\n"
+                + "  OPTIONAL { ?uri vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateAssigned . }\n"
+                + "  BIND (COALESCE(?updateAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor> ) AS ?update )\n"
+                + "  OPTIONAL { ?uri vitro:hiddenFromPublishBelowRoleLevelAnnot ?publishAssigned . }\n"
+                + "  BIND (COALESCE(?publishAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#public> ) AS ?publish )\n"
+                + "  FILTER (!isBlank(?uri))\n"
+                + "} \n";
     }
 
-    private void addPermissionToModel(OntModel permissionsModel, Map<String, String> roleToPropertySetUriMap, String roleUri, String resourceUri) {
-        if (roleToPropertySetUriMap.containsKey(roleUri)) {
-            permissionsModel.add(
-                    permissionsModel.createResource(roleToPropertySetUriMap.get(roleUri)),
-                    permissionsModel.createProperty(VitroVocabulary.PERMISSION_FOR_ENTITY),
-                    permissionsModel.createResource(resourceUri)
-            );
+    @Override
+    public void contextDestroyed(ServletContextEvent sce) {
+        // Nothing to tear down.
+    }
+    
+    private long getLineCount(String lines) {
+        Matcher matcher = Pattern.compile("\n").matcher(lines);
+        long i = 0;
+        while (matcher.find()) {
+            i ++;
         }
+        return i;
     }
 
-    public static String getClassUri(AccessOperation action) {
-        final String actionStr = action.toString();
-        return "java:edu.cornell.mannlib.vitro.webapp.auth.permissions.Entity" + actionStr.substring(0,1).toUpperCase() + actionStr.substring(1).toLowerCase() + "Permission";
+    private long secondsSince(long startTime) {
+        return (System.currentTimeMillis() - startTime) / 1000;
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
index 6483fd68e0..8e2bee7407 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
@@ -2,6 +2,8 @@
 
 import static org.junit.Assert.assertTrue;
 
+import java.util.Collections;
+
 import org.junit.Test;
 
 public class BasicPolicyTest extends PolicyTest {
@@ -34,7 +36,7 @@ public void testValidPolicy() {
     public void testValidPolicyWithSet() {
         load(VALID_POLICY_WITH_SET);
         DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/ValidTestSetPolicy");
-        countRulesAndAttributes(policy, 2, 2);
+        countRulesAndAttributes(policy, 2, Collections.singleton(2));
     }
     
     @Test
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
index 29dc574e29..ac26cdd993 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
@@ -2,6 +2,8 @@
 
 import static org.junit.Assert.assertTrue;
 
+import java.util.Collections;
+
 import org.junit.Test;
 
 public class EditablePagesPolicyTest extends PolicyTest{
@@ -14,6 +16,6 @@ public void testLoadEditablePagesPolicy() {
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/EditIndividualPagesPolicy";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
-        countRulesAndAttributes(policy, 1, 5);
+        countRulesAndAttributes(policy, 1, Collections.singleton(5));
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
index e2a47871a3..4bfd456590 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
@@ -4,6 +4,8 @@
 
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
 import java.util.Set;
 
 import org.junit.Test;
@@ -34,7 +36,7 @@ public class EntityPolicyTests extends PolicyTest {
     public int rulesCount;
     
     @org.junit.runners.Parameterized.Parameter(6)
-    public int attrCount;
+    public Set<Integer> attrCount;
     
     @Test
     public void testPolicy() {
@@ -50,61 +52,93 @@ public void testPolicy() {
     @Parameterized.Parameters
     public static Collection<Object[]> requests() {
         return Arrays.asList(new Object[][] {
-            { EDITOR_DISPLAY_CLASS_POLICY_PATH, "EditorDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_EDITOR_URI, 1, 4 },
-            { EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, "EditorDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_EDITOR_URI, 2, 4 },
-            { EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, "EditorDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, 4 },
+            { EDITOR_DISPLAY_CLASS_POLICY_PATH, "EditorDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
+            { EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, "EditorDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+            { EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, "EditorDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
             
-            { SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH, "SelfEditorDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_SELF_EDITOR_URI, 1, 4 },
-            { SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, "SelfEditorDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, 4 },
-            { SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, "SelfEditorDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, 4 },
+            { SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH, "SelfEditorDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_SELF_EDITOR_URI, 1, Collections.singleton(4) },
+            { SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, "SelfEditorDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
+            { SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, "SelfEditorDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
 
-            { PUBLIC_DISPLAY_CLASS_POLICY_PATH, "PublicDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_PUBLIC_URI, 1, 4 },
-            { PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH, "PublicDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_PUBLIC_URI, 2, 4 },
-            { PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH, "PublicDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, 4 },
+            { PUBLIC_DISPLAY_CLASS_POLICY_PATH, "PublicDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_PUBLIC_URI, 1, Collections.singleton(4) },
+            { PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH, "PublicDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
+            { PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH, "PublicDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
             
-            { CURATOR_DISPLAY_CLASS_POLICY_PATH, "CuratorDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_CURATOR_URI, 1, 4 },
-            { CURATOR_DISPLAY_DATA_PROP_POLICY_PATH, "CuratorDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_CURATOR_URI, 2, 4 },
-            { CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH, "CuratorDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, 4 },
+            { CURATOR_DISPLAY_CLASS_POLICY_PATH, "CuratorDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
+            { CURATOR_DISPLAY_DATA_PROP_POLICY_PATH, "CuratorDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+            { CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH, "CuratorDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
             
-            { ADMIN_DISPLAY_CLASS_POLICY_PATH, "AdminDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_ADMIN_URI, 1, 4 },
-            { ADMIN_DISPLAY_DATA_PROP_POLICY_PATH, "AdminDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_ADMIN_URI, 1, 4 },
-            { ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH, "AdminDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, 4 },
+            { ADMIN_DISPLAY_CLASS_POLICY_PATH, "AdminDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
+            { ADMIN_DISPLAY_DATA_PROP_POLICY_PATH, "AdminDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
+            { ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH, "AdminDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
             
-            { EDITOR_PUBLISH_CLASS_POLICY_PATH, "EditorPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_EDITOR_URI, 1, 4 },
-            { EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, "EditorPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_EDITOR_URI, 2, 4 },
-            { EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, "EditorPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, 4 },
+            { EDITOR_PUBLISH_CLASS_POLICY_PATH, "EditorPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
+            { EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, "EditorPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+            { EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, "EditorPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
             
-            { SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH, "SelfEditorPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_SELF_EDITOR_URI, 1, 4 },
-            { SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, "SelfEditorPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, 4 },
-            { SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, "SelfEditorPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, 4 },
+            { SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH, "SelfEditorPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_SELF_EDITOR_URI, 1, Collections.singleton(4) },
+            { SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, "SelfEditorPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
+            { SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, "SelfEditorPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
 
-            { CURATOR_PUBLISH_CLASS_POLICY_PATH, "CuratorPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_CURATOR_URI, 1, 4 },
-            { CURATOR_PUBLISH_DATA_PROP_POLICY_PATH, "CuratorPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_CURATOR_URI, 2, 4 },
-            { CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH, "CuratorPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, 4 },
+            { CURATOR_PUBLISH_CLASS_POLICY_PATH, "CuratorPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
+            { CURATOR_PUBLISH_DATA_PROP_POLICY_PATH, "CuratorPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+            { CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH, "CuratorPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
 
-            { ADMIN_PUBLISH_CLASS_POLICY_PATH, "AdminPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_ADMIN_URI, 1, 4 },
-            { ADMIN_PUBLISH_DATA_PROP_POLICY_PATH, "AdminPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_ADMIN_URI, 2, 4 },
-            { ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH, "AdminPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, 4 },
+            { ADMIN_PUBLISH_CLASS_POLICY_PATH, "AdminPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
+            { ADMIN_PUBLISH_DATA_PROP_POLICY_PATH, "AdminPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+            { ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH, "AdminPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
             
-            { EDITOR_UPDATE_CLASS_POLICY_PATH, "EditorUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_EDITOR_URI, 1, 4 },
-            { EDITOR_UPDATE_DATA_PROP_POLICY_PATH, "EditorUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_EDITOR_URI, 2, 4 },
-            { EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, "EditorUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, 4 },
+            { EDITOR_UPDATE_CLASS_POLICY_PATH, "EditorUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
+            { EDITOR_UPDATE_DATA_PROP_POLICY_PATH, "EditorUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+            { EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, "EditorUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
             
-            { SELF_EDITOR_UPDATE_CLASS_POLICY_PATH, "SelfEditorUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_SELF_EDITOR_URI, 1, 4 },
-            { SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH, "SelfEditorUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, 4 },
-            { SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, "SelfEditorUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, 4 },
+            { SELF_EDITOR_UPDATE_CLASS_POLICY_PATH, "SelfEditorUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_SELF_EDITOR_URI, 1, Collections.singleton(4) },
+            { SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH, "SelfEditorUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4,5)) },
+            { SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, "SelfEditorUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4,5)) },
 
-            { PUBLIC_UPDATE_CLASS_POLICY_PATH, "PublicUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_PUBLIC_URI, 1, 4 },
-            { PUBLIC_UPDATE_DATA_PROP_POLICY_PATH, "PublicUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_PUBLIC_URI, 2, 4 },
-            { PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH, "PublicUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, 4 },
+            { PUBLIC_UPDATE_CLASS_POLICY_PATH, "PublicUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_PUBLIC_URI, 1, Collections.singleton(4) },
+            { PUBLIC_UPDATE_DATA_PROP_POLICY_PATH, "PublicUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
+            { PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH, "PublicUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
             
-            { CURATOR_UPDATE_CLASS_POLICY_PATH, "CuratorUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_CURATOR_URI, 1, 4 },
-            { CURATOR_UPDATE_DATA_PROP_POLICY_PATH, "CuratorUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_CURATOR_URI, 2, 4 },
-            { CURATOR_UPDATE_OBJ_PROP_POLICY_PATH, "CuratorUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, 4 },
+            { CURATOR_UPDATE_CLASS_POLICY_PATH, "CuratorUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
+            { CURATOR_UPDATE_DATA_PROP_POLICY_PATH, "CuratorUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+            { CURATOR_UPDATE_OBJ_PROP_POLICY_PATH, "CuratorUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
             
-            { ADMIN_UPDATE_CLASS_POLICY_PATH, "AdminUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_ADMIN_URI, 1, 4 },
-            { ADMIN_UPDATE_DATA_PROP_POLICY_PATH, "AdminUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_ADMIN_URI, 2, 4 },
-            { ADMIN_UPDATE_OBJ_PROP_POLICY_PATH, "AdminUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, 4 },
+            { ADMIN_UPDATE_CLASS_POLICY_PATH, "AdminUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
+            { ADMIN_UPDATE_DATA_PROP_POLICY_PATH, "AdminUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+            { ADMIN_UPDATE_OBJ_PROP_POLICY_PATH, "AdminUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+            
+            { ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "AdminDisplayFauxObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+            { CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "CuratorDisplayFauxObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+            { EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "EditorDisplayFauxObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+            { SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "SelfEditorDisplayFauxObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
+            { PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "PublicDisplayFauxObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
+            
+            { ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "AdminPublishFauxObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+            { CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "CuratorPublishFauxObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+            { EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "EditorPublishFauxObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+            { SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "SelfEditorPublishFauxObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
+            
+            { ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "AdminUpdateFauxObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+            { CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "CuratorUpdateFauxObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+            { EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "EditorUpdateFauxObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+            { SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "SelfEditorUpdateFauxObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4,5)) },
+            
+            { ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "AdminDisplayFauxDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+            { CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "CuratorDisplayFauxDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+            { EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "EditorDisplayFauxDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+            { SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "SelfEditorDisplayFauxDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
+            { PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "PublicDisplayFauxDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
+            
+            { ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "AdminPublishFauxDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+            { CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "CuratorPublishFauxDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+            { EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "EditorPublishFauxDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+            { SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "SelfEditorPublishFauxDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
+            
+            { ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "AdminUpdateFauxDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+            { CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "CuratorUpdateFauxDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+            { EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "EditorUpdateFauxDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+            { SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "SelfEditorUpdateFauxDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4,5)) },
             
         });
     }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index ee5f8c5d02..65508595c5 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -9,6 +9,8 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
 import org.apache.jena.shared.Lock;
@@ -94,18 +96,52 @@ public class PolicyTest {
     public static final String EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_publish_data_property.n3";
     public static final String EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_publish_class.n3";
     
+    public static final String ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_display_faux_object_property.n3";
+    public static final String CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_display_faux_object_property.n3";
+    public static final String EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_display_faux_object_property.n3";
+    public static final String SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_display_faux_object_property.n3";
+    public static final String PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_display_faux_object_property.n3";
+
+    public static final String ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_publish_faux_object_property.n3";
+    public static final String CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_publish_faux_object_property.n3";
+    public static final String EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_publish_faux_object_property.n3";
+    public static final String SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_publish_faux_object_property.n3";
+   
+    public static final String ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_update_faux_object_property.n3";
+    public static final String CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_update_faux_object_property.n3";
+    public static final String EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_update_faux_object_property.n3";
+    public static final String SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_update_faux_object_property.n3";
+    
+    public static final String ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_display_faux_data_property.n3";
+    public static final String CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_display_faux_data_property.n3";
+    public static final String EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_display_faux_data_property.n3";
+    public static final String SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_display_faux_data_property.n3";
+    public static final String PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_display_faux_data_property.n3";
+
+    public static final String ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_publish_faux_data_property.n3";
+    public static final String CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_publish_faux_data_property.n3";
+    public static final String EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_publish_faux_data_property.n3";
+    public static final String SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_publish_faux_data_property.n3";
+   
+    public static final String ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_update_faux_data_property.n3";
+    public static final String CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_update_faux_data_property.n3";
+    public static final String EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_update_faux_data_property.n3";
+    public static final String SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_update_faux_data_property.n3";
+    
     protected static final String TEST_RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
     protected static final List<String> ROLE_LIST = Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI);
     public static final String PREFIX = "https://vivoweb.org/ontology/vitro-application/auth/individual/";
     public static final String DATASET = "_dataset";
     public static final String EXT = ".n3";
     
-    private Model model;
+    private static final Log log = LogFactory.getLog(PolicyTest.class);
+
+    protected Model userAccountsModel;
     protected PolicyLoader loader;
 
     @Before
     public void init() {
-        model = ModelFactory.createDefaultModel();
+        userAccountsModel = ModelFactory.createDefaultModel();
         load(ATTRIBUTES_PATH);
         load(OPERATIONS_PATH);
         load(OPERATION_GROUPS);
@@ -116,29 +152,135 @@ public void init() {
         load(TEST_VALUES_PATH);
         load(TEST_DECISIONS);
         
-        PolicyLoader.initialize(model);
+        PolicyLoader.initialize(userAccountsModel);
         loader = PolicyLoader.getInstance();
     }
     
-    protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, int attCount) {
+    protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<Integer> attrCount) {
         assertTrue(policy != null);
         Set<AccessRule> rules = policy.getRules();
         Map<String, AccessRule> ruleMap = rules.stream().collect(Collectors.toMap( r -> r.getRuleUri(), r -> r));
+        if(ruleCount != ruleMap.size()) {
+            log.error(String.format("Rules count %s doesn't match for policy %s", ruleMap.size(), policy.getUri()));
+            for (AccessRule ar : ruleMap.values()) {
+                log.error(String.format("Rule uri %s", ar.getRuleUri()));
+            }
+        }
         assertEquals(ruleCount, ruleMap.size());
         for (AccessRule ar : ruleMap.values()) {
-            assertEquals(attCount, ar.getAttributes().size());
+            if(!attrCount.contains(ar.getAttributes().size())) {
+                log.error(String.format("Attribute count %s doesn't match for policy %s", ar.getAttributes().size(), policy.getUri()));
+                for (String att : ar.getAttributeUris()) {
+                    log.error(String.format("Attribute uri %s", att));
+                }
+            }
+            assertTrue(attrCount.contains(ar.getAttributes().size()));
             for (Attribute att : ar.getAttributes().values()) {
                 assertTrue(att.getValues().size() > 0); 
             }
         }
     }
     
+    protected void loadAllEntityPolicies() {
+        load(ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH);
+        load(ADMIN_DISPLAY_DATA_PROP_POLICY_PATH);
+        load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
+        
+        load(CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH);
+        load(CURATOR_DISPLAY_DATA_PROP_POLICY_PATH);
+        load(CURATOR_DISPLAY_CLASS_POLICY_PATH);
+        
+        load(PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH);
+        load(PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH);
+        load(PUBLIC_DISPLAY_CLASS_POLICY_PATH);
+        
+        load(SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH);
+        load(SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH);
+        load(SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH);
+        
+        load(EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH);
+        load(EDITOR_DISPLAY_DATA_PROP_POLICY_PATH);
+        load(EDITOR_DISPLAY_CLASS_POLICY_PATH);
+        
+        load(ADMIN_UPDATE_OBJ_PROP_POLICY_PATH);
+        load(ADMIN_UPDATE_DATA_PROP_POLICY_PATH);
+        load(ADMIN_UPDATE_CLASS_POLICY_PATH);
+        
+        load(CURATOR_UPDATE_OBJ_PROP_POLICY_PATH);
+        load(CURATOR_UPDATE_DATA_PROP_POLICY_PATH);
+        load(CURATOR_UPDATE_CLASS_POLICY_PATH);
+        
+        load(PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH);
+        load(PUBLIC_UPDATE_DATA_PROP_POLICY_PATH);
+        load(PUBLIC_UPDATE_CLASS_POLICY_PATH);
+        
+        load(SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH);
+        load(SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH);
+        load(SELF_EDITOR_UPDATE_CLASS_POLICY_PATH);
+
+        load(EDITOR_UPDATE_OBJ_PROP_POLICY_PATH);
+        load(EDITOR_UPDATE_DATA_PROP_POLICY_PATH);
+        load(EDITOR_UPDATE_CLASS_POLICY_PATH);
+        
+        load(ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH);
+        load(ADMIN_PUBLISH_DATA_PROP_POLICY_PATH);
+        load(ADMIN_PUBLISH_CLASS_POLICY_PATH);
+        
+        load(CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH);
+        load(CURATOR_PUBLISH_DATA_PROP_POLICY_PATH);
+        load(CURATOR_PUBLISH_CLASS_POLICY_PATH);
+        
+        load(SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH);
+        load(SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH);
+        load(SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH);
+        
+        load(EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH);
+        load(EDITOR_PUBLISH_DATA_PROP_POLICY_PATH);
+        load(EDITOR_PUBLISH_CLASS_POLICY_PATH);
+        
+        load(ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        load(CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        load(EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        load(SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        load(PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        
+        load(ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        load(CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        load(EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        load(SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        
+        load(ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        load(CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        load(EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        load(SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH);
+        
+        load(ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH);
+        load(CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH);
+        load(EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH);
+        load(SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH);
+        load(PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH);
+        
+        load(ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH);
+        load(CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH);
+        load(EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH);
+        load(SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH);
+        
+        load(ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH);
+        load(CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH);
+        load(EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH);
+        load(SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH);
+    }
+    
     protected void load(String filePath) {
+        load(userAccountsModel, filePath);
+    }
+    
+    protected void load(Model m, String filePath) {
         try {
-            model.enterCriticalSection(Lock.WRITE);
-            model.read(filePath);
+            m.enterCriticalSection(Lock.WRITE);
+            m.read(filePath);
         } finally {
-            model.leaveCriticalSection();
+            m.leaveCriticalSection();
         }
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
index 59ec2d95ff..eee0dc4360 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
@@ -3,6 +3,8 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
+import java.util.Collections;
+
 import org.junit.Test;
 
 public class RootUserPolicyTest extends PolicyTest{
@@ -16,6 +18,6 @@ public void testLoadRootUserPolicy() {
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
         assertEquals(10000, policy.getPriority());
-        countRulesAndAttributes(policy, 1, 1);
+        countRulesAndAttributes(policy, 1, Collections.singleton(1));
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
new file mode 100644
index 0000000000..75c7462141
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
@@ -0,0 +1,75 @@
+package edu.cornell.mannlib.vitro.webapp.migration.auth;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.ModelFactory;
+import org.junit.Before;
+import org.junit.Test;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
+
+public class AuthMigratorTest extends PolicyTest {
+    
+    private static final String TEST_MIGRATION_RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/";
+    private static final String CONTENT = TEST_MIGRATION_RESOURCES_PREFIX + "content.n3";
+    private static final String CONFIGURATRION = TEST_MIGRATION_RESOURCES_PREFIX + "configuration.n3";
+
+    private Model contentModel;
+    private Model configurationModel;
+    private AuthMigrator migrator;
+
+    @Before 
+    public void initMigrationTest() {
+        contentModel = ModelFactory.createDefaultModel();
+        configurationModel = ModelFactory.createDefaultModel();
+        migrator = new AuthMigrator();
+        migrator.initialize(new RDFServiceModel(contentModel), new RDFServiceModel(configurationModel));
+        loadAllEntityPolicies();
+        load(configurationModel, CONFIGURATRION);
+        load(contentModel, CONTENT);
+    }
+    
+    
+    @Test
+    public void testGetAnnotationConfigs() {
+        Map<String, Map<OperationGroup, Set<String>>> configs = migrator.getObjectPropertyAnnotations();
+        Set<String> ops = configs.keySet();
+        assertEquals(1, configs.size());
+        configs = migrator.getDataPropertyAnnotations();
+        Set<String> dps = configs.keySet();
+        assertEquals(1, configs.size());
+        configs = migrator.getClassAnnotations();
+        assertEquals(2, configs.size());
+        configs = migrator.getFauxObjectPropertyAnnotations(ops);
+        assertEquals(1, configs.size());
+        configs = migrator.getFauxDataPropertyAnnotations(dps);
+        assertEquals(1, configs.size());
+    }
+    
+    @Test
+    public void testConvertAnnotationConfiguration() {
+        Model tmpModel = ModelFactory.createDefaultModel();
+        tmpModel.add(userAccountsModel);
+        long initialSize = userAccountsModel.size();
+        migrator.convertAnnotationConfiguration();
+        assertTrue(userAccountsModel.size() > initialSize);
+        Model diff = userAccountsModel.difference(tmpModel);
+        try(ByteArrayOutputStream baos = new ByteArrayOutputStream()){
+            diff.write(baos, "TTL");
+            String newData = baos.toString();
+            //System.out.println(newData);
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+       
+    }
+}
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/configuration.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/configuration.n3
new file mode 100644
index 0000000000..3d617f0ca6
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/configuration.n3
@@ -0,0 +1,36 @@
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix : <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#> .
+@prefix display: <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix datagetter: <java:edu/cornell/mannlib/vitro/webapp/utils/datagetter/> .
+@prefix vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> .
+@prefix role:  <http://vitro.mannlib.cornell.edu/ns/vitro/role#> .
+@prefix local: <http://vitro.mannlib.cornell.edu/ns/vitro/siteConfig/> .
+@prefix vivo: <http://vivoweb.org/ontology/core#> .
+@prefix obo: <http://purl.obolibrary.org/obo/> .
+
+@base <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration> .
+
+local:orgAdministersGrantContext a :ConfigContext ;
+    :hasConfiguration local:orgAdministersGrantConfig ;
+    :configContextFor <http://purl.obolibrary.org/obo/RO_0000053> ;
+    .
+
+local:orgAdministersGrantConfig a :ObjectPropertyDisplayConfig ;
+    vitro:hiddenFromDisplayBelowRoleLevelAnnot role:public ;
+    vitro:hiddenFromPublishBelowRoleLevelAnnot role:dbAdmin ;
+    vitro:prohibitedFromUpdateBelowRoleLevelAnnot role:selfEditor ;
+    .
+
+<http://vitro.mannlib.cornell.edu/ns/vitro/siteConfig/fp985> a :ConfigContext ;
+        :configContextFor vivo:abbreviation ;
+        :hasConfiguration <http://vitro.mannlib.cornell.edu/ns/vitro/siteConfig/fp396> ;
+        .
+
+<http://vitro.mannlib.cornell.edu/ns/vitro/siteConfig/fp396> a :ObjectPropertyDisplayConfig ;
+        vitro:hiddenFromDisplayBelowRoleLevelAnnot role:editor ;
+        vitro:hiddenFromPublishBelowRoleLevelAnnot role:curator ;
+        vitro:prohibitedFromUpdateBelowRoleLevelAnnot role:nobody ;
+        .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/content.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/content.n3
new file mode 100644
index 0000000000..5a70854a50
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/content.n3
@@ -0,0 +1,47 @@
+@prefix ocrer: <http://purl.org/net/OCRe/research.owl#> .
+@prefix owl:   <http://www.w3.org/2002/07/owl#> .
+@prefix scires: <http://vivoweb.org/ontology/scientific-research#> .
+@prefix xsd:   <http://www.w3.org/2001/XMLSchema#> .
+@prefix skos:  <http://www.w3.org/2004/02/skos/core#> .
+@prefix rdfs:  <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix ocresd: <http://purl.org/net/OCRe/study_design.owl#> .
+@prefix swo:   <http://www.ebi.ac.uk/efo/swo/> .
+@prefix cito:  <http://purl.org/spar/cito/> .
+@prefix geo:   <http://aims.fao.org/aos/geopolitical.owl#> .
+@prefix ocresst: <http://purl.org/net/OCRe/statistics.owl#> .
+@prefix dcterms: <http://purl.org/dc/terms/> .
+@prefix vivo:  <http://vivoweb.org/ontology/core#> .
+@prefix event: <http://purl.org/NET/c4dm/event.owl#> .
+@prefix vann:  <http://purl.org/vocab/vann/> .
+@prefix foaf:  <http://xmlns.com/foaf/0.1/> .
+@prefix c4o:   <http://purl.org/spar/c4o/> .
+@prefix fabio: <http://purl.org/spar/fabio/> .
+@prefix vcard: <http://www.w3.org/2006/vcard/ns#> .
+@prefix vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> .
+@prefix vitro-public: <http://vitro.mannlib.cornell.edu/ns/vitro/public#> .
+@prefix rdf:   <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix ocresp: <http://purl.org/net/OCRe/study_protocol.owl#> .
+@prefix bibo:  <http://purl.org/ontology/bibo/> .
+@prefix obo:   <http://purl.obolibrary.org/obo/> .
+@prefix ro:    <http://purl.obolibrary.org/obo/ro.owl#> .
+@prefix role:  <http://vitro.mannlib.cornell.edu/ns/vitro/role#> .
+
+obo:RO_0000053  a owl:ObjectProperty ;
+        vitro:hiddenFromDisplayBelowRoleLevelAnnot role:public ;
+        vitro:vitro:hiddenFromPublishBelowRoleLevelAnnot role:selfEditor ;
+        vitro:prohibitedFromUpdateBelowRoleLevelAnnot role:public .
+
+vivo:abbreviation  a owl:DatatypeProperty ;
+        vitro:hiddenFromDisplayBelowRoleLevelAnnot role:curator ;
+        vitro:vitro:hiddenFromPublishBelowRoleLevelAnnot role:dbAdmin;
+        vitro:prohibitedFromUpdateBelowRoleLevelAnnot role:editor .
+                
+foaf:Organization  a owl:Class ;
+        vitro:hiddenFromDisplayBelowRoleLevelAnnot role:nobody ;
+        vitro:vitro:hiddenFromPublishBelowRoleLevelAnnot role:editor;
+        vitro:prohibitedFromUpdateBelowRoleLevelAnnot role:nobody .
+                
+foaf:Person a owl:Class ;
+        vitro:hiddenFromDisplayBelowRoleLevelAnnot role:editor ;
+        vitro:vitro:hiddenFromPublishBelowRoleLevelAnnot role:nobody ;
+        vitro:prohibitedFromUpdateBelowRoleLevelAnnot role:editor .
diff --git a/home/src/main/resources/rdf/auth/everytime/attributes.n3 b/home/src/main/resources/rdf/auth/everytime/attributes.n3
index d2b8f976a6..2143727c2c 100644
--- a/home/src/main/resources/rdf/auth/everytime/attributes.n3
+++ b/home/src/main/resources/rdf/auth/everytime/attributes.n3
@@ -112,6 +112,16 @@ ai:DataPropertyStatementTypeAttribute rdf:type ao:Attribute ;
          ao:type ai:ObjectType ;
          ao:value ai:DataPropertyStatementAccesObject .
 
+ai:FauxObjectPropertyStatementTypeAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectType ;
+         ao:value ai:FauxObjectPropertyStatementAccesObject .
+         
+ai:FauxDataPropertyStatementTypeAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectType ;
+         ao:value ai:FauxDataPropertyStatementAccesObject .
+
 ai:NamedObjectTypeAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
          ao:type ai:ObjectType ;
@@ -122,6 +132,16 @@ ai:ClassTypeAttribute rdf:type ao:Attribute ;
          ao:type ai:ObjectType ;
          ao:value ai:Class .
          
+ai:FauxObjectPropertyTypeAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectType ;
+         ao:value ai:FauxObjectPropertyAccesObject .
+
+ai:FauxDataPropertyTypeAttribute rdf:type ao:Attribute ;
+         ao:test ai:Equals ;
+         ao:type ai:ObjectType ;
+         ao:value ai:FauxDataPropertyAccesObject .
+
 ai:SelfEditorRelatedResourcesAttribute rdf:type ao:Attribute ;
          ao:test ai:SparqlSelectQueryContains ;
          ao:type ai:StatementSubjectUri ;
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_data_property.n3
new file mode 100644
index 0000000000..8b44b561e5
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminDisplayFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminDisplayFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:AdminDisplayFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:AdminDisplayFauxDataPropertyPolicyKey .
+
+ai:AdminDisplayFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminDisplayObjectStatementPropertyRule ;
+          ao:rule ai:AllowAdminDisplayFauxDataPropertyRule .
+
+ai:AdminDisplayFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminDisplayFauxDataPropertyDataset .
+
+ai:AdminDisplayFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminDisplayFauxDataPropertyTestData .
+          
+ai:AdminDisplayFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowAdminDisplayFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:AdminDisplayFauxDataPropertyAttribute .
+
+ai:AllowAdminDisplayObjectStatementPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminDisplayFauxDataPropertyStatementAttribute .
+         
+ai:AdminDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:AdminDisplayFauxDataPropertyTestData .
+         
+ai:AdminDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminDisplayFauxDataPropertyTestData .
+         
+ai:AdminDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_object_property.n3
index 44c1a38724..0393fd3a89 100644
--- a/home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_object_property.n3
@@ -13,7 +13,7 @@ ai:AdminDisplayFauxObjectPropertyPolicy rdf:type ao:Policy ;
           ao:policyKey ai:AdminDisplayFauxObjectPropertyPolicyKey .
 
 ai:AdminDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminDisplayFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowAdminDisplayObjectStatementPropertyRule ;
           ao:rule ai:AllowAdminDisplayFauxObjectPropertyRule .
 
 ai:AdminDisplayFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
@@ -33,7 +33,7 @@ ai:AllowAdminDisplayFauxObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:FauxObjectPropertyTypeAttribute ;
           ao:attribute ai:AdminDisplayFauxObjectPropertyAttribute .
 
-ai:AllowAdminDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
+ai:AllowAdminDisplayObjectStatementPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
           ao:attribute ai:DisplayOperationAttribute ;
           ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_faux_data_property.n3
new file mode 100644
index 0000000000..40dad09966
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_faux_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminPublishFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminPublishFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:AdminPublishFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:AdminPublishFauxDataPropertyPolicyKey .
+
+ai:AdminPublishFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminPublishFauxDataPropertyStatementRule ;
+          ao:rule ai:AllowAdminPublishFauxDataPropertyRule .
+
+ai:AdminPublishFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminPublishFauxDataPropertyDataset .
+
+ai:AdminPublishFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminPublishFauxDataPropertyTestData .
+          
+ai:AdminPublishFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowAdminPublishFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:AdminPublishFauxDataPropertyAttribute .
+
+ai:AllowAdminPublishFauxDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminPublishFauxDataPropertyStatementAttribute .
+         
+ai:AdminPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:AdminPublishFauxDataPropertyTestData .
+
+ai:AdminPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminPublishFauxDataPropertyTestData .
+         
+ai:AdminPublishFauxDataPropertyTestData rdf:type ao:TestData ;
+   .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_faux_object_property.n3
new file mode 100644
index 0000000000..d959a9073e
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_faux_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminPublishFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminPublishFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:AdminPublishFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:AdminPublishFauxObjectPropertyPolicyKey .
+
+ai:AdminPublishFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminPublishFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowAdminPublishFauxObjectPropertyRule .
+
+ai:AdminPublishFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminPublishFauxObjectPropertyDataset .
+
+ai:AdminPublishFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminPublishFauxObjectPropertyTestData .
+          
+ai:AdminPublishFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowAdminPublishFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:AdminPublishFauxObjectPropertyAttribute .
+
+ai:AllowAdminPublishFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminPublishFauxObjectPropertyStatementAttribute .
+         
+ai:AdminPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:AdminPublishFauxObjectPropertyTestData .
+
+ai:AdminPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminPublishFauxObjectPropertyTestData .
+         
+ai:AdminPublishFauxObjectPropertyTestData rdf:type ao:TestData ;
+   .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_faux_data_property.n3
new file mode 100644
index 0000000000..a31bd25acf
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_faux_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminUpdateFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminUpdateFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:AdminUpdateFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:AdminUpdateFauxDataPropertyPolicyKey .
+
+ai:AdminUpdateFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminUpdateFauxDataPropertyRule ;
+          ao:rule ai:AllowAdminUpdateEditAddDropFauxDataPropertyStatementRule .
+
+ai:AdminUpdateFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminUpdateFauxDataPropertyDataset .
+
+ai:AdminUpdateFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminUpdateFauxDataPropertyTestData .
+          
+ai:AdminUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowAdminUpdateFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:AdminUpdateFauxDataPropertyAttribute .
+
+ai:AllowAdminUpdateEditAddDropFauxDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminUpdateFauxDataPropertyStatementAttribute .
+
+ai:AdminUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:AdminUpdateFauxDataPropertyTestData .
+
+ai:AdminUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminUpdateFauxDataPropertyTestData .
+         
+ai:AdminUpdateFauxDataPropertyTestData rdf:type ao:TestData ;
+      .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_faux_object_property.n3
new file mode 100644
index 0000000000..bfd58555fc
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_faux_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:AdminUpdateFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:AdminUpdateFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:AdminUpdateFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:AdminUpdateFauxObjectPropertyPolicyKey .
+
+ai:AdminUpdateFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowAdminUpdateFauxObjectPropertyRule ;
+          ao:rule ai:AllowAdminUpdateEditAddDropFauxObjectPropertyStatementRule .
+
+ai:AdminUpdateFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:AdminUpdateFauxObjectPropertyDataset .
+
+ai:AdminUpdateFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:AdminUpdateFauxObjectPropertyTestData .
+          
+ai:AdminUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:ADMIN ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowAdminUpdateFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:AdminUpdateFauxObjectPropertyAttribute .
+
+ai:AllowAdminUpdateEditAddDropFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:AdminUpdateFauxObjectPropertyStatementAttribute .
+
+ai:AdminUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:AdminUpdateFauxObjectPropertyTestData .
+
+ai:AdminUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:AdminUpdateFauxObjectPropertyTestData .
+         
+ai:AdminUpdateFauxObjectPropertyTestData rdf:type ao:TestData ;
+      .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
index 0565231976..7e8d6d42e5 100644
--- a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
+++ b/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
@@ -13,7 +13,7 @@ ai:AdminUpdateObjectPropertyPolicy rdf:type ao:Policy ;
           ao:policyKey ai:AdminUpdateObjectPropertyPolicyKey .
 
 ai:AdminUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminUpdateObjectPropertyStatementRule ;
+          ao:rule ai:AllowAdminUpdateObjectPropertyRule ;
           ao:rule ai:AllowAdminUpdateEditAddDropObjectPropertyStatementRule .
 
 ai:AdminUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_display_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_display_faux_data_property.n3
new file mode 100644
index 0000000000..5a3ee2ba10
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_display_faux_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorDisplayFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorDisplayFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:CuratorDisplayFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:CuratorDisplayFauxDataPropertyPolicyKey .
+
+ai:CuratorDisplayFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorDisplayFauxDataPropertyStatementRule ;
+          ao:rule ai:AllowCuratorDisplayFauxDataPropertyRule .
+
+ai:CuratorDisplayFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorDisplayFauxDataPropertyDataset .
+
+ai:CuratorDisplayFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorDisplayFauxDataPropertyTestData .
+          
+ai:CuratorDisplayFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowCuratorDisplayFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:CuratorDisplayFauxDataPropertyAttribute .
+
+ai:AllowCuratorDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:CuratorDisplayFauxDataPropertyStatementAttribute .
+         
+ai:CuratorDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:CuratorDisplayFauxDataPropertyTestData .
+         
+ai:CuratorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorDisplayFauxDataPropertyTestData .
+         
+ai:CuratorDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_display_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_display_faux_object_property.n3
new file mode 100644
index 0000000000..5eabe48aa8
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_display_faux_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorDisplayFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorDisplayFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:CuratorDisplayFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:CuratorDisplayFauxObjectPropertyPolicyKey .
+
+ai:CuratorDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorDisplayFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowCuratorDisplayFauxObjectPropertyRule .
+
+ai:CuratorDisplayFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorDisplayFauxObjectPropertyDataset .
+
+ai:CuratorDisplayFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorDisplayFauxObjectPropertyTestData .
+          
+ai:CuratorDisplayFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowCuratorDisplayFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:CuratorDisplayFauxObjectPropertyAttribute .
+
+ai:AllowCuratorDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:CuratorDisplayFauxObjectPropertyStatementAttribute .
+         
+ai:CuratorDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:CuratorDisplayFauxObjectPropertyTestData .
+         
+ai:CuratorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorDisplayFauxObjectPropertyTestData .
+         
+ai:CuratorDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_faux_data_property.n3
new file mode 100644
index 0000000000..ad23aa5048
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_faux_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorPublishFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorPublishFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:CuratorPublishFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:CuratorPublishFauxDataPropertyPolicyKey .
+
+ai:CuratorPublishFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorPublishFauxDataPropertyStatementRule ;
+          ao:rule ai:AllowCuratorPublishFauxDataPropertyRule .
+
+ai:CuratorPublishFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorPublishFauxDataPropertyDataset .
+
+ai:CuratorPublishFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorPublishFauxDataPropertyTestData .
+          
+ai:CuratorPublishFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowCuratorPublishFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:CuratorPublishFauxDataPropertyAttribute .
+
+ai:AllowCuratorPublishFauxDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:CuratorPublishFauxDataPropertyStatementAttribute .
+         
+ai:CuratorPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:CuratorPublishFauxDataPropertyTestData .
+         
+ai:CuratorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorPublishFauxDataPropertyTestData .
+         
+ai:CuratorPublishFauxDataPropertyTestData rdf:type ao:TestData ;
+     .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_faux_object_property.n3
new file mode 100644
index 0000000000..8302eeb844
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_faux_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorPublishFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorPublishFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:CuratorPublishFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:CuratorPublishFauxObjectPropertyPolicyKey .
+
+ai:CuratorPublishFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorPublishFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowCuratorPublishFauxObjectPropertyRule .
+
+ai:CuratorPublishFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorPublishFauxObjectPropertyDataset .
+
+ai:CuratorPublishFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorPublishFauxObjectPropertyTestData .
+          
+ai:CuratorPublishFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowCuratorPublishFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:CuratorPublishFauxObjectPropertyAttribute .
+
+ai:AllowCuratorPublishFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:CuratorPublishFauxObjectPropertyStatementAttribute .
+         
+ai:CuratorPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:CuratorPublishFauxObjectPropertyTestData .
+         
+ai:CuratorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorPublishFauxObjectPropertyTestData .
+         
+ai:CuratorPublishFauxObjectPropertyTestData rdf:type ao:TestData ;
+     .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_update_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_update_faux_data_property.n3
new file mode 100644
index 0000000000..176dae345f
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_update_faux_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorUpdateFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorUpdateFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:CuratorUpdateFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:CuratorUpdateFauxDataPropertyPolicyKey .
+
+ai:CuratorUpdateFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorUpdateFauxDataPropertyStatementRule ;
+          ao:rule ai:AllowCuratorUpdateFauxDataPropertyRule .
+
+ai:CuratorUpdateFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorUpdateFauxDataPropertyDataset .
+
+ai:CuratorUpdateFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorUpdateFauxDataPropertyTestData .
+          
+ai:CuratorUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowCuratorUpdateFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:CuratorUpdateFauxDataPropertyAttribute .
+
+ai:AllowCuratorUpdateFauxDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:CuratorUpdateFauxDataPropertyStatementAttribute .
+         
+ai:CuratorUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:CuratorUpdateFauxDataPropertyTestData .
+
+ai:CuratorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorUpdateFauxDataPropertyTestData .
+         
+ai:CuratorUpdateFauxDataPropertyTestData rdf:type ao:TestData ;
+      .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_update_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_curator_update_faux_object_property.n3
new file mode 100644
index 0000000000..f0c1a1a932
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_curator_update_faux_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:CuratorUpdateFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:CuratorUpdateFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:CuratorUpdateFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:CuratorUpdateFauxObjectPropertyPolicyKey .
+
+ai:CuratorUpdateFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowCuratorUpdateFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowCuratorUpdateFauxObjectPropertyRule .
+
+ai:CuratorUpdateFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:CuratorUpdateFauxObjectPropertyDataset .
+
+ai:CuratorUpdateFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:CuratorUpdateFauxObjectPropertyTestData .
+          
+ai:CuratorUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:CURATOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowCuratorUpdateFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:CuratorUpdateFauxObjectPropertyAttribute .
+
+ai:AllowCuratorUpdateFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:CuratorUpdateFauxObjectPropertyStatementAttribute .
+         
+ai:CuratorUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:CuratorUpdateFauxObjectPropertyTestData .
+
+ai:CuratorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:CuratorUpdateFauxObjectPropertyTestData .
+         
+ai:CuratorUpdateFauxObjectPropertyTestData rdf:type ao:TestData ;
+      .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_display_faux_data_property.n3
new file mode 100644
index 0000000000..36a5622606
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_display_faux_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorDisplayFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorDisplayFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:EditorDisplayFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:EditorDisplayFauxDataPropertyPolicyKey .
+
+ai:EditorDisplayFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorDisplayFauxDataPropertyStatementRule ;
+          ao:rule ai:AllowEditorDisplayFauxDataPropertyRule .
+
+ai:EditorDisplayFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorDisplayFauxDataPropertyDataset .
+
+ai:EditorDisplayFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorDisplayFauxDataPropertyTestData .
+          
+ai:EditorDisplayFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowEditorDisplayFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:EditorDisplayFauxDataPropertyAttribute .
+
+ai:AllowEditorDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:EditorDisplayFauxDataPropertyStatementAttribute .
+         
+ai:EditorDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:EditorDisplayFauxDataPropertyTestData .
+         
+ai:EditorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorDisplayFauxDataPropertyTestData .
+         
+ai:EditorDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_display_faux_object_property.n3
new file mode 100644
index 0000000000..1ee636931f
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_display_faux_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorDisplayFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorDisplayFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:EditorDisplayFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:EditorDisplayFauxObjectPropertyPolicyKey .
+
+ai:EditorDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorDisplayFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowEditorDisplayFauxObjectPropertyRule .
+
+ai:EditorDisplayFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorDisplayFauxObjectPropertyDataset .
+
+ai:EditorDisplayFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorDisplayFauxObjectPropertyTestData .
+          
+ai:EditorDisplayFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowEditorDisplayFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:EditorDisplayFauxObjectPropertyAttribute .
+
+ai:AllowEditorDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:EditorDisplayFauxObjectPropertyStatementAttribute .
+         
+ai:EditorDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:EditorDisplayFauxObjectPropertyTestData .
+         
+ai:EditorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorDisplayFauxObjectPropertyTestData .
+         
+ai:EditorDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_faux_data_property.n3
new file mode 100644
index 0000000000..e895701d7b
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_faux_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorPublishFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorPublishFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:EditorPublishFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:EditorPublishFauxDataPropertyPolicyKey .
+
+ai:EditorPublishFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorPublishFauxDataPropertyStatementRule ;
+          ao:rule ai:AllowEditorPublishFauxDataPropertyRule .
+
+ai:EditorPublishFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorPublishFauxDataPropertyDataset .
+
+ai:EditorPublishFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorPublishFauxDataPropertyTestData .
+          
+ai:EditorPublishFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowEditorPublishFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:EditorPublishFauxDataPropertyAttribute .
+
+ai:AllowEditorPublishFauxDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:EditorPublishFauxDataPropertyStatementAttribute .
+         
+ai:EditorPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:EditorPublishFauxDataPropertyTestData .
+
+ai:EditorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorPublishFauxDataPropertyTestData .
+         
+ai:EditorPublishFauxDataPropertyTestData rdf:type ao:TestData ;
+      .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_faux_object_property.n3
new file mode 100644
index 0000000000..d45baf60ba
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_faux_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorPublishFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorPublishFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:EditorPublishFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:EditorPublishFauxObjectPropertyPolicyKey .
+
+ai:EditorPublishFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorPublishFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowEditorPublishFauxObjectPropertyRule .
+
+ai:EditorPublishFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorPublishFauxObjectPropertyDataset .
+
+ai:EditorPublishFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorPublishFauxObjectPropertyTestData .
+          
+ai:EditorPublishFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowEditorPublishFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:EditorPublishFauxObjectPropertyAttribute .
+
+ai:AllowEditorPublishFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:EditorPublishFauxObjectPropertyStatementAttribute .
+         
+ai:EditorPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:EditorPublishFauxObjectPropertyTestData .
+
+ai:EditorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorPublishFauxObjectPropertyTestData .
+         
+ai:EditorPublishFauxObjectPropertyTestData rdf:type ao:TestData ;
+      .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_update_faux_data_property.n3
new file mode 100644
index 0000000000..ea2dd3c33a
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_update_faux_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorUpdateFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorUpdateFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:EditorUpdateFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:EditorUpdateFauxDataPropertyPolicyKey .
+
+ai:EditorUpdateFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorUpdateFauxDataPropertyStatementRule ;
+          ao:rule ai:AllowEditorUpdateFauxDataPropertyRule .
+
+ai:EditorUpdateFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorUpdateFauxDataPropertyDataset .
+
+ai:EditorUpdateFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorUpdateFauxDataPropertyTestData .
+          
+ai:EditorUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowEditorUpdateFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:EditorUpdateFauxDataPropertyAttribute .
+
+ai:AllowEditorUpdateFauxDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:EditorUpdateFauxDataPropertyStatementAttribute .
+         
+ai:EditorUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:EditorUpdateFauxDataPropertyTestData .
+
+ai:EditorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorUpdateFauxDataPropertyTestData .
+         
+ai:EditorUpdateFauxDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_editor_update_faux_object_property.n3
new file mode 100644
index 0000000000..917901e9ab
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_editor_update_faux_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:EditorUpdateFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:EditorUpdateFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:EditorUpdateFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:EditorUpdateFauxObjectPropertyPolicyKey .
+
+ai:EditorUpdateFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditorUpdateFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowEditorUpdateFauxObjectPropertyRule .
+
+ai:EditorUpdateFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:EditorUpdateFauxObjectPropertyDataset .
+
+ai:EditorUpdateFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:EditorUpdateFauxObjectPropertyTestData .
+          
+ai:EditorUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:EDITOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowEditorUpdateFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:EditorUpdateFauxObjectPropertyAttribute .
+
+ai:AllowEditorUpdateFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:EditorUpdateFauxObjectPropertyStatementAttribute .
+         
+ai:EditorUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:EditorUpdateFauxObjectPropertyTestData .
+
+ai:EditorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:EditorUpdateFauxObjectPropertyTestData .
+         
+ai:EditorUpdateFauxObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_display_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_public_display_faux_data_property.n3
new file mode 100644
index 0000000000..4c8a8e7f1e
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_public_display_faux_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:PublicDisplayFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:PublicDisplayFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:PublicDisplayFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:PublicDisplayFauxDataPropertyPolicyKey .
+
+ai:PublicDisplayFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowPublicDisplayFauxDataPropertyStatementRule ;
+          ao:rule ai:AllowPublicDisplayFauxDataPropertyRule .
+
+ai:PublicDisplayFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:PublicDisplayFauxDataPropertyDataset .
+
+ai:PublicDisplayFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:PublicDisplayFauxDataPropertyTestData .
+          
+ai:PublicDisplayFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:PUBLIC ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowPublicDisplayFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:PublicDisplayFauxDataPropertyAttribute .
+
+ai:AllowPublicDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:PublicDisplayFauxDataPropertyStatementAttribute .
+         
+ai:PublicDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:PublicDisplayFauxDataPropertyTestData .
+         
+ai:PublicDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:PublicDisplayFauxDataPropertyTestData .
+         
+ai:PublicDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_display_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_public_display_faux_object_property.n3
new file mode 100644
index 0000000000..36eac84f37
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_public_display_faux_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:PublicDisplayFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:PublicDisplayFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:PublicDisplayFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:PublicDisplayFauxObjectPropertyPolicyKey .
+
+ai:PublicDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowPublicDisplayFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowPublicDisplayFauxObjectPropertyRule .
+
+ai:PublicDisplayFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:PublicDisplayFauxObjectPropertyDataset .
+
+ai:PublicDisplayFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:PublicDisplayFauxObjectPropertyTestData .
+          
+ai:PublicDisplayFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:PUBLIC ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowPublicDisplayFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:PublicDisplayFauxObjectPropertyAttribute .
+
+ai:AllowPublicDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:PublicDisplayFauxObjectPropertyStatementAttribute .
+         
+ai:PublicDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:PublicDisplayFauxObjectPropertyTestData .
+         
+ai:PublicDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:PublicDisplayFauxObjectPropertyTestData .
+         
+ai:PublicDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_faux_data_property.n3
new file mode 100644
index 0000000000..7103236609
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_faux_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorDisplayFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorDisplayFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:SelfEditorDisplayFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:SelfEditorDisplayFauxDataPropertyPolicyKey .
+
+ai:SelfEditorDisplayFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorDisplayFauxDataPropertyStatementRule ;
+          ao:rule ai:AllowSelfEditorDisplayFauxDataPropertyRule .
+
+ai:SelfEditorDisplayFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorDisplayFauxDataPropertyDataset .
+
+ai:SelfEditorDisplayFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorDisplayFauxDataPropertyTestData .
+          
+ai:SelfEditorDisplayFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowSelfEditorDisplayFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:SelfEditorDisplayFauxDataPropertyAttribute .
+
+ai:AllowSelfEditorDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorDisplayFauxDataPropertyStatementAttribute .
+         
+ai:SelfEditorDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:SelfEditorDisplayFauxDataPropertyTestData .
+         
+ai:SelfEditorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorDisplayFauxDataPropertyTestData .
+         
+ai:SelfEditorDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_faux_object_property.n3
new file mode 100644
index 0000000000..8469d69721
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_faux_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorDisplayFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorDisplayFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:SelfEditorDisplayFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:SelfEditorDisplayFauxObjectPropertyPolicyKey .
+
+ai:SelfEditorDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorDisplayFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowSelfEditorDisplayFauxObjectPropertyRule .
+
+ai:SelfEditorDisplayFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorDisplayFauxObjectPropertyDataset .
+
+ai:SelfEditorDisplayFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorDisplayFauxObjectPropertyTestData .
+          
+ai:SelfEditorDisplayFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:DisplayOperationGroup .
+
+ai:AllowSelfEditorDisplayFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:SelfEditorDisplayFauxObjectPropertyAttribute .
+
+ai:AllowSelfEditorDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:DisplayOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorDisplayFauxObjectPropertyStatementAttribute .
+         
+ai:SelfEditorDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:SelfEditorDisplayFauxObjectPropertyTestData .
+         
+ai:SelfEditorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorDisplayFauxObjectPropertyTestData .
+         
+ai:SelfEditorDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
+       .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_faux_data_property.n3
new file mode 100644
index 0000000000..be47dbb565
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_faux_data_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorPublishFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorPublishFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:SelfEditorPublishFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:SelfEditorPublishFauxDataPropertyPolicyKey .
+
+ai:SelfEditorPublishFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorPublishFauxDataPropertyStatementRule ;
+          ao:rule ai:AllowSelfEditorPublishFauxDataPropertyRule .
+
+ai:SelfEditorPublishFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorPublishFauxDataPropertyDataset .
+
+ai:SelfEditorPublishFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorPublishFauxDataPropertyTestData .
+          
+ai:SelfEditorPublishFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowSelfEditorPublishFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:SelfEditorPublishFauxDataPropertyAttribute .
+
+ai:AllowSelfEditorPublishFauxDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorPublishFauxDataPropertyStatementAttribute .
+         
+ai:SelfEditorPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:SelfEditorPublishFauxDataPropertyTestData .
+
+ai:SelfEditorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorPublishFauxDataPropertyTestData .
+         
+ai:SelfEditorPublishFauxDataPropertyTestData rdf:type ao:TestData ;
+   .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_faux_object_property.n3
new file mode 100644
index 0000000000..3e32ddeeae
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_faux_object_property.n3
@@ -0,0 +1,53 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorPublishFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorPublishFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:SelfEditorPublishFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:SelfEditorPublishFauxObjectPropertyPolicyKey .
+
+ai:SelfEditorPublishFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorPublishFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowSelfEditorPublishFauxObjectPropertyRule .
+
+ai:SelfEditorPublishFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorPublishFauxObjectPropertyDataset .
+
+ai:SelfEditorPublishFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorPublishFauxObjectPropertyTestData .
+          
+ai:SelfEditorPublishFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:PublishOperationGroup .
+
+ai:AllowSelfEditorPublishFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:SelfEditorPublishFauxObjectPropertyAttribute .
+
+ai:AllowSelfEditorPublishFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:PublishOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorPublishFauxObjectPropertyStatementAttribute .
+         
+ai:SelfEditorPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:SelfEditorPublishFauxObjectPropertyTestData .
+
+ai:SelfEditorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorPublishFauxObjectPropertyTestData .
+         
+ai:SelfEditorPublishFauxObjectPropertyTestData rdf:type ao:TestData ;
+   .
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_faux_data_property.n3
new file mode 100644
index 0000000000..2f86cd350f
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_faux_data_property.n3
@@ -0,0 +1,55 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorUpdateFauxDataPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorUpdateFauxDataPropertyRuleSet ;
+          ao:testDatasets ai:SelfEditorUpdateFauxDataPropertyTestDatasets ;
+          ao:policyKey ai:SelfEditorUpdateFauxDataPropertyPolicyKey .
+
+ai:SelfEditorUpdateFauxDataPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorUpdateFauxDataPropertyStatementRule ;
+          ao:rule ai:AllowSelfEditorUpdateFauxDataPropertyRule .
+
+ai:SelfEditorUpdateFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorUpdateFauxDataPropertyDataset .
+
+ai:SelfEditorUpdateFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorUpdateFauxDataPropertyTestData .
+          
+ai:SelfEditorUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxDataPropertyAccesObject ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowSelfEditorUpdateFauxDataPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyTypeAttribute ;
+          ao:attribute ai:SelfEditorUpdateFauxDataPropertyAttribute .
+
+ai:AllowSelfEditorUpdateFauxDataPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorRelatedResourcesAttribute ;
+          ao:attribute ai:SelfEditorUpdateFauxDataPropertyStatementAttribute .
+         
+ai:SelfEditorUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:SelfEditorUpdateFauxDataPropertyTestData .
+
+ai:SelfEditorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorUpdateFauxDataPropertyTestData .
+         
+ai:SelfEditorUpdateFauxDataPropertyTestData rdf:type ao:TestData ;
+       .
+       
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_faux_object_property.n3
new file mode 100644
index 0000000000..b3f6896b05
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_faux_object_property.n3
@@ -0,0 +1,55 @@
+# $This file is distributed under the terms of the license in LICENSE$
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+ai:SelfEditorUpdateFauxObjectPropertyPolicy rdf:type ao:Policy ;
+          ao:rules ai:SelfEditorUpdateFauxObjectPropertyRuleSet ;
+          ao:testDatasets ai:SelfEditorUpdateFauxObjectPropertyTestDatasets ;
+          ao:policyKey ai:SelfEditorUpdateFauxObjectPropertyPolicyKey .
+
+ai:SelfEditorUpdateFauxObjectPropertyRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowSelfEditorUpdateFauxObjectPropertyStatementRule ;
+          ao:rule ai:AllowSelfEditorUpdateFauxObjectPropertyRule .
+
+ai:SelfEditorUpdateFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
+          ao:testDataset ai:SelfEditorUpdateFauxObjectPropertyDataset .
+
+ai:SelfEditorUpdateFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+          ao:testData ai:SelfEditorUpdateFauxObjectPropertyTestData .
+          
+ai:SelfEditorUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
+          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+          ao:keyComponent auth:SELF_EDITOR ;
+          ao:keyComponent ai:UpdateOperationGroup .
+
+ai:AllowSelfEditorUpdateFauxObjectPropertyRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
+          ao:attribute ai:SelfEditorUpdateFauxObjectPropertyAttribute .
+
+ai:AllowSelfEditorUpdateFauxObjectPropertyStatementRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:SelfEditorRelatedResourcesAttribute ;
+          ao:attribute ai:SelfEditorUpdateFauxObjectPropertyStatementAttribute .
+         
+ai:SelfEditorUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:StatementPredicateUri ;
+         ao:setValue ai:SelfEditorUpdateFauxObjectPropertyTestData .
+
+ai:SelfEditorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
+         ao:test ai:OneOf ;
+         ao:type ai:ObjectUri ;
+         ao:setValue ai:SelfEditorUpdateFauxObjectPropertyTestData .
+         
+ai:SelfEditorUpdateFauxObjectPropertyTestData rdf:type ao:TestData ;
+       .
+       
diff --git a/webapp/src/main/webapp/WEB-INF/resources/startup_listeners.txt b/webapp/src/main/webapp/WEB-INF/resources/startup_listeners.txt
index 9244f325b6..3938adcb43 100644
--- a/webapp/src/main/webapp/WEB-INF/resources/startup_listeners.txt
+++ b/webapp/src/main/webapp/WEB-INF/resources/startup_listeners.txt
@@ -29,8 +29,6 @@ edu.cornell.mannlib.vitro.webapp.web.images.PlaceholderUtil$Setup
 
 edu.cornell.mannlib.vitro.webapp.servlet.setup.FileGraphSetup
 
-edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator
-
 edu.cornell.mannlib.vitro.webapp.application.ApplicationImpl$ReasonersSetup
 edu.cornell.mannlib.vitro.webapp.servlet.setup.SimpleReasonerSetup
 
@@ -41,6 +39,8 @@ edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionSetsSmokeTest
 
 edu.cornell.mannlib.vitro.webapp.auth.policy.setup.CommonPolicyFamilySetup
 
+edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator
+
 edu.cornell.mannlib.vitro.webapp.auth.RootUserSetup
 
 edu.cornell.mannlib.vitro.webapp.services.shortview.ShortViewServiceSetup

From c02040884dc4725a0b0bb73dd51f3acc32134fad Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Fri, 9 Jun 2023 08:25:53 +0200
Subject: [PATCH 015/148] RDFService

---
 .../webapp/auth/policy/PolicyLoader.java      | 755 +++++++++---------
 .../policy/setup/CommonPolicyFamilySetup.java |   5 +-
 .../webapp/migration/auth/AuthMigrator.java   |   4 +-
 .../webapp/auth/policy/BasicPolicyTest.java   |   5 -
 .../vitro/webapp/auth/policy/PolicyTest.java  |  25 +-
 .../migration/auth/AuthMigratorTest.java      |   7 +-
 6 files changed, 402 insertions(+), 399 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 52a518880a..c4ed1820e0 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -13,10 +13,6 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jena.query.ParameterizedSparqlString;
-import org.apache.jena.query.Query;
-import org.apache.jena.query.QueryExecution;
-import org.apache.jena.query.QueryExecutionFactory;
-import org.apache.jena.query.QueryFactory;
 import org.apache.jena.query.QuerySolution;
 import org.apache.jena.query.ResultSet;
 import org.apache.jena.query.ResultSetFormatter;
@@ -29,185 +25,189 @@
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRuleFactory;
 import edu.cornell.mannlib.vitro.webapp.dao.jena.event.BulkUpdateEvent;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.ChangeSet;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFServiceException;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.ResultSetConsumer;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.adapters.VitroModelFactory;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService.ModelSerializationFormat;
-import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
 
 public class PolicyLoader {
 
     private static final String PRIORITY = "priority";
     public static final String POLICY = "policy";
     private static final Log log = LogFactory.getLog(PolicyLoader.class);
-    private static final String POLICY_QUERY =
-            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
-          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-          + "SELECT DISTINCT ?" + POLICY + " ?" + PRIORITY + " \n"
-          + "WHERE {\n"
-          + "?" + POLICY + " rdf:type ao:Policy .\n"
-          + "OPTIONAL {?" + POLICY + " ao:priority ?set_priority" + " . }\n"
-          + "BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n"
-          + "} ORDER BY ?" + PRIORITY;
-    
-    private static final String PRIORITY_QUERY =
-            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
-          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-          + "SELECT DISTINCT ?" + PRIORITY + " \n"
-          + "WHERE {\n"
-          + "?" + POLICY + " rdf:type ao:Policy .\n"
-          + "OPTIONAL {?" + POLICY + " ao:priority ?set_priority" + " . }\n"
-          + "BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n"
-          + "} ORDER BY ?" + PRIORITY;
-    
-    private static final String DATASET_QUERY =
-            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
-          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-          + "SELECT DISTINCT ?dataSet \n"
-          + "WHERE {\n"
-          + "       ?policy ao:testDatasets ?dataSets .\n"
-          + "       ?policy rdf:type ao:Policy .\n"
-          + "       ?dataSets ao:testDataset ?dataSet .\n"
-          + "} ORDER BY ?dataSet";
-    
-    private static final String NO_DATASET_RULES_QUERY =
-            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
-          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-          + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id \n"
-          + "WHERE {\n"
-          + "?policy rdf:type ao:Policy .\n"
-          + "?policy ao:rules ?rules . \n"
-          + "?rules ao:rule ?rule . \n"
-          + "?rule ao:attribute ?attribute .\n"
-          + "OPTIONAL {\n"
-          + "  ?attribute ao:test ?attributeTest .\n"
-          + "  OPTIONAL {\n"
-          + "    ?attributeTest ao:id ?testId . \n"
-          + "  }\n"
-          + "}"
-          + "OPTIONAL {\n"
-          + "  ?attribute ao:type ?attributeType . \n"
-          + "  OPTIONAL {\n"
-          + "    ?attributeType ao:id ?typeId . \n"
-          + "  }\n"
-          + "}\n"
-          + "OPTIONAL {\n"
-          + "   ?rule ao:decision ?decision . \n"
-          + "   ?decision ao:id ?decision_id . \n"
-          + "}\n"
-          + "?attribute ao:value ?value . \n"
-          + "OPTIONAL {?value ao:id ?lit_value . }\n"
-          + "} ORDER BY ?rule ?attribute";
-    
-    private static final String DATASET_RULES_QUERY =
-            "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-          + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-          + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-          + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
-          + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-          + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-          + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-          + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id ?dataSetUri \n"
-          + "WHERE {\n"
-          + "?policy rdf:type ao:Policy .\n"
-          + "?policy ao:rules ?rules . \n"
-          + "?rules rdf:type ao:Rules . \n"
-          + "?rules ao:rule ?rule . \n"
-          + "?rule ao:attribute ?attribute . \n"
-          + "?attribute rdf:type ao:Attribute .\n"
-          + "OPTIONAL {\n"
-          + "  ?attribute ao:test ?attributeTest .\n"
-          + "  OPTIONAL {\n"
-          + "    ?attributeTest ao:id ?testId . \n"
-          + "  }\n"
-          + "}"
-          + "OPTIONAL {\n"
-          + "  ?attribute ao:type ?attributeType . \n"
-          + "  OPTIONAL {\n"
-          + "    ?attributeType ao:id ?typeId . \n"
-          + "  }\n"
-          + "}\n"
-          + "OPTIONAL {\n"
-          + "   ?rule ao:decision ?decision . \n"
-          + "   ?decision ao:id ?decision_id . \n"
-          + "}\n"
-          + "OPTIONAL {\n"
-          + "   ?attribute ao:setValue ?testData . \n"
-          + "   ?dataSet ao:testData ?testData . \n"
-          + "   ?testData ao:dataValue ?value . \n"
-          + "   OPTIONAL {?value ao:id ?lit_value . }\n"
-          + "}\n"
-          + "OPTIONAL {\n"
-          + "   ?attribute ao:value ?value . \n"
-          + "   OPTIONAL {?value ao:id ?lit_value . }\n"
-          + "}\n"
-          + "BIND(?dataSet as ?dataSetUri)\n"
-          + "} ORDER BY ?rule ?attribute";
-
-    
+    private static final String POLICY_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n" 
+            + "SELECT DISTINCT ?" + POLICY + " ?" + PRIORITY + " \n" 
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n" 
+            + "    ?" + POLICY + " rdf:type ao:Policy .\n" 
+            + "    OPTIONAL {?" + POLICY + " ao:priority ?set_priority" 
+            + " . }\n"
+            + "    BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n" 
+            + "  }\n" 
+            + "} ORDER BY ?" + PRIORITY;
+
+    private static final String PRIORITY_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n" 
+            + "SELECT DISTINCT ?" + PRIORITY + " \n" 
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n" 
+            + "    ?" + POLICY  + " rdf:type ao:Policy .\n" 
+            + "    OPTIONAL {?" + POLICY + " ao:priority ?set_priority" + " . }\n"
+            + "    BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n" 
+            + "  }\n" 
+            + "} ORDER BY ?" + PRIORITY;
+
+    private static final String DATASET_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "SELECT DISTINCT ?dataSet \n" + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n"
+            + "       ?policy ao:testDatasets ?dataSets .\n" 
+            + "       ?policy rdf:type ao:Policy .\n"
+            + "       ?dataSets ao:testDataset ?dataSet .\n" 
+            + "  }\n" 
+            + "} ORDER BY ?dataSet";
+
+    private static final String NO_DATASET_RULES_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id \n" + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n"
+            + "?policy rdf:type ao:Policy .\n" 
+            + "?policy ao:rules ?rules . \n" 
+            + "?rules ao:rule ?rule . \n"
+            + "?rule ao:attribute ?attribute .\n" 
+            + "OPTIONAL {\n" 
+            + "  ?attribute ao:test ?attributeTest .\n"
+            + "  OPTIONAL {\n" 
+            + "    ?attributeTest ao:id ?testId . \n" 
+            + "  }\n" 
+            + "}" 
+            + "OPTIONAL {\n"
+            + "  ?attribute ao:type ?attributeType . \n" 
+            + "  OPTIONAL {\n" 
+            + "    ?attributeType ao:id ?typeId . \n"
+            + "  }\n" 
+            + "}\n" 
+            + "OPTIONAL {\n" 
+            + "   ?rule ao:decision ?decision . \n"
+            + "   ?decision ao:id ?decision_id . \n" 
+            + "}\n" 
+            + "?attribute ao:value ?value . \n"
+            + "OPTIONAL {?value ao:id ?lit_value . }\n" 
+            + "  }\n" 
+            + "} ORDER BY ?rule ?attribute";
+
+    private static final String DATASET_RULES_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id ?dataSetUri \n"
+            + "WHERE {\n" 
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n"
+            + "?policy rdf:type ao:Policy .\n" 
+            + "?policy ao:rules ?rules . \n" 
+            + "?rules rdf:type ao:Rules . \n"
+            + "?rules ao:rule ?rule . \n" 
+            + "?rule ao:attribute ?attribute . \n"
+            + "?attribute rdf:type ao:Attribute .\n" 
+            + "OPTIONAL {\n" 
+            + "  ?attribute ao:test ?attributeTest .\n"
+            + "  OPTIONAL {\n" 
+            + "    ?attributeTest ao:id ?testId . \n" 
+            + "  }\n" 
+            + "}" 
+            + "OPTIONAL {\n"
+            + "  ?attribute ao:type ?attributeType . \n" 
+            + "  OPTIONAL {\n" 
+            + "    ?attributeType ao:id ?typeId . \n"
+            + "  }\n" 
+            + "}\n" 
+            + "OPTIONAL {\n" 
+            + "   ?rule ao:decision ?decision . \n"
+            + "   ?decision ao:id ?decision_id . \n" 
+            + "}\n" 
+            + "OPTIONAL {\n"
+            + "   ?attribute ao:setValue ?testData . \n" 
+            + "   ?dataSet ao:testData ?testData . \n"
+            + "   ?testData ao:dataValue ?value . \n" 
+            + "   OPTIONAL {?value ao:id ?lit_value . }\n" 
+            + "}\n"
+            + "OPTIONAL {\n" 
+            + "   ?attribute ao:value ?value . \n" 
+            + "   OPTIONAL {?value ao:id ?lit_value . }\n"
+            + "}\n" + "BIND(?dataSet as ?dataSetUri)\n" 
+            + "  }\n" 
+            + "} ORDER BY ?rule ?attribute";
+
     private static final String policyKeyTemplatePrefix = 
-        "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-      + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-      + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-      + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
-      + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-      + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-      + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-      + "SELECT DISTINCT ?" + POLICY + "?testData ?value ?valueId ( COUNT(?key) AS ?keySize ) \n"
-      + "WHERE {\n"
-      + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n"
-      + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
-      + "  ?testDataSets ao:testDataset ?dataSet . \n"
-      + "  ?dataSet ao:testData ?testData . \n"
-      + "  OPTIONAL { ?testData ao:dataValue ?value . \n"
-      + "    OPTIONAL { ?value ao:id ?valueId . } \n"
-      + "  }"
-      + "  ?policyKeyUri ao:keyComponent ?key .\n";
-
-    private static final String policyKeyTemplateSuffix = "} GROUP BY ?" + POLICY + " ?value ?valueId ?testData";
-   
+              "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n" 
+            + "SELECT DISTINCT ?"
+            + POLICY + "?testData ?value ?valueId ( COUNT(?key) AS ?keySize ) \n" 
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n" 
+            + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n" 
+            + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
+            + "  ?testDataSets ao:testDataset ?dataSet . \n" 
+            + "  ?dataSet ao:testData ?testData . \n"
+            + "  OPTIONAL { ?testData ao:dataValue ?value . \n" 
+            + "    OPTIONAL { ?value ao:id ?valueId . } \n" 
+            + "  }"
+            + "  ?policyKeyUri ao:keyComponent ?key .\n";
+
+    private static final String policyKeyTemplateSuffix = "}} GROUP BY ?" + POLICY + " ?value ?valueId ?testData";
+
     private static final String policyStatementByKeyTemplatePrefix = 
-          "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-        + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-        + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-        + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
-        + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-        + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-        + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-        + "CONSTRUCT { \n"
-        + "  ?testData ao:dataValue <%s> .\n"
-        + "}\n"
-        + "WHERE {\n"
-        + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n"
-        + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
-        + "  ?testDataSets ao:testDataset ?dataSet . \n"
-        + "  ?dataSet ao:testData ?testData . \n";
-
-    private static final String policyStatementByKeyTemplateSuffix = "}";
-
-    private Model userAccountsModel;
+              "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n" 
+            + "CONSTRUCT { \n"
+            + "  ?testData ao:dataValue <%s> .\n" 
+            + "}\n" 
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n" 
+            + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n" 
+            + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
+            + "  ?testDataSets ao:testDataset ?dataSet . \n" 
+            + "  ?dataSet ao:testData ?testData . \n";
+
+    private static final String policyStatementByKeyTemplateSuffix = "}}";
+
     private RDFService rdfService;
     public static final String RULE = "rule";
     public static final String LITERAL_VALUE = "lit_value";
@@ -216,31 +216,19 @@ public class PolicyLoader {
     public static final String TEST_ID = "testId";
     public static final String TYPE_ID = "typeId";
     private static PolicyLoader INSTANCE;
-    
+
     public static PolicyLoader getInstance() {
         return INSTANCE;
     }
-    
-    private PolicyLoader(Model model) {
-        if (model != null) {
-            this.userAccountsModel = model;
-            this.rdfService = new RDFServiceModel(userAccountsModel);
-        } else {
-            this.userAccountsModel = ModelAccess.getInstance().getOntModelSelector().getUserAccountsModel();
-            //this.rdfService = ModelAccess.getInstance().getRDFService(WhichService.CONFIGURATION);
-            this.rdfService = new RDFServiceModel(userAccountsModel);
-            loadPolicies();
-        }
-    }
 
-    private Model getUserAccountsModel() {
-        return userAccountsModel;
+    private PolicyLoader(RDFService rdfs) {
+        this.rdfService = rdfs;
     }
 
-    public static void initialize(Model model) {
-        INSTANCE = new PolicyLoader(model);
+    public static void initialize(RDFService rdfService) {
+        INSTANCE = new PolicyLoader(rdfService);
     }
-    
+
     public void loadPolicies() {
         List<String> policyUris = getPolicyUris();
         for (String uri : policyUris) {
@@ -248,7 +236,7 @@ public void loadPolicies() {
             DynamicPolicy policy = loadPolicy(uri);
             if (policy != null) {
                 debug("Loaded policy %s", uri);
-                //take policy priority into account
+                // take policy priority into account
                 PolicyStore.getInstance().add(policy);
             }
         }
@@ -256,27 +244,26 @@ public void loadPolicies() {
 
     public List<String> getPolicyUris() {
         debug("SPARQL Query to get policy uris from the graph:\n %s", POLICY_QUERY);
-        Query query = QueryFactory.create(POLICY_QUERY);
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
         List<String> policyUris = new LinkedList<String>();
         try {
-            ResultSet rs = qexec.execSelect();
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                if (!qs.contains(POLICY) || !qs.get(POLICY).isResource()) {
-                    //debug("Policy solution doesn't contain policy resource");
-                    continue;
+            rdfService.sparqlSelectQuery(POLICY_QUERY, new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (!qs.contains(POLICY) || !qs.get(POLICY).isResource()) {
+                        // debug("Policy solution doesn't contain policy
+                        // resource");
+                        return;
+                    }
+                    policyUris.add(qs.getResource(POLICY).getURI());
                 }
-                policyUris.add(qs.getResource(POLICY).getURI());
-            }
-        } catch (Exception e) {
+            });
+        } catch (RDFServiceException e) {
             log.error(e, e);
-        } finally {
-            qexec.close();
         }
+
         return policyUris;
     }
-    
+
     public DynamicPolicy loadPolicy(String uri) {
         List<String> dataSetNames = getDataSetNames(uri);
         Set<AccessRule> rules = new HashSet<>();
@@ -299,129 +286,115 @@ public DynamicPolicy loadPolicy(String uri) {
         policy.addRules(rules);
         return policy;
     }
-    
+
     public Set<String> getPolicyDataSetValues(OperationGroup og, AccessObjectType aot, String role) {
         Set<String> values = new HashSet<>();
         long expectedSize = 3;
-        final String queryText = getPolicyTestValuesByKeyQuery(new String[]{role}, new String[]{og.toString(), aot.toString()});
+        final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
+                new String[] { og.toString(), aot.toString() });
         debug("SPARQL Query to get policy data set values:\n %s", queryText);
-        Query query = QueryFactory.create(queryText);
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
         try {
-            ResultSet rs = qexec.execSelect();
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                if (!qs.contains(POLICY) || 
-                    !qs.contains("keySize") || 
-                    !qs.get("keySize").isLiteral()) {
-                 continue;  
-                }
-                long keySize = qs.getLiteral("keySize").getLong();
-                if (expectedSize != keySize) {
-                    continue;
-                }
-                if (qs.contains("valueId") && qs.get("valueId").isLiteral()) {
-                    values.add(qs.getLiteral("valueId").getString());
-                } else if (qs.contains("value")) {
-                    RDFNode node = qs.get("value");
-                    if (node.isLiteral()) {
-                        values.add(node.asLiteral().toString());
-                    } else if (node.isResource()){
-                        values.add(node.asResource().getURI());
+            rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (!qs.contains(POLICY) || !qs.contains("keySize") || !qs.get("keySize").isLiteral()) {
+                        return;
+                    }
+                    long keySize = qs.getLiteral("keySize").getLong();
+                    if (expectedSize != keySize) {
+                        return;
+                    }
+                    if (qs.contains("valueId") && qs.get("valueId").isLiteral()) {
+                        values.add(qs.getLiteral("valueId").getString());
+                    } else if (qs.contains("value")) {
+                        RDFNode node = qs.get("value");
+                        if (node.isLiteral()) {
+                            values.add(node.asLiteral().toString());
+                        } else if (node.isResource()) {
+                            values.add(node.asResource().getURI());
+                        }
                     }
                 }
-            }
-        } catch (Exception e) {
+            });
+        } catch (RDFServiceException e) {
             log.error(e, e);
-        } finally {
-            qexec.close();
         }
         return values;
     }
-    
+
     public String getPolicyUriByKey(OperationGroup og, AccessObjectType aot, String role) {
-        String uri = null;
         long expectedSize = 3;
-        final String queryText = getPolicyTestValuesByKeyQuery(new String[]{role}, new String[]{og.toString(), aot.toString()});
+        final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
+                new String[] { og.toString(), aot.toString() });
         debug("SPARQL Query to get policy data set values:\n %s", queryText);
-        Query query = QueryFactory.create(queryText);
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        String[] uri = new String[1];
         try {
-            ResultSet rs = qexec.execSelect();
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                if (!qs.contains(POLICY) || 
-                    !qs.get(POLICY).isResource() ||
-                    !qs.contains("keySize") || 
-                    !qs.get("keySize").isLiteral()) {
-                 continue;  
-                }
-                long keySize = qs.getLiteral("keySize").getLong();
-                if (expectedSize != keySize) {
-                    continue;
+            rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (!qs.contains(POLICY) || !qs.get(POLICY).isResource() || !qs.contains("keySize")
+                            || !qs.get("keySize").isLiteral()) {
+                        return;
+                    }
+                    long keySize = qs.getLiteral("keySize").getLong();
+                    if (expectedSize != keySize) {
+                        return;
+                    }
+                    uri[0] = qs.getResource(POLICY).getURI();
                 }
-                uri = qs.getResource(POLICY).getURI();
-                break;
-            }
-        } catch (Exception e) {
+            });
+        } catch (RDFServiceException e) {
             log.error(e, e);
-        } finally {
-            qexec.close();
         }
-        return uri;
+        return uri[0];
     }
-    
+
     public String getEntityPolicyTestDataValue(OperationGroup og, AccessObjectType aot, String role) {
-        String valueUri = null;
+        String[] valueUri = new String[1];
         long expectedSize = 3;
-        final String queryText = getPolicyTestValuesByKeyQuery(new String[]{role}, new String[]{og.toString(), aot.toString()});
+        final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
+                new String[] { og.toString(), aot.toString() });
         debug("SPARQL Query to get policy data set value:\n %s", queryText);
-        Query query = QueryFactory.create(queryText);
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
         try {
-            ResultSet rs = qexec.execSelect();
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                if (!qs.contains(POLICY) || 
-                    !qs.contains("keySize") || 
-                    !qs.get("keySize").isLiteral()) {
-                 continue;  
-                }
-                long keySize = qs.getLiteral("keySize").getLong();
-                if (expectedSize != keySize) {
-                    continue;
+            rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (!qs.contains(POLICY) || !qs.contains("keySize") || !qs.get("keySize").isLiteral()) {
+                        return;
+                    }
+                    long keySize = qs.getLiteral("keySize").getLong();
+                    if (expectedSize != keySize) {
+                        return;
+                    }
+                    if (qs.contains("testData") && qs.get("testData").isResource()) {
+                        valueUri[0] = qs.getResource("testData").getURI();
+                    }
                 }
-                if (qs.contains("testData") && qs.get("testData").isResource()) {
-                    valueUri = qs.getResource("testData").getURI();
-                } 
-            }
-        } catch (Exception e) {
+            });
+        } catch (RDFServiceException e) {
             log.error(e, e);
-        } finally {
-            qexec.close();
         }
-        return valueUri;
+        return valueUri[0];
     }
-    
-    public void modifyPolicyDataSetValue(String entityUri, OperationGroup og, AccessObjectType aot, String role, boolean isAdd) {
-        final String queryText = getPolicyDataSetValueStatementByKeyQuery(entityUri, new String[]{role}, new String[]{og.toString(), aot.toString()});
+
+    public void modifyPolicyDataSetValue(String entityUri, OperationGroup og, AccessObjectType aot, String role,
+            boolean isAdd) {
+        final String queryText = getPolicyDataSetValueStatementByKeyQuery(entityUri, new String[] { role },
+                new String[] { og.toString(), aot.toString() });
         debug("SPARQL Query to get policy data set values:\n %s", queryText);
-        Query query = QueryFactory.create(queryText);
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        Model m = VitroModelFactory.createModel();
         try {
-             Model model = qexec.execConstruct();
-             if (model.isEmpty()) {
-                 log.error("statements to add/delete are empty");
-                 return;
-             }
-             updateUserAccountsModel(model, isAdd);
-        } catch (Exception e) {
+            rdfService.sparqlConstructQuery(queryText, m);
+        } catch (RDFServiceException e) {
             log.error(e, e);
-        } finally {
-            qexec.close();
         }
+        if (m.isEmpty()) {
+            log.error("statements to add/delete are empty");
+            return;
+        }
+        updateUserAccountsModel(m, isAdd);
     }
-    
+
     private void updateUserAccountsModel(Model data, boolean isAdd) {
         StringWriter sw = new StringWriter();
         data.write(sw, "TTL");
@@ -434,7 +407,7 @@ public void updateUserAccountsModel(String data, boolean isAdd) {
             InputStream in = new ByteArrayInputStream(data.getBytes());
             debug(modelToString(data, isAdd));
             if (isAdd) {
-                changeSet.addAddition(in, ModelSerializationFormat.N3, ModelNames.USER_ACCOUNTS);    
+                changeSet.addAddition(in, ModelSerializationFormat.N3, ModelNames.USER_ACCOUNTS);
             } else {
                 changeSet.addRemoval(in, ModelSerializationFormat.N3, ModelNames.USER_ACCOUNTS);
             }
@@ -442,7 +415,7 @@ public void updateUserAccountsModel(String data, boolean isAdd) {
         } catch (RDFServiceException e) {
             String message = modelToString(data, isAdd);
             log.error(message);
-            log.error(e,e);
+            log.error(e, e);
         }
     }
 
@@ -450,7 +423,7 @@ private String modelToString(String ruleData, boolean isAdd) {
         String message = (isAdd ? "Adding to" : "Removing from") + " user accounts model \n" + ruleData;
         return message;
     }
-    
+
     private static String getPolicyDataSetValueStatementByKeyQuery(String entityUri, String[] uris, String[] ids) {
         StringBuilder query = new StringBuilder();
         query.append(String.format(policyStatementByKeyTemplatePrefix, entityUri));
@@ -465,7 +438,7 @@ private static String getPolicyDataSetValueStatementByKeyQuery(String entityUri,
         query.append(policyStatementByKeyTemplateSuffix);
         return query.toString();
     }
-    
+
     private static String getPolicyTestValuesByKeyQuery(String[] uris, String[] ids) {
         StringBuilder query = new StringBuilder(policyKeyTemplatePrefix);
         for (String uri : uris) {
@@ -479,99 +452,111 @@ private static String getPolicyTestValuesByKeyQuery(String[] uris, String[] ids)
         query.append(policyKeyTemplateSuffix);
         return query.toString();
     }
-    
+
     private long getPriority(String uri) {
-        //debug("SPARQL Query to get policy uris from the graph:\n %s", POLICY_URIS_QUERY);
+        // debug("SPARQL Query to get policy uris from the graph:\n %s",
+        // POLICY_URIS_QUERY);
         ParameterizedSparqlString pss = new ParameterizedSparqlString(PRIORITY_QUERY);
         pss.setIri(POLICY, uri);
-        //debug("Get priority query:\n %s", pss.toString());
-        Query query = QueryFactory.create(pss.toString());
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        // debug("Get priority query:\n %s", pss.toString());
+        long[] priority = new long[1];
         try {
-            ResultSet rs = qexec.execSelect();
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                if (!qs.contains(PRIORITY) || !qs.get(PRIORITY).isLiteral()) {
-                    return 0;
+            rdfService.sparqlSelectQuery(pss.toString(), new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (!qs.contains(PRIORITY) || !qs.get(PRIORITY).isLiteral()) {
+                        priority[0] = 0L;
+                        return;
+                    }
+                    priority[0] = qs.getLiteral(PRIORITY).getLong();
                 }
-                return qs.getLiteral(PRIORITY).getLong();
-            }
-        } catch (Exception e) {
+            });
+        } catch (RDFServiceException e) {
             log.error(e, e);
-        } finally {
-            qexec.close();
         }
-        return 0;
+        return priority[0];
     }
 
     private void loadRulesWithoutDataSet(String policyUri, Set<AccessRule> rules) throws Exception {
         ParameterizedSparqlString pss = new ParameterizedSparqlString(NO_DATASET_RULES_QUERY);
         pss.setIri(POLICY, policyUri);
         debug(pss.toString());
-        Query query = QueryFactory.create(pss.toString());
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        AccessRule rule[] = new AccessRule[1];
+        Exception ex[] = new Exception[1];
         try {
-            ResultSet rs = qexec.execSelect();
-            AccessRule rule = null;
-            //debugSelectQueryResults(rs);
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                if (isInvalidPolicySolution(policyUri, qs)) {
-                    throw new Exception();
-                }
-                if (isRuleContinues(rule, qs)){
-                    populateRule(rule, qs);
-                } else {
-                    if (rule != null) {
-                        rules.add(rule);    
+            rdfService.sparqlSelectQuery(pss.toString(), new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    try {
+                        if (isInvalidPolicySolution(policyUri, qs)) {
+                            throw new Exception();
+                        }
+                        if (isRuleContinues(rule[0], qs)) {
+                            populateRule(rule[0], qs);
+                        } else {
+                            if (rule[0] != null) {
+                                rules.add(rule[0]);
+                            }
+                            rule[0] = AccessRuleFactory.createRule(qs);
+                        }
+                    } catch (Exception e) {
+                        ex[0] = e;
                     }
-                    rule = AccessRuleFactory.createRule(qs);
                 }
-            }
-            if (rule != null) {
-                rules.add(rule);
-                debug("\nLoaded %s rules for %s policy", rules.size(), policyUri);
-            } else {
-                debug("\nNo rules loaded from the user accounts model for %s policy.", policyUri);
-            }
-        } finally {
-            qexec.close();
+            });
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+        if (ex[0] != null) {
+            throw ex[0];
+        }
+        if (rule[0] != null) {
+            rules.add(rule[0]);
+            debug("\nLoaded %s rules for %s policy", rules.size(), policyUri);
+        } else {
+            debug("\nNo rules loaded from the user accounts model for %s policy.", policyUri);
         }
     }
-    
+
     private void loadRulesForDataSet(String policyUri, Set<AccessRule> rules, String dataSetName) throws Exception {
         ParameterizedSparqlString pss = new ParameterizedSparqlString(DATASET_RULES_QUERY);
         pss.setIri(POLICY, policyUri);
         pss.setIri("dataSet", dataSetName);
         debug(pss.toString());
-        Query query = QueryFactory.create(pss.toString());
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
+        AccessRule rule[] = new AccessRule[1];
+        Exception ex[] = new Exception[1];
         try {
-            ResultSet rs = qexec.execSelect();
-            AccessRule rule = null;
-            //debugSelectQueryResults(rs);
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                if (isInvalidPolicySolution(policyUri, qs)) {
-                    throw new Exception();
-                }
-                if (isRuleContinues(rule, qs)){
-                    populateRule(rule, qs);
-                } else {
-                    if (rule != null) {
-                        rules.add(rule);    
+            rdfService.sparqlSelectQuery(pss.toString(), new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    try {
+                        if (isInvalidPolicySolution(policyUri, qs)) {
+                            throw new Exception();
+                        }
+                        if (isRuleContinues(rule[0], qs)) {
+                            populateRule(rule[0], qs);
+                        } else {
+                            if (rule[0] != null) {
+                                rules.add(rule[0]);
+                            }
+                            rule[0] = AccessRuleFactory.createRule(qs);
+                        }
+                    } catch (Exception e) {
+                        ex[0] = e;
                     }
-                    rule = AccessRuleFactory.createRule(qs);
                 }
-            }
-            if (rule != null) {
-                rules.add(rule);
-                debug("\nLoaded %s rules for %s policy", rules.size(), policyUri);
-            } else {
-                debug("\nNo rules loaded from the user accounts model for %s policy.", policyUri);
-            }
-        } finally {
-            qexec.close();
+            });
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+        if (ex[0] != null) {
+            throw ex[0];
+        }
+        if (rule[0] != null) {
+            rules.add(rule[0]);
+            debug("\nLoaded %s rules for %s policy", rules.size(), policyUri);
+        } else {
+            debug("\nNo rules loaded from the user accounts model for %s policy.", policyUri);
         }
     }
 
@@ -579,46 +564,42 @@ private List<String> getDataSetNames(String policyUri) {
         List<String> result = new ArrayList<>();
         ParameterizedSparqlString pss = new ParameterizedSparqlString(DATASET_QUERY);
         pss.setIri(POLICY, policyUri);
-        Query query = QueryFactory.create(pss.toString());
-        QueryExecution qexec = QueryExecutionFactory.create(query, getUserAccountsModel());
         try {
-            ResultSet rs = qexec.execSelect();
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                if (qs.contains("dataSet")) {
-                    RDFNode dataSet = qs.get("dataSet");
-                    if (dataSet.isResource()) {
-                        result.add(dataSet.asResource().getURI());
+            rdfService.sparqlSelectQuery(pss.toString(), new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (qs.contains("dataSet")) {
+                        RDFNode dataSet = qs.get("dataSet");
+                        if (dataSet.isResource()) {
+                            result.add(dataSet.asResource().getURI());
+                        }
                     }
                 }
-            }
-        } catch (Exception e) {
+            });
+        } catch (RDFServiceException e) {
             log.error(e, e);
-        } finally {
-            qexec.close();
         }
         return result;
     }
 
-    
     private void debugSelectQueryResults(ResultSet rs) {
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
         ResultSetFormatter.outputAsJSON(baos, rs);
         String json = new String(baos.toByteArray());
         debug(json);
     }
-    
+
     private static boolean isRuleContinues(AccessRule rule, QuerySolution qs) {
         if (rule == null) {
             return false;
         }
         String ruleUri = qs.getResource("rule").getURI();
         if (qs.contains("dataSetUri")) {
-            ruleUri += "." + qs.getResource("dataSetUri").getURI();    
+            ruleUri += "." + qs.getResource("dataSetUri").getURI();
         }
         return rule.getRuleUri().equals(ruleUri);
     }
-    
+
     private static void populateRule(AccessRule ar, QuerySolution qs) throws Exception {
         if (ar == null) {
             return;
@@ -627,14 +608,14 @@ private static void populateRule(AccessRule ar, QuerySolution qs) throws Excepti
         if (ar.containsAttributeUri(attributeUri)) {
             AttributeFactory.extendAttribute(ar.getAttribute(attributeUri), qs);
             return;
-        } 
+        }
         try {
             ar.addAttribute(AttributeFactory.createAttribute(qs));
         } catch (Exception e) {
             log.error(e, e);
         }
     }
-    
+
     private static boolean isInvalidPolicySolution(String uri, QuerySolution qs) {
         if (!qs.contains("rules") || !qs.get("rules").isResource()) {
             debug("Policy <%s> solution doesn't contain rules uri", uri);
@@ -658,10 +639,10 @@ private static boolean isInvalidPolicySolution(String uri, QuerySolution qs) {
         }
         return false;
     }
-    
+
     private static void debug(String template, Object... objects) {
         if (log.isDebugEnabled()) {
-            log.error(String.format(template, objects ));
+            log.error(String.format(template, objects));
         }
     }
 
@@ -672,7 +653,7 @@ public void addEntityToPolicyDataSet(String entityUri, AccessObjectType aot, Ope
     public void removeEntityFromPolicyDataSet(String entityUri, AccessObjectType aot, OperationGroup og, String role) {
         modifyPolicyDataSetValue(entityUri, og, aot, role, false);
     }
-    
+
     private ChangeSet makeChangeSet() {
         ChangeSet cs = rdfService.manufactureChangeSet();
         cs.addPreChangeEvent(new BulkUpdateEvent(null, true));
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java
index 444c48b496..1623952e8c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java
@@ -14,6 +14,8 @@
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.IsRootUserFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.IsUserFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess.WhichService;
 import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
 
 /**
@@ -27,7 +29,8 @@ public void contextInitialized(ServletContextEvent sce) {
 		StartupStatus ss = StartupStatus.getBean(ctx);
 
 		try {
-		    PolicyLoader.initialize(null);
+		    PolicyLoader.initialize(ModelAccess.getInstance().getRDFService(WhichService.CONFIGURATION));
+		    PolicyLoader.getInstance().loadPolicies();
 			factory(new IsUserFactory());
 			factory(new IsRootUserFactory());
 			factory(new HasProfileOrIsBlacklistedFactory());
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 9009e9005b..00c901f541 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -157,7 +157,9 @@ private long updatePolicyDatasets(AccessObjectType aot, Map<String, Map<Operatio
                 log.debug(String.format("Updated entity %s dataset for operation group %s access object type %s roles %s", entityUri, og, aot, roles));
             }
         }
+        long begin = System.currentTimeMillis();
         PolicyLoader.getInstance().updateUserAccountsModel(sb.toString(), true);
+        log.info(secondsSince(begin) + "Spent on write to model");
         return getLineCount(sb.toString());
     }
     
@@ -171,7 +173,7 @@ public void addDataSetStatements(String entityUri, AccessObjectType aot, Operati
                 log.error(String.format("Policy test data wasn't found by key:\n%s\n%s\n%s", og, aot, role));
                 continue;
             }
-            sb.append(String.format("<%s> <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue> <%s> .\n", testDataUri, entityUri));
+            sb.append("<").append(testDataUri).append("> <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue> <").append(entityUri).append("> .\n");
         }
     }
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
index 8e2bee7407..394c67e906 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
@@ -14,11 +14,6 @@ public class BasicPolicyTest extends PolicyTest {
     public static final String BROKEN_POLICY_BROKEN_TYPE_ID = TEST_RESOURCES_PREFIX + "test_policy_broken4.n3";
     public static final String BROKEN_POLICY_BROKEN_ATTRIBUTE_VALUES = TEST_RESOURCES_PREFIX + "test_policy_broken5.n3";
 
-    public static final String VALID_POLICY = TEST_RESOURCES_PREFIX + "test_policy_valid.n3";
-    public static final String VALID_POLICY_WITH_SET = TEST_RESOURCES_PREFIX + "test_policy_valid_set.n3";
-    public static final String BROKEN_POLICY_WITH_SET = TEST_RESOURCES_PREFIX + "test_policy_broken_set.n3";
-    public static final String POLICY_KEY_TEST = TEST_RESOURCES_PREFIX + "test_policy_key.n3";
-
 
     @Test
     public void testGetPolicyUris() {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 65508595c5..283d541857 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -11,6 +11,8 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.jena.query.Dataset;
+import org.apache.jena.query.DatasetFactory;
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
 import org.apache.jena.shared.Lock;
@@ -18,6 +20,8 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
 
 public class PolicyTest {
     public static final String USER_ACCOUNTS_HOME_EVERYTIME = "../home/src/main/resources/rdf/auth/everytime/";
@@ -129,6 +133,12 @@ public class PolicyTest {
     public static final String SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_update_faux_data_property.n3";
     
     protected static final String TEST_RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
+
+    public static final String VALID_POLICY = TEST_RESOURCES_PREFIX + "test_policy_valid.n3";
+    public static final String VALID_POLICY_WITH_SET = TEST_RESOURCES_PREFIX + "test_policy_valid_set.n3";
+    public static final String BROKEN_POLICY_WITH_SET = TEST_RESOURCES_PREFIX + "test_policy_broken_set.n3";
+    public static final String POLICY_KEY_TEST = TEST_RESOURCES_PREFIX + "test_policy_key.n3";
+    
     protected static final List<String> ROLE_LIST = Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI);
     public static final String PREFIX = "https://vivoweb.org/ontology/vitro-application/auth/individual/";
     public static final String DATASET = "_dataset";
@@ -138,10 +148,13 @@ public class PolicyTest {
 
     protected Model userAccountsModel;
     protected PolicyLoader loader;
+    protected Dataset ds;
 
     @Before
     public void init() {
         userAccountsModel = ModelFactory.createDefaultModel();
+        ds = DatasetFactory.createTxnMem();
+        ds.addNamedModel(ModelNames.USER_ACCOUNTS, userAccountsModel);
         load(ATTRIBUTES_PATH);
         load(OPERATIONS_PATH);
         load(OPERATION_GROUPS);
@@ -151,8 +164,9 @@ public void init() {
         load(TEST_TYPES_PATH);
         load(TEST_VALUES_PATH);
         load(TEST_DECISIONS);
+        RDFServiceModel rdfService = new RDFServiceModel(ds);
         
-        PolicyLoader.initialize(userAccountsModel);
+        PolicyLoader.initialize(rdfService);
         loader = PolicyLoader.getInstance();
     }
     
@@ -272,7 +286,14 @@ protected void loadAllEntityPolicies() {
     }
     
     protected void load(String filePath) {
-        load(userAccountsModel, filePath);
+        try {
+            userAccountsModel.enterCriticalSection(Lock.WRITE);
+            userAccountsModel.read(filePath);
+        } finally {
+            userAccountsModel.leaveCriticalSection();
+        }
+        ds.replaceNamedModel("http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts", userAccountsModel);
+
     }
     
     protected void load(Model m, String filePath) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
index 75c7462141..a736850527 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
@@ -15,6 +15,7 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
 
 public class AuthMigratorTest extends PolicyTest {
@@ -58,11 +59,11 @@ public void testGetAnnotationConfigs() {
     @Test
     public void testConvertAnnotationConfiguration() {
         Model tmpModel = ModelFactory.createDefaultModel();
-        tmpModel.add(userAccountsModel);
+        tmpModel.add(ds.getNamedModel(ModelNames.USER_ACCOUNTS));
         long initialSize = userAccountsModel.size();
         migrator.convertAnnotationConfiguration();
-        assertTrue(userAccountsModel.size() > initialSize);
-        Model diff = userAccountsModel.difference(tmpModel);
+        assertTrue(ds.getNamedModel(ModelNames.USER_ACCOUNTS).size() > initialSize);
+        Model diff = ds.getNamedModel(ModelNames.USER_ACCOUNTS).difference(tmpModel);
         try(ByteArrayOutputStream baos = new ByteArrayOutputStream()){
             diff.write(baos, "TTL");
             String newData = baos.toString();

From 72a16539355a072f9e60be705d9166bd76ee5346 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Fri, 9 Jun 2023 09:16:11 +0200
Subject: [PATCH 016/148] moved policy configurations from everytime

---
 .../cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java   | 3 ++-
 .../rdf/auth/{everytime => firsttime}/attribute_types.n3       | 0
 .../resources/rdf/auth/{everytime => firsttime}/attributes.n3  | 0
 .../resources/rdf/auth/{everytime => firsttime}/decisions.n3   | 0
 .../rdf/auth/{everytime => firsttime}/object_types.n3          | 0
 .../resources/rdf/auth/{everytime => firsttime}/ontology.n3    | 0
 .../rdf/auth/{everytime => firsttime}/operation_groups.n3      | 0
 .../resources/rdf/auth/{everytime => firsttime}/operations.n3  | 0
 .../rdf/auth/{everytime => firsttime}/permission_config.n3     | 0
 .../{everytime => firsttime}/policy_admin_display_class.n3     | 0
 .../policy_admin_display_data_property.n3                      | 0
 .../policy_admin_display_faux_data_property.n3                 | 0
 .../policy_admin_display_faux_object_property.n3               | 0
 .../policy_admin_display_object_property.n3                    | 0
 .../{everytime => firsttime}/policy_admin_publish_class.n3     | 0
 .../policy_admin_publish_data_property.n3                      | 0
 .../policy_admin_publish_faux_data_property.n3                 | 0
 .../policy_admin_publish_faux_object_property.n3               | 0
 .../policy_admin_publish_object_property.n3                    | 0
 .../policy_admin_simple_permissions.n3                         | 0
 .../auth/{everytime => firsttime}/policy_admin_update_class.n3 | 0
 .../policy_admin_update_data_property.n3                       | 0
 .../policy_admin_update_faux_data_property.n3                  | 0
 .../policy_admin_update_faux_object_property.n3                | 0
 .../policy_admin_update_object_property.n3                     | 0
 .../{everytime => firsttime}/policy_curator_display_class.n3   | 0
 .../policy_curator_display_data_property.n3                    | 0
 .../policy_curator_display_faux_data_property.n3               | 0
 .../policy_curator_display_faux_object_property.n3             | 0
 .../policy_curator_display_object_property.n3                  | 0
 .../{everytime => firsttime}/policy_curator_publish_class.n3   | 0
 .../policy_curator_publish_data_property.n3                    | 0
 .../policy_curator_publish_faux_data_property.n3               | 0
 .../policy_curator_publish_faux_object_property.n3             | 0
 .../policy_curator_publish_object_property.n3                  | 0
 .../policy_curator_simple_permissions.n3                       | 0
 .../{everytime => firsttime}/policy_curator_update_class.n3    | 0
 .../policy_curator_update_data_property.n3                     | 0
 .../policy_curator_update_faux_data_property.n3                | 0
 .../policy_curator_update_faux_object_property.n3              | 0
 .../policy_curator_update_object_property.n3                   | 0
 .../rdf/auth/{everytime => firsttime}/policy_editable_pages.n3 | 0
 .../{everytime => firsttime}/policy_editor_display_class.n3    | 0
 .../policy_editor_display_data_property.n3                     | 0
 .../policy_editor_display_faux_data_property.n3                | 0
 .../policy_editor_display_faux_object_property.n3              | 0
 .../policy_editor_display_object_property.n3                   | 0
 .../{everytime => firsttime}/policy_editor_publish_class.n3    | 0
 .../policy_editor_publish_data_property.n3                     | 0
 .../policy_editor_publish_faux_data_property.n3                | 0
 .../policy_editor_publish_faux_object_property.n3              | 0
 .../policy_editor_publish_object_property.n3                   | 0
 .../policy_editor_simple_permissions.n3                        | 0
 .../{everytime => firsttime}/policy_editor_update_class.n3     | 0
 .../policy_editor_update_data_property.n3                      | 0
 .../policy_editor_update_faux_data_property.n3                 | 0
 .../policy_editor_update_faux_object_property.n3               | 0
 .../policy_editor_update_object_property.n3                    | 0
 .../auth/{everytime => firsttime}/policy_menu_items_editing.n3 | 0
 .../policy_not_modifiable_statements.n3                        | 0
 .../{everytime => firsttime}/policy_public_display_class.n3    | 0
 .../policy_public_display_data_property.n3                     | 0
 .../policy_public_display_faux_data_property.n3                | 0
 .../policy_public_display_faux_object_property.n3              | 0
 .../policy_public_display_object_property.n3                   | 0
 .../policy_public_simple_permissions.n3                        | 0
 .../{everytime => firsttime}/policy_public_update_class.n3     | 0
 .../policy_public_update_data_property.n3                      | 0
 .../policy_public_update_object_property.n3                    | 0
 .../rdf/auth/{everytime => firsttime}/policy_root_user.n3      | 0
 .../policy_self_editor_display_class.n3                        | 0
 .../policy_self_editor_display_data_property.n3                | 0
 .../policy_self_editor_display_faux_data_property.n3           | 0
 .../policy_self_editor_display_faux_object_property.n3         | 0
 .../policy_self_editor_display_object_property.n3              | 0
 .../policy_self_editor_publish_class.n3                        | 0
 .../policy_self_editor_publish_data_property.n3                | 0
 .../policy_self_editor_publish_faux_data_property.n3           | 0
 .../policy_self_editor_publish_faux_object_property.n3         | 0
 .../policy_self_editor_publish_object_property.n3              | 0
 .../policy_self_editor_simple_permissions.n3                   | 0
 .../policy_self_editor_update_class.n3                         | 0
 .../policy_self_editor_update_data_property.n3                 | 0
 .../policy_self_editor_update_faux_data_property.n3            | 0
 .../policy_self_editor_update_faux_object_property.n3          | 0
 .../policy_self_editor_update_object_property.n3               | 0
 .../rdf/auth/{everytime => firsttime}/subject_types.n3         | 0
 .../resources/rdf/auth/{everytime => firsttime}/test_types.n3  | 0
 .../resources/rdf/auth/{everytime => firsttime}/test_values.n3 | 0
 89 files changed, 2 insertions(+), 1 deletion(-)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/attribute_types.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/attributes.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/decisions.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/object_types.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/ontology.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/operation_groups.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/operations.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/permission_config.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_display_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_display_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_display_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_display_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_display_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_publish_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_publish_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_publish_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_publish_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_publish_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_simple_permissions.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_update_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_update_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_update_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_update_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_admin_update_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_display_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_display_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_display_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_display_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_display_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_publish_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_publish_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_publish_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_publish_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_publish_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_simple_permissions.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_update_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_update_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_update_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_update_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_curator_update_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editable_pages.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_display_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_display_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_display_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_display_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_display_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_publish_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_publish_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_publish_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_publish_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_publish_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_simple_permissions.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_update_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_update_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_update_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_update_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_editor_update_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_menu_items_editing.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_not_modifiable_statements.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_public_display_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_public_display_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_public_display_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_public_display_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_public_display_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_public_simple_permissions.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_public_update_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_public_update_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_public_update_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_root_user.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_display_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_display_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_display_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_display_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_display_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_publish_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_publish_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_publish_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_publish_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_publish_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_simple_permissions.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_update_class.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_update_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_update_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_update_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/policy_self_editor_update_object_property.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/subject_types.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/test_types.n3 (100%)
 rename home/src/main/resources/rdf/auth/{everytime => firsttime}/test_values.n3 (100%)

diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 283d541857..3510b618c2 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -24,9 +24,10 @@
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
 
 public class PolicyTest {
-    public static final String USER_ACCOUNTS_HOME_EVERYTIME = "../home/src/main/resources/rdf/auth/everytime/";
     public static final String USER_ACCOUNTS_HOME_FIRSTTIME = "../home/src/main/resources/rdf/auth/firsttime/";
 
+    public static final String USER_ACCOUNTS_HOME_EVERYTIME = USER_ACCOUNTS_HOME_FIRSTTIME;
+
     protected static final String ROLE_ADMIN_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
     protected static final String ROLE_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
     protected static final String ROLE_SELF_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR";
diff --git a/home/src/main/resources/rdf/auth/everytime/attribute_types.n3 b/home/src/main/resources/rdf/auth/firsttime/attribute_types.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/attribute_types.n3
rename to home/src/main/resources/rdf/auth/firsttime/attribute_types.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/attributes.n3 b/home/src/main/resources/rdf/auth/firsttime/attributes.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/attributes.n3
rename to home/src/main/resources/rdf/auth/firsttime/attributes.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/decisions.n3 b/home/src/main/resources/rdf/auth/firsttime/decisions.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/decisions.n3
rename to home/src/main/resources/rdf/auth/firsttime/decisions.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/object_types.n3 b/home/src/main/resources/rdf/auth/firsttime/object_types.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/object_types.n3
rename to home/src/main/resources/rdf/auth/firsttime/object_types.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/ontology.n3 b/home/src/main/resources/rdf/auth/firsttime/ontology.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/ontology.n3
rename to home/src/main/resources/rdf/auth/firsttime/ontology.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/operation_groups.n3 b/home/src/main/resources/rdf/auth/firsttime/operation_groups.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/operation_groups.n3
rename to home/src/main/resources/rdf/auth/firsttime/operation_groups.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/operations.n3 b/home/src/main/resources/rdf/auth/firsttime/operations.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/operations.n3
rename to home/src/main/resources/rdf/auth/firsttime/operations.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/permission_config.n3 b/home/src/main/resources/rdf/auth/firsttime/permission_config.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/permission_config.n3
rename to home/src/main/resources/rdf/auth/firsttime/permission_config.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_display_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_display_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_display_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_display_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_display_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_display_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_display_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_display_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_display_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_display_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_publish_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_publish_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_publish_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_publish_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_publish_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_publish_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_simple_permissions.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_simple_permissions.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_simple_permissions.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_simple_permissions.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_update_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_update_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_update_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_update_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_update_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_update_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_update_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_update_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_update_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_update_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_update_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_update_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_update_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_admin_update_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_admin_update_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_display_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_display_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_display_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_display_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_display_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_display_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_display_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_display_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_display_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_display_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_display_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_display_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_display_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_display_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_display_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_display_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_display_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_display_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_display_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_display_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_publish_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_publish_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_publish_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_publish_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_publish_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_publish_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_simple_permissions.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_simple_permissions.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_simple_permissions.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_simple_permissions.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_update_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_update_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_update_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_update_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_update_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_update_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_update_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_update_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_update_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_update_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_update_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_update_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_update_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_update_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_update_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_update_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_curator_update_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_curator_update_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_curator_update_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_curator_update_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editable_pages.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editable_pages.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editable_pages.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editable_pages.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_display_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_display_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_display_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_display_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_display_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_display_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_display_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_display_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_display_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_display_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_display_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_display_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_display_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_display_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_display_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_display_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_display_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_display_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_publish_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_publish_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_publish_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_publish_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_publish_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_publish_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_simple_permissions.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_simple_permissions.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_simple_permissions.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_simple_permissions.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_update_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_update_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_update_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_update_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_update_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_update_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_update_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_update_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_update_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_update_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_update_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_update_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_update_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_update_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_editor_update_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_editor_update_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_editor_update_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_editor_update_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_menu_items_editing.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_menu_items_editing.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_menu_items_editing.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_not_modifiable_statements.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_not_modifiable_statements.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_not_modifiable_statements.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_not_modifiable_statements.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_display_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_public_display_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_public_display_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_public_display_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_display_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_public_display_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_public_display_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_public_display_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_display_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_public_display_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_public_display_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_public_display_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_display_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_public_display_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_public_display_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_public_display_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_display_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_public_display_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_public_display_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_public_display_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_simple_permissions.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_public_simple_permissions.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_public_simple_permissions.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_public_simple_permissions.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_update_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_public_update_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_public_update_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_public_update_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_update_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_public_update_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_public_update_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_public_update_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_public_update_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_public_update_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_public_update_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_public_update_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_root_user.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_root_user.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_root_user.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_root_user.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_display_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_publish_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_simple_permissions.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_simple_permissions.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_simple_permissions.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_simple_permissions.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_class.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_class.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_class.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_faux_data_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_faux_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/policy_self_editor_update_object_property.n3
rename to home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/subject_types.n3 b/home/src/main/resources/rdf/auth/firsttime/subject_types.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/subject_types.n3
rename to home/src/main/resources/rdf/auth/firsttime/subject_types.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/test_types.n3 b/home/src/main/resources/rdf/auth/firsttime/test_types.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/test_types.n3
rename to home/src/main/resources/rdf/auth/firsttime/test_types.n3
diff --git a/home/src/main/resources/rdf/auth/everytime/test_values.n3 b/home/src/main/resources/rdf/auth/firsttime/test_values.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/everytime/test_values.n3
rename to home/src/main/resources/rdf/auth/firsttime/test_values.n3

From 6ee958b9f48446ec5c2b1c9384d8c70ab10abeac Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Fri, 9 Jun 2023 17:21:17 +0200
Subject: [PATCH 017/148] fixed faux property policies, fixed faux property
 assignment in web interface

---
 .../auth/attributes/AccessObjectType.java     |   1 -
 .../webapp/auth/policy/PolicyLoader.java      |   2 +-
 .../edit/FauxPropertyRetryController.java     |  15 +-
 .../webapp/auth/policy/BasicPolicyTest.java   |  24 +++
 .../vitro/webapp/auth/policy/PolicyTest.java  | 180 +++++++++---------
 ...policy_admin_display_faux_data_property.n3 |   4 +-
 ...licy_admin_display_faux_object_property.n3 |   4 +-
 .../policy_admin_display_object_property.n3   |   4 +-
 .../edit/specific/fauxProperty_retry.jsp      |   2 +-
 9 files changed, 138 insertions(+), 98 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
index 61851d87cc..b0e915a097 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
@@ -4,7 +4,6 @@ public enum AccessObjectType {
     ANY,
     CLASS,
     NAMED_OBJECT,
-    FAUX_PROPERTY,
     DATA_PROPERTY,
     OBJECT_PROPERTY,
     DATA_PROPERTY_STATEMENT,
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index c4ed1820e0..dcff71c59b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -235,7 +235,7 @@ public void loadPolicies() {
             debug("Loading policy %s", uri);
             DynamicPolicy policy = loadPolicy(uri);
             if (policy != null) {
-                debug("Loaded policy %s", uri);
+                log.info("Loaded policy " + uri);
                 // take policy priority into account
                 PolicyStore.getInstance().add(policy);
             }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java
index ae43c4519f..e71fd6234c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java
@@ -72,8 +72,15 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) {
 		req.setAttribute("scripts", "/templates/edit/formBasic.js");
 		req.setAttribute("title", "Faux Property Editing Form");
 		req.setAttribute("_action", epo.getAction());
+		AccessObjectType aot;
+		if (populator.isFauxDataProperty()) {
+		    aot = AccessObjectType.FAUX_DATA_PROPERTY;
+		} else {
+		    aot = AccessObjectType.FAUX_OBJECT_PROPERTY;
+		}
+        req.setAttribute("_faux_property_type", aot);
 
-		addAccessAttributes(req, populator.beanForEditing.getConfigUri(), AccessObjectType.FAUX_PROPERTY);
+		addAccessAttributes(req, populator.beanForEditing.getConfigUri(), aot);
 
 		setRequestAttributes(req, epo);
 
@@ -108,7 +115,11 @@ private static class EpoPopulator {
 		
 		private boolean isFauxDataProperty = false;
 
-		EpoPopulator(HttpServletRequest req, EditProcessObject epo) {
+		public boolean isFauxDataProperty() {
+            return isFauxDataProperty;
+        }
+
+        EpoPopulator(HttpServletRequest req, EditProcessObject epo) {
 			this.req = new VitroRequest(req);
 			this.ctx = req.getSession().getServletContext();
 			this.wadf = ModelAccess.on(req).getWebappDaoFactory(POLICY_NEUTRAL);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
index 394c67e906..4220bc08f4 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
@@ -1,9 +1,14 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.ModelFactory;
 import org.junit.Test;
 
 public class BasicPolicyTest extends PolicyTest {
@@ -76,4 +81,23 @@ public void testBrokenSet() {
         assertTrue(policy == null);
     }
     
+    @Test
+    public void testDuplicateTriplesInPolicies() {
+        Model m = ModelFactory.createDefaultModel();
+        Map<String,Long> pathToSizeMap = new HashMap<>();
+        for ( String entityPolicyPath : entityPolicies) {
+            load(m, entityPolicyPath);
+            pathToSizeMap.put(entityPolicyPath, m.size());
+            m.removeAll();
+        }
+        long cumulativeSize = 0;
+        for ( String entityPolicyPath : entityPolicies) {
+            load(m, entityPolicyPath);
+            cumulativeSize += pathToSizeMap.get(entityPolicyPath);
+            if (cumulativeSize != m.size()) {
+                System.out.println(entityPolicyPath);
+            }
+            assertEquals(cumulativeSize, m.size());
+        }
+    }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 3510b618c2..bd96e73d02 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -146,7 +146,97 @@ public class PolicyTest {
     public static final String EXT = ".n3";
     
     private static final Log log = LogFactory.getLog(PolicyTest.class);
+    
+    protected static final List<String> entityPolicies = Arrays.asList(
+            ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH,
+            ADMIN_DISPLAY_DATA_PROP_POLICY_PATH,
+            ADMIN_DISPLAY_CLASS_POLICY_PATH,
+            
+            CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH,
+            CURATOR_DISPLAY_DATA_PROP_POLICY_PATH,
+            CURATOR_DISPLAY_CLASS_POLICY_PATH,
+            
+            PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH,
+            PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH,
+            PUBLIC_DISPLAY_CLASS_POLICY_PATH,
+            
+            SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH,
+            SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH,
+            SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH,
+            
+            EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH,
+            EDITOR_DISPLAY_DATA_PROP_POLICY_PATH,
+            EDITOR_DISPLAY_CLASS_POLICY_PATH,
+            
+            ADMIN_UPDATE_OBJ_PROP_POLICY_PATH,
+            ADMIN_UPDATE_DATA_PROP_POLICY_PATH,
+            ADMIN_UPDATE_CLASS_POLICY_PATH,
+            
+            CURATOR_UPDATE_OBJ_PROP_POLICY_PATH,
+            CURATOR_UPDATE_DATA_PROP_POLICY_PATH,
+            CURATOR_UPDATE_CLASS_POLICY_PATH,
+            
+            PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH,
+            PUBLIC_UPDATE_DATA_PROP_POLICY_PATH,
+            PUBLIC_UPDATE_CLASS_POLICY_PATH,
+            
+            SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH,
+            SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH,
+            SELF_EDITOR_UPDATE_CLASS_POLICY_PATH,
 
+            EDITOR_UPDATE_OBJ_PROP_POLICY_PATH,
+            EDITOR_UPDATE_DATA_PROP_POLICY_PATH,
+            EDITOR_UPDATE_CLASS_POLICY_PATH,
+            
+            ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH,
+            ADMIN_PUBLISH_DATA_PROP_POLICY_PATH,
+            ADMIN_PUBLISH_CLASS_POLICY_PATH,
+            
+            CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH,
+            CURATOR_PUBLISH_DATA_PROP_POLICY_PATH,
+            CURATOR_PUBLISH_CLASS_POLICY_PATH,
+            
+            SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH,
+            SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH,
+            SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH,
+            
+            EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH,
+            EDITOR_PUBLISH_DATA_PROP_POLICY_PATH,
+            EDITOR_PUBLISH_CLASS_POLICY_PATH,
+            
+            ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            
+            ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            
+            ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            
+            ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
+            CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
+            EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
+            SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
+            PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
+            
+            ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
+            CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
+            EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
+            SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
+            
+            ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
+            CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
+            EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
+            SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH
+            );
+    
     protected Model userAccountsModel;
     protected PolicyLoader loader;
     protected Dataset ds;
@@ -197,93 +287,9 @@ protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<
     }
     
     protected void loadAllEntityPolicies() {
-        load(ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH);
-        load(ADMIN_DISPLAY_DATA_PROP_POLICY_PATH);
-        load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
-        
-        load(CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH);
-        load(CURATOR_DISPLAY_DATA_PROP_POLICY_PATH);
-        load(CURATOR_DISPLAY_CLASS_POLICY_PATH);
-        
-        load(PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH);
-        load(PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH);
-        load(PUBLIC_DISPLAY_CLASS_POLICY_PATH);
-        
-        load(SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH);
-        load(SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH);
-        load(SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH);
-        
-        load(EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH);
-        load(EDITOR_DISPLAY_DATA_PROP_POLICY_PATH);
-        load(EDITOR_DISPLAY_CLASS_POLICY_PATH);
-        
-        load(ADMIN_UPDATE_OBJ_PROP_POLICY_PATH);
-        load(ADMIN_UPDATE_DATA_PROP_POLICY_PATH);
-        load(ADMIN_UPDATE_CLASS_POLICY_PATH);
-        
-        load(CURATOR_UPDATE_OBJ_PROP_POLICY_PATH);
-        load(CURATOR_UPDATE_DATA_PROP_POLICY_PATH);
-        load(CURATOR_UPDATE_CLASS_POLICY_PATH);
-        
-        load(PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH);
-        load(PUBLIC_UPDATE_DATA_PROP_POLICY_PATH);
-        load(PUBLIC_UPDATE_CLASS_POLICY_PATH);
-        
-        load(SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH);
-        load(SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH);
-        load(SELF_EDITOR_UPDATE_CLASS_POLICY_PATH);
-
-        load(EDITOR_UPDATE_OBJ_PROP_POLICY_PATH);
-        load(EDITOR_UPDATE_DATA_PROP_POLICY_PATH);
-        load(EDITOR_UPDATE_CLASS_POLICY_PATH);
-        
-        load(ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH);
-        load(ADMIN_PUBLISH_DATA_PROP_POLICY_PATH);
-        load(ADMIN_PUBLISH_CLASS_POLICY_PATH);
-        
-        load(CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH);
-        load(CURATOR_PUBLISH_DATA_PROP_POLICY_PATH);
-        load(CURATOR_PUBLISH_CLASS_POLICY_PATH);
-        
-        load(SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH);
-        load(SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH);
-        load(SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH);
-        
-        load(EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH);
-        load(EDITOR_PUBLISH_DATA_PROP_POLICY_PATH);
-        load(EDITOR_PUBLISH_CLASS_POLICY_PATH);
-        
-        load(ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        load(CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        load(EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        load(SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        load(PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        
-        load(ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        load(CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        load(EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        load(SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        
-        load(ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        load(CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        load(EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        load(SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH);
-        
-        load(ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH);
-        load(CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH);
-        load(EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH);
-        load(SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH);
-        load(PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH);
-        
-        load(ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH);
-        load(CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH);
-        load(EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH);
-        load(SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH);
-        
-        load(ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH);
-        load(CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH);
-        load(EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH);
-        load(SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH);
+        for (String policyPath : entityPolicies) {
+            load(policyPath);
+        }
     }
     
     protected void load(String filePath) {
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_data_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_data_property.n3
index 8b44b561e5..544f3455fc 100644
--- a/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_data_property.n3
+++ b/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_data_property.n3
@@ -13,7 +13,7 @@ ai:AdminDisplayFauxDataPropertyPolicy rdf:type ao:Policy ;
           ao:policyKey ai:AdminDisplayFauxDataPropertyPolicyKey .
 
 ai:AdminDisplayFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminDisplayObjectStatementPropertyRule ;
+          ao:rule ai:AllowAdminDisplayFauxDataPropertyStatementRule ;
           ao:rule ai:AllowAdminDisplayFauxDataPropertyRule .
 
 ai:AdminDisplayFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
@@ -33,7 +33,7 @@ ai:AllowAdminDisplayFauxDataPropertyRule rdf:type ao:Rule;
           ao:attribute ai:FauxDataPropertyTypeAttribute ;
           ao:attribute ai:AdminDisplayFauxDataPropertyAttribute .
 
-ai:AllowAdminDisplayObjectStatementPropertyRule rdf:type ao:Rule;
+ai:AllowAdminDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
           ao:attribute ai:DisplayOperationAttribute ;
           ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_object_property.n3
index 0393fd3a89..44c1a38724 100644
--- a/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_object_property.n3
@@ -13,7 +13,7 @@ ai:AdminDisplayFauxObjectPropertyPolicy rdf:type ao:Policy ;
           ao:policyKey ai:AdminDisplayFauxObjectPropertyPolicyKey .
 
 ai:AdminDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminDisplayObjectStatementPropertyRule ;
+          ao:rule ai:AllowAdminDisplayFauxObjectPropertyStatementRule ;
           ao:rule ai:AllowAdminDisplayFauxObjectPropertyRule .
 
 ai:AdminDisplayFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
@@ -33,7 +33,7 @@ ai:AllowAdminDisplayFauxObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:FauxObjectPropertyTypeAttribute ;
           ao:attribute ai:AdminDisplayFauxObjectPropertyAttribute .
 
-ai:AllowAdminDisplayObjectStatementPropertyRule rdf:type ao:Rule;
+ai:AllowAdminDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
           ao:attribute ai:DisplayOperationAttribute ;
           ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_object_property.n3 b/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_object_property.n3
index 3946a22b77..8dd572284f 100644
--- a/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_object_property.n3
+++ b/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_object_property.n3
@@ -13,7 +13,7 @@ ai:AdminDisplayObjectPropertyPolicy rdf:type ao:Policy ;
           ao:policyKey ai:AdminDisplayObjectPropertyPolicyKey .
 
 ai:AdminDisplayObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminDisplayObjectStatementPropertyRule ;
+          ao:rule ai:AllowAdminDisplayObjectPropertyStatementRule ;
           ao:rule ai:AllowAdminDisplayObjectPropertyRule .
 
 ai:AdminDisplayObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
@@ -33,7 +33,7 @@ ai:AllowAdminDisplayObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:ObjectPropertyTypeAttribute ;
           ao:attribute ai:AdminDisplayObjectPropertyAttribute .
 
-ai:AllowAdminDisplayObjectStatementPropertyRule rdf:type ao:Rule;
+ai:AllowAdminDisplayObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
           ao:attribute ai:DisplayOperationAttribute ;
           ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
diff --git a/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp
index fe2112ff9c..3f6ce4160e 100644
--- a/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp
@@ -64,7 +64,7 @@
 <c:if test="${!empty roles}">
     <input id="_permissions" type="hidden" name="_permissions" value="enabled" />
     <input id="_permissionsEntityURI" type="hidden" name="_permissionsEntityURI" value="${_permissionsEntityURI}" />
-    <input id="_permissionsEntityType" type="hidden" name="_permissionsEntityType" value="FAUX_PROPERTY" />
+    <input id="_permissionsEntityType" type="hidden" name="_permissionsEntityType" value="${_faux_property_type}" />
     <tr class="editformcell">
         <td valign="top" colspan="5">
             <b>Display</b> permissions for this property<br/>

From fc1d998a292922eca13cc878c2c5d3fd668cb09c Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 12 Jun 2023 08:06:44 +0200
Subject: [PATCH 018/148] created special graph for access control
 configurations

---
 .../webapp/auth/policy/PolicyLoader.java      | 22 +++++++++----------
 .../webapp/migration/auth/AuthMigrator.java   |  2 +-
 .../vitro/webapp/modelaccess/ModelNames.java  |  5 ++++-
 .../ConfigurationTripleSource.java            |  4 ++++
 .../setup/ConfigurationModelsSetup.java       |  2 ++
 .../vitro/webapp/auth/policy/PolicyTest.java  | 16 +++++++-------
 .../migration/auth/AuthMigratorTest.java      |  8 +++----
 .../firsttime/attribute_types.n3              |  0
 .../firsttime/attributes.n3                   |  0
 .../firsttime/decisions.n3                    |  0
 .../firsttime/object_types.n3                 |  0
 .../firsttime/ontology.n3                     |  0
 .../firsttime/operation_groups.n3             |  0
 .../firsttime/operations.n3                   |  0
 .../firsttime/policy_admin_display_class.n3   |  0
 .../policy_admin_display_data_property.n3     |  0
 ...policy_admin_display_faux_data_property.n3 |  0
 ...licy_admin_display_faux_object_property.n3 |  0
 .../policy_admin_display_object_property.n3   |  0
 .../firsttime/policy_admin_publish_class.n3   |  0
 .../policy_admin_publish_data_property.n3     |  0
 ...policy_admin_publish_faux_data_property.n3 |  0
 ...licy_admin_publish_faux_object_property.n3 |  0
 .../policy_admin_publish_object_property.n3   |  0
 .../policy_admin_simple_permissions.n3        |  0
 ...policy_admin_simple_permissions_dataset.n3 |  0
 .../firsttime/policy_admin_update_class.n3    |  0
 .../policy_admin_update_data_property.n3      |  0
 .../policy_admin_update_faux_data_property.n3 |  0
 ...olicy_admin_update_faux_object_property.n3 |  0
 .../policy_admin_update_object_property.n3    |  0
 .../firsttime/policy_curator_display_class.n3 |  0
 .../policy_curator_display_data_property.n3   |  0
 ...licy_curator_display_faux_data_property.n3 |  0
 ...cy_curator_display_faux_object_property.n3 |  0
 .../policy_curator_display_object_property.n3 |  0
 .../firsttime/policy_curator_publish_class.n3 |  0
 .../policy_curator_publish_data_property.n3   |  0
 ...licy_curator_publish_faux_data_property.n3 |  0
 ...cy_curator_publish_faux_object_property.n3 |  0
 .../policy_curator_publish_object_property.n3 |  0
 .../policy_curator_simple_permissions.n3      |  0
 ...licy_curator_simple_permissions_dataset.n3 |  0
 .../firsttime/policy_curator_update_class.n3  |  0
 .../policy_curator_update_data_property.n3    |  0
 ...olicy_curator_update_faux_data_property.n3 |  0
 ...icy_curator_update_faux_object_property.n3 |  0
 .../policy_curator_update_object_property.n3  |  0
 .../firsttime/policy_editable_pages.n3        |  0
 .../firsttime/policy_editor_display_class.n3  |  0
 .../policy_editor_display_data_property.n3    |  0
 ...olicy_editor_display_faux_data_property.n3 |  0
 ...icy_editor_display_faux_object_property.n3 |  0
 .../policy_editor_display_object_property.n3  |  0
 .../firsttime/policy_editor_publish_class.n3  |  0
 .../policy_editor_publish_data_property.n3    |  0
 ...olicy_editor_publish_faux_data_property.n3 |  0
 ...icy_editor_publish_faux_object_property.n3 |  0
 .../policy_editor_publish_object_property.n3  |  0
 .../policy_editor_simple_permissions.n3       |  0
 ...olicy_editor_simple_permissions_dataset.n3 |  0
 .../firsttime/policy_editor_update_class.n3   |  0
 .../policy_editor_update_data_property.n3     |  0
 ...policy_editor_update_faux_data_property.n3 |  0
 ...licy_editor_update_faux_object_property.n3 |  0
 .../policy_editor_update_object_property.n3   |  0
 .../firsttime/policy_menu_items_editing.n3    |  0
 .../policy_not_modifiable_statements.n3       |  0
 ...olicy_not_modifiable_statements_dataset.n3 |  0
 .../firsttime/policy_public_display_class.n3  |  0
 .../policy_public_display_data_property.n3    |  0
 ...olicy_public_display_faux_data_property.n3 |  0
 ...icy_public_display_faux_object_property.n3 |  0
 .../policy_public_display_object_property.n3  |  0
 .../policy_public_simple_permissions.n3       |  0
 ...olicy_public_simple_permissions_dataset.n3 |  0
 .../firsttime/policy_public_update_class.n3   |  0
 .../policy_public_update_data_property.n3     |  0
 .../policy_public_update_object_property.n3   |  0
 .../firsttime/policy_root_user.n3             |  0
 .../policy_self_editor_display_class.n3       |  0
 ...olicy_self_editor_display_data_property.n3 |  0
 ..._self_editor_display_faux_data_property.n3 |  0
 ...elf_editor_display_faux_object_property.n3 |  0
 ...icy_self_editor_display_object_property.n3 |  0
 .../policy_self_editor_publish_class.n3       |  0
 ...olicy_self_editor_publish_data_property.n3 |  0
 ..._self_editor_publish_faux_data_property.n3 |  0
 ...elf_editor_publish_faux_object_property.n3 |  0
 ...icy_self_editor_publish_object_property.n3 |  0
 .../policy_self_editor_simple_permissions.n3  |  0
 ..._self_editor_simple_permissions_dataset.n3 |  0
 .../policy_self_editor_update_class.n3        |  0
 ...policy_self_editor_update_data_property.n3 |  0
 ...y_self_editor_update_faux_data_property.n3 |  0
 ...self_editor_update_faux_object_property.n3 |  0
 ...licy_self_editor_update_object_property.n3 |  0
 .../firsttime/subject_types.n3                |  0
 .../firsttime/test_types.n3                   |  0
 .../firsttime/test_values.n3                  |  0
 100 files changed, 34 insertions(+), 25 deletions(-)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/attribute_types.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/attributes.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/decisions.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/object_types.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/ontology.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/operation_groups.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/operations.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_display_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_display_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_display_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_display_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_display_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_publish_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_publish_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_publish_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_publish_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_publish_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_simple_permissions.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_simple_permissions_dataset.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_update_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_update_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_update_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_update_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_admin_update_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_display_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_display_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_display_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_display_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_display_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_publish_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_publish_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_publish_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_publish_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_publish_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_simple_permissions.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_simple_permissions_dataset.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_update_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_update_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_update_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_update_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_curator_update_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editable_pages.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_display_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_display_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_display_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_display_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_display_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_publish_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_publish_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_publish_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_publish_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_publish_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_simple_permissions.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_simple_permissions_dataset.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_update_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_update_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_update_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_update_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_editor_update_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_menu_items_editing.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_not_modifiable_statements.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_not_modifiable_statements_dataset.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_public_display_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_public_display_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_public_display_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_public_display_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_public_display_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_public_simple_permissions.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_public_simple_permissions_dataset.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_public_update_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_public_update_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_public_update_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_root_user.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_display_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_display_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_display_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_display_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_display_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_publish_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_publish_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_publish_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_publish_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_publish_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_simple_permissions.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_simple_permissions_dataset.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_update_class.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_update_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_update_faux_data_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_update_faux_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/policy_self_editor_update_object_property.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/subject_types.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/test_types.n3 (100%)
 rename home/src/main/resources/rdf/{auth => accessControl}/firsttime/test_values.n3 (100%)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index dcff71c59b..2ec93f40fd 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -47,7 +47,7 @@ public class PolicyLoader {
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n" 
             + "SELECT DISTINCT ?" + POLICY + " ?" + PRIORITY + " \n" 
             + "WHERE {\n"
-            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n" 
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n" 
             + "    ?" + POLICY + " rdf:type ao:Policy .\n" 
             + "    OPTIONAL {?" + POLICY + " ao:priority ?set_priority" 
             + " . }\n"
@@ -64,7 +64,7 @@ public class PolicyLoader {
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n" 
             + "SELECT DISTINCT ?" + PRIORITY + " \n" 
             + "WHERE {\n"
-            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n" 
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n" 
             + "    ?" + POLICY  + " rdf:type ao:Policy .\n" 
             + "    OPTIONAL {?" + POLICY + " ao:priority ?set_priority" + " . }\n"
             + "    BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n" 
@@ -79,7 +79,7 @@ public class PolicyLoader {
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?dataSet \n" + "WHERE {\n"
-            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "       ?policy ao:testDatasets ?dataSets .\n" 
             + "       ?policy rdf:type ao:Policy .\n"
             + "       ?dataSets ao:testDataset ?dataSet .\n" 
@@ -94,7 +94,7 @@ public class PolicyLoader {
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id \n" + "WHERE {\n"
-            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "?policy rdf:type ao:Policy .\n" 
             + "?policy ao:rules ?rules . \n" 
             + "?rules ao:rule ?rule . \n"
@@ -129,7 +129,7 @@ public class PolicyLoader {
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id ?dataSetUri \n"
             + "WHERE {\n" 
-            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "?policy rdf:type ao:Policy .\n" 
             + "?policy ao:rules ?rules . \n" 
             + "?rules rdf:type ao:Rules . \n"
@@ -176,7 +176,7 @@ public class PolicyLoader {
             + "SELECT DISTINCT ?"
             + POLICY + "?testData ?value ?valueId ( COUNT(?key) AS ?keySize ) \n" 
             + "WHERE {\n"
-            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n" 
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n" 
             + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n" 
             + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
             + "  ?testDataSets ao:testDataset ?dataSet . \n" 
@@ -200,7 +200,7 @@ public class PolicyLoader {
             + "  ?testData ao:dataValue <%s> .\n" 
             + "}\n" 
             + "WHERE {\n"
-            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n" 
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n" 
             + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n" 
             + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
             + "  ?testDataSets ao:testDataset ?dataSet . \n" 
@@ -398,18 +398,18 @@ public void modifyPolicyDataSetValue(String entityUri, OperationGroup og, Access
     private void updateUserAccountsModel(Model data, boolean isAdd) {
         StringWriter sw = new StringWriter();
         data.write(sw, "TTL");
-        updateUserAccountsModel(sw.toString(), isAdd);
+        updateAccessControlModel(sw.toString(), isAdd);
     }
 
-    public void updateUserAccountsModel(String data, boolean isAdd) {
+    public void updateAccessControlModel(String data, boolean isAdd) {
         try {
             ChangeSet changeSet = makeChangeSet();
             InputStream in = new ByteArrayInputStream(data.getBytes());
             debug(modelToString(data, isAdd));
             if (isAdd) {
-                changeSet.addAddition(in, ModelSerializationFormat.N3, ModelNames.USER_ACCOUNTS);
+                changeSet.addAddition(in, ModelSerializationFormat.N3, ModelNames.ACCESS_CONTROL);
             } else {
-                changeSet.addRemoval(in, ModelSerializationFormat.N3, ModelNames.USER_ACCOUNTS);
+                changeSet.addRemoval(in, ModelSerializationFormat.N3, ModelNames.ACCESS_CONTROL);
             }
             rdfService.changeSetUpdate(changeSet);
         } catch (RDFServiceException e) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 00c901f541..30bbe30004 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -158,7 +158,7 @@ private long updatePolicyDatasets(AccessObjectType aot, Map<String, Map<Operatio
             }
         }
         long begin = System.currentTimeMillis();
-        PolicyLoader.getInstance().updateUserAccountsModel(sb.toString(), true);
+        PolicyLoader.getInstance().updateAccessControlModel(sb.toString(), true);
         log.info(secondsSince(begin) + "Spent on write to model");
         return getLineCount(sb.toString());
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelNames.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelNames.java
index d3295234bd..b959d23e42 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelNames.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelNames.java
@@ -36,6 +36,8 @@ public class ModelNames {
 	public static final String DISPLAY_DISPLAY_FIRSTTIME_BACKUP = DISPLAY_DISPLAY + "FirsttimeBackup";
 	public static final String INTERFACE_I18N = "http://vitro.mannlib.cornell.edu/default/interface-i18n";
 	public static final String INTERFACE_I18N_FIRSTTIME_BACKUP = INTERFACE_I18N + "FirsttimeBackup";
+    public static final String ACCESS_CONTROL = "http://vitro.mannlib.cornell.edu/default/access-control";
+    public static final String ACCESS_CONTROL_FIRSTTIME_BACKUP = ACCESS_CONTROL + "FirsttimeBackup";
 
 
 
@@ -70,7 +72,8 @@ private static Map<String, String> populateNamesMap() {
 		map.put("DISPLAY_DISPLAY_FIRSTTIME_BACKUP", DISPLAY_DISPLAY_FIRSTTIME_BACKUP);
 		map.put("INTERFACE_I18N", INTERFACE_I18N);
 		map.put("INTERFACE_I18N_FIRSTTIME_BACKUP", INTERFACE_I18N_FIRSTTIME_BACKUP);
-
+        map.put("INTERFACE_I18N", ACCESS_CONTROL);
+        map.put("INTERFACE_I18N_FIRSTTIME_BACKUP", ACCESS_CONTROL_FIRSTTIME_BACKUP);
 		return Collections.unmodifiableMap(map);
 	}
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modules/tripleSource/ConfigurationTripleSource.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modules/tripleSource/ConfigurationTripleSource.java
index 06f141e7d6..1d64f9ad04 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modules/tripleSource/ConfigurationTripleSource.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modules/tripleSource/ConfigurationTripleSource.java
@@ -15,6 +15,8 @@
 import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames.DISPLAY_DISPLAY_FIRSTTIME_BACKUP;
 import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames.INTERFACE_I18N ;
 import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames.INTERFACE_I18N_FIRSTTIME_BACKUP;
+import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames.ACCESS_CONTROL;
+import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames.ACCESS_CONTROL_FIRSTTIME_BACKUP;
 
 
 
@@ -42,6 +44,8 @@ public abstract class ConfigurationTripleSource implements TripleSource {
 			DISPLAY_DISPLAY_FIRSTTIME_BACKUP, 
 			INTERFACE_I18N,
 			INTERFACE_I18N_FIRSTTIME_BACKUP,
+			ACCESS_CONTROL, 
+			ACCESS_CONTROL_FIRSTTIME_BACKUP,
 	};
 
 	/**
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/servlet/setup/ConfigurationModelsSetup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/servlet/setup/ConfigurationModelsSetup.java
index 564b9645f9..e17e6bbe9f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/servlet/setup/ConfigurationModelsSetup.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/servlet/setup/ConfigurationModelsSetup.java
@@ -6,6 +6,7 @@
 import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames.DISPLAY_DISPLAY;
 import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames.DISPLAY_TBOX;
 import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames.USER_ACCOUNTS;
+import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames.ACCESS_CONTROL;
 import static edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames.INTERFACE_I18N;
 
 import javax.servlet.ServletContext;
@@ -40,6 +41,7 @@ public void contextInitialized(ServletContextEvent sce) {
 			setupModel(ctx, DISPLAY_TBOX, "displayTbox");
 			setupModel(ctx, DISPLAY_DISPLAY, "displayDisplay");
 			setupModel(ctx, USER_ACCOUNTS, "auth");
+            setupModel(ctx, ACCESS_CONTROL, "accessControl");
 			setupModel(ctx, INTERFACE_I18N, "interface-i18n");
 			ss.info(this, "Set up the display models and the user accounts model.");
 		} catch (Exception e) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index bd96e73d02..3b11255d3d 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -24,7 +24,7 @@
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
 
 public class PolicyTest {
-    public static final String USER_ACCOUNTS_HOME_FIRSTTIME = "../home/src/main/resources/rdf/auth/firsttime/";
+    public static final String USER_ACCOUNTS_HOME_FIRSTTIME = "../home/src/main/resources/rdf/accessControl/firsttime/";
 
     public static final String USER_ACCOUNTS_HOME_EVERYTIME = USER_ACCOUNTS_HOME_FIRSTTIME;
 
@@ -237,15 +237,15 @@ public class PolicyTest {
             SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH
             );
     
-    protected Model userAccountsModel;
+    protected Model accessControlModel;
     protected PolicyLoader loader;
     protected Dataset ds;
 
     @Before
     public void init() {
-        userAccountsModel = ModelFactory.createDefaultModel();
+        accessControlModel = ModelFactory.createDefaultModel();
         ds = DatasetFactory.createTxnMem();
-        ds.addNamedModel(ModelNames.USER_ACCOUNTS, userAccountsModel);
+        ds.addNamedModel(ModelNames.ACCESS_CONTROL, accessControlModel);
         load(ATTRIBUTES_PATH);
         load(OPERATIONS_PATH);
         load(OPERATION_GROUPS);
@@ -294,12 +294,12 @@ protected void loadAllEntityPolicies() {
     
     protected void load(String filePath) {
         try {
-            userAccountsModel.enterCriticalSection(Lock.WRITE);
-            userAccountsModel.read(filePath);
+            accessControlModel.enterCriticalSection(Lock.WRITE);
+            accessControlModel.read(filePath);
         } finally {
-            userAccountsModel.leaveCriticalSection();
+            accessControlModel.leaveCriticalSection();
         }
-        ds.replaceNamedModel("http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts", userAccountsModel);
+        ds.replaceNamedModel(ModelNames.ACCESS_CONTROL, accessControlModel);
 
     }
     
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
index a736850527..9114e892c8 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
@@ -59,11 +59,11 @@ public void testGetAnnotationConfigs() {
     @Test
     public void testConvertAnnotationConfiguration() {
         Model tmpModel = ModelFactory.createDefaultModel();
-        tmpModel.add(ds.getNamedModel(ModelNames.USER_ACCOUNTS));
-        long initialSize = userAccountsModel.size();
+        tmpModel.add(ds.getNamedModel(ModelNames.ACCESS_CONTROL));
+        long initialSize = accessControlModel.size();
         migrator.convertAnnotationConfiguration();
-        assertTrue(ds.getNamedModel(ModelNames.USER_ACCOUNTS).size() > initialSize);
-        Model diff = ds.getNamedModel(ModelNames.USER_ACCOUNTS).difference(tmpModel);
+        assertTrue(ds.getNamedModel(ModelNames.ACCESS_CONTROL).size() > initialSize);
+        Model diff = ds.getNamedModel(ModelNames.ACCESS_CONTROL).difference(tmpModel);
         try(ByteArrayOutputStream baos = new ByteArrayOutputStream()){
             diff.write(baos, "TTL");
             String newData = baos.toString();
diff --git a/home/src/main/resources/rdf/auth/firsttime/attribute_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/attribute_types.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/attribute_types.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/attribute_types.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/attributes.n3 b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/attributes.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/decisions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/decisions.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/object_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/object_types.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/ontology.n3 b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/ontology.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/operation_groups.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/operation_groups.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/operations.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/operations.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/operations.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_display_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_display_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_display_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_display_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_publish_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_simple_permissions.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions_dataset.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_simple_permissions_dataset.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions_dataset.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_update_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_update_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_update_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_update_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_admin_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_admin_update_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_display_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_display_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_display_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_display_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_display_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_publish_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_simple_permissions.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions_dataset.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_simple_permissions_dataset.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions_dataset.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_update_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_update_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_update_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_update_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_curator_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_curator_update_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editable_pages.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_display_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_display_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_display_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_display_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_display_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_publish_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_simple_permissions.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions_dataset.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_simple_permissions_dataset.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions_dataset.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_update_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_update_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_update_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_update_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_editor_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_editor_update_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_menu_items_editing.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_not_modifiable_statements.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_not_modifiable_statements_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_not_modifiable_statements_dataset.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_public_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_public_display_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_public_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_public_display_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_public_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_public_display_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_public_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_public_display_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_public_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_public_display_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_public_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_public_simple_permissions.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_public_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions_dataset.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_public_simple_permissions_dataset.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions_dataset.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_public_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_public_update_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_public_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_public_update_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_public_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_public_update_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_root_user.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_root_user.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_display_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_publish_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_simple_permissions.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions_dataset.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_simple_permissions_dataset.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions_dataset.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_faux_data_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_faux_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/policy_self_editor_update_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/subject_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/subject_types.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/subject_types.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/subject_types.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/test_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/test_types.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/test_types.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/test_types.n3
diff --git a/home/src/main/resources/rdf/auth/firsttime/test_values.n3 b/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
similarity index 100%
rename from home/src/main/resources/rdf/auth/firsttime/test_values.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/test_values.n3

From 0d7086f92c6e524822df7be1490cba25e2ac5840 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 12 Jun 2023 08:07:41 +0200
Subject: [PATCH 019/148] remove values in annotation migration

---
 .../webapp/migration/auth/AuthMigrator.java   | 43 ++++++++++---------
 1 file changed, 23 insertions(+), 20 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 30bbe30004..8121b9f136 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -109,16 +109,16 @@ protected void convertAnnotationConfiguration() {
         log.info(String.format("Found %s faux object property annotation configurations", fopConfigs.size()));
         Map<String, Map<OperationGroup, Set<String>>> fdpConfigs = getFauxDataPropertyAnnotations(dpConfigs.keySet());
         log.info(String.format("Found %s faux data property annotation configurations", fdpConfigs.size()));
-        long lines = updatePolicyDatasets(AccessObjectType.OBJECT_PROPERTY, opConfigs);
-        log.info(String.format("Updated object property datasets, added %s values", lines));
-        lines = updatePolicyDatasets(AccessObjectType.DATA_PROPERTY, dpConfigs);
-        log.info(String.format("Updated data property datasets, added %s values", lines));
-        lines = updatePolicyDatasets(AccessObjectType.CLASS, classConfigs);
-        log.info(String.format("Updated class property datasets, added %s values", lines));
-        lines = updatePolicyDatasets(AccessObjectType.FAUX_OBJECT_PROPERTY, fopConfigs);
-        log.info(String.format("Updated faux object property datasets, added %s values", lines));
-        lines = updatePolicyDatasets(AccessObjectType.FAUX_DATA_PROPERTY, fdpConfigs);
-        log.info(String.format("Updated data property datasets, added %s values", lines));
+        Long[] valueCounts = updatePolicyDatasets(AccessObjectType.OBJECT_PROPERTY, opConfigs);
+        log.info(String.format("Updated object property datasets. Added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        valueCounts = updatePolicyDatasets(AccessObjectType.DATA_PROPERTY, dpConfigs);
+        log.info(String.format("Updated data property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        valueCounts = updatePolicyDatasets(AccessObjectType.CLASS, classConfigs);
+        log.info(String.format("Updated class property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        valueCounts = updatePolicyDatasets(AccessObjectType.FAUX_OBJECT_PROPERTY, fopConfigs);
+        log.info(String.format("Updated faux object property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        valueCounts = updatePolicyDatasets(AccessObjectType.FAUX_DATA_PROPERTY, fdpConfigs);
+        log.info(String.format("Updated data property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
         PolicyLoader.getInstance().loadPolicies();
     }
 
@@ -147,23 +147,26 @@ protected Map<String, Map<OperationGroup, Set<String>>> getObjectPropertyAnnotat
         return getConfigurations(queryText, contentRdfService);
     }
 
-    private long updatePolicyDatasets(AccessObjectType aot, Map<String, Map<OperationGroup, Set<String>>> configs) {
-        StringBuilder sb = new StringBuilder();
+    private Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<OperationGroup, Set<String>>> configs) {
+        StringBuilder additions = new StringBuilder();
+        StringBuilder removals = new StringBuilder();
         for (String entityUri : configs.keySet()) {
             Map<OperationGroup, Set<String>> groupMap = configs.get(entityUri);
             for (OperationGroup og : groupMap.keySet()) {
-                Set<String> roles = groupMap.get(og);
-                addDataSetStatements(entityUri, aot, og, roles, sb);
-                log.debug(String.format("Updated entity %s dataset for operation group %s access object type %s roles %s", entityUri, og, aot, roles));
+                Set<String> rolesToAdd = groupMap.get(og);
+                getDataValueStatements(entityUri, aot, og, rolesToAdd, additions);
+                Set<String> rolesToRemove = new HashSet<>(allRoles);
+                rolesToRemove.removeAll(rolesToAdd);
+                getDataValueStatements(entityUri, aot, og, rolesToRemove, removals);
+                log.debug(String.format("Updated entity %s dataset for operation group %s access object type %s roles %s", entityUri, og, aot, rolesToAdd));
             }
         }
-        long begin = System.currentTimeMillis();
-        PolicyLoader.getInstance().updateAccessControlModel(sb.toString(), true);
-        log.info(secondsSince(begin) + "Spent on write to model");
-        return getLineCount(sb.toString());
+        PolicyLoader.getInstance().updateAccessControlModel(additions.toString(), true);
+        PolicyLoader.getInstance().updateAccessControlModel(removals.toString(), false);
+        return new Long[]{getLineCount(additions.toString()), getLineCount(removals.toString())};
     }
     
-    public void addDataSetStatements(String entityUri, AccessObjectType aot, OperationGroup og, Set<String> selectedRoles, StringBuilder sb) {
+    public void getDataValueStatements(String entityUri, AccessObjectType aot, OperationGroup og, Set<String> selectedRoles, StringBuilder sb) {
         if (StringUtils.isBlank(entityUri)) {
             return;
         }

From a98f5e08c6ca373c0e0bba131a9706ef0de3a451 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 12 Jun 2023 08:08:25 +0200
Subject: [PATCH 020/148] refactoring AuthMigrator

---
 .../auth/policy/EntityPolicyController.java   | 37 +++++++++++++++--
 .../webapp/migration/auth/AuthMigrator.java   | 40 ++++---------------
 2 files changed, 41 insertions(+), 36 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index ed28f467ae..867e3ea7c6 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -1,9 +1,11 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import org.apache.commons.lang3.StringUtils;
@@ -17,6 +19,8 @@
 public class EntityPolicyController {
     
     private static final Log log = LogFactory.getLog(EntityPolicyController.class);
+    private static Map<String,String> policyKeyToDataValueMap = new HashMap<String,String>();
+
     /**
      * @param entityUri - entity uniform resource identifier
      * @param aot - Access object type
@@ -64,9 +68,18 @@ public static List<String> getGrantedRoles(String entityUri, OperationGroup og,
         return grantedRoles;
     }
     
-    private static boolean isUriInTestDataset(String entityUri, OperationGroup og, AccessObjectType aot, String role) {
-        Set<String> values = PolicyLoader.getInstance().getPolicyDataSetValues(og, aot, role);
-        return values.contains(entityUri);
+    public static void getDataValueStatements(String entityUri, AccessObjectType aot, OperationGroup og, Set<String> selectedRoles, StringBuilder sb) {
+        if (StringUtils.isBlank(entityUri)) {
+            return;
+        }
+        for (String role : selectedRoles) {
+            String testDataUri = getPolicyTestDataUri(aot, og, role);
+            if (testDataUri == null) {
+                log.error(String.format("Policy test data wasn't found by key:\n%s\n%s\n%s", og, aot, role));
+                continue;
+            }
+            sb.append("<").append(testDataUri).append("> <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue> <").append(entityUri).append("> .\n");
+        }
     }
 
     public static void deletedEntityEvent(Property oldObj) {
@@ -82,4 +95,22 @@ public static void updatedEntityEvent(Object oldObj, Object newObj) {
     public static void insertedEntityEvent(Property newObj) {
         log.debug("Nothing to do " + newObj );
     }
+
+    
+    private static boolean isUriInTestDataset(String entityUri, OperationGroup og, AccessObjectType aot, String role) {
+        Set<String> values = PolicyLoader.getInstance().getPolicyDataSetValues(og, aot, role);
+        return values.contains(entityUri);
+    }
+    
+    private static String getPolicyTestDataUri(AccessObjectType aot, OperationGroup og, String role) {
+        String key = aot.toString() + "." + og.toString() + "." + role ;
+        if (policyKeyToDataValueMap.containsKey(key)) {
+            return policyKeyToDataValueMap.get(key);
+        }
+        String uri = PolicyLoader.getInstance().getEntityPolicyTestDataValue(og, aot, role);
+        policyKeyToDataValueMap.put(key, uri);
+        return uri;
+    }
+
+    
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 8121b9f136..8ac2578ea5 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -4,6 +4,7 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ContextModelAccess;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
@@ -12,7 +13,6 @@
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.RDFServiceUtils;
 import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
 
-import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jena.query.QuerySolution;
@@ -58,8 +58,6 @@ public class AuthMigrator implements ServletContextListener {
 
     private RDFService contentRdfService;
     private RDFService configurationRdfService;
-    private static Map<String,String> policyKeyToDataValueMap = new HashMap<String,String>();
-
     static {
         allRoles = new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI));
         showMap = new HashMap<>();
@@ -154,10 +152,10 @@ private Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<Operat
             Map<OperationGroup, Set<String>> groupMap = configs.get(entityUri);
             for (OperationGroup og : groupMap.keySet()) {
                 Set<String> rolesToAdd = groupMap.get(og);
-                getDataValueStatements(entityUri, aot, og, rolesToAdd, additions);
+                EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToAdd, additions);
                 Set<String> rolesToRemove = new HashSet<>(allRoles);
                 rolesToRemove.removeAll(rolesToAdd);
-                getDataValueStatements(entityUri, aot, og, rolesToRemove, removals);
+                EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToRemove, removals);
                 log.debug(String.format("Updated entity %s dataset for operation group %s access object type %s roles %s", entityUri, og, aot, rolesToAdd));
             }
         }
@@ -166,30 +164,6 @@ private Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<Operat
         return new Long[]{getLineCount(additions.toString()), getLineCount(removals.toString())};
     }
     
-    public void getDataValueStatements(String entityUri, AccessObjectType aot, OperationGroup og, Set<String> selectedRoles, StringBuilder sb) {
-        if (StringUtils.isBlank(entityUri)) {
-            return;
-        }
-        for (String role : selectedRoles) {
-            String testDataUri = getPolicyTestDataUri(aot, og, role);
-            if (testDataUri == null) {
-                log.error(String.format("Policy test data wasn't found by key:\n%s\n%s\n%s", og, aot, role));
-                continue;
-            }
-            sb.append("<").append(testDataUri).append("> <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue> <").append(entityUri).append("> .\n");
-        }
-    }
-
-    private static String getPolicyTestDataUri(AccessObjectType aot, OperationGroup og, String role) {
-        String key = aot.toString() + "." + og.toString() + "." + role ;
-        if (policyKeyToDataValueMap.containsKey(key)) {
-            return policyKeyToDataValueMap.get(key);
-        }
-        String uri = PolicyLoader.getInstance().getEntityPolicyTestDataValue(og, aot, role);
-        policyKeyToDataValueMap.put(key, uri);
-        return uri;
-    }
-    
     /**
      * @param targetProperties set of property URIs to get configurations from
      * @return map of entity URIs and maps of operations and list of allowed roles  
@@ -280,6 +254,10 @@ public void contextDestroyed(ServletContextEvent sce) {
         // Nothing to tear down.
     }
     
+    private long secondsSince(long startTime) {
+        return (System.currentTimeMillis() - startTime) / 1000;
+    }
+
     private long getLineCount(String lines) {
         Matcher matcher = Pattern.compile("\n").matcher(lines);
         long i = 0;
@@ -288,8 +266,4 @@ private long getLineCount(String lines) {
         }
         return i;
     }
-
-    private long secondsSince(long startTime) {
-        return (System.currentTimeMillis() - startTime) / 1000;
-    }
 }

From ffb648819ce5449f2921074133454248a8a3cff4 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 12 Jun 2023 08:09:31 +0200
Subject: [PATCH 021/148] arm migration

---
 .../auth/policy/EntityPolicyController.java   |   2 -
 .../migration/auth/AnnotationMigrator.java    | 187 +++++++++++++
 .../webapp/migration/auth/ArmMigrator.java    | 255 ++++++++++++++++++
 .../webapp/migration/auth/AuthMigrator.java   | 228 +++++-----------
 .../vitro/webapp/auth/policy/PolicyTest.java  |  10 +-
 .../auth/AnnotationMigratorTest.java          |  68 +++++
 .../migration/auth/ArmMigratorTest.java       | 121 +++++++++
 .../migration/auth/AuthMigratorTest.java      |  67 +----
 8 files changed, 721 insertions(+), 217 deletions(-)
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index 867e3ea7c6..b230887d5a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -111,6 +111,4 @@ private static String getPolicyTestDataUri(AccessObjectType aot, OperationGroup
         policyKeyToDataValueMap.put(key, uri);
         return uri;
     }
-
-    
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
new file mode 100644
index 0000000000..6dc989fc9a
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
@@ -0,0 +1,187 @@
+package edu.cornell.mannlib.vitro.webapp.migration.auth;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.query.QuerySolution;
+import org.apache.jena.query.ResultSet;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.RDFServiceUtils;
+
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.*;
+
+public class AnnotationMigrator {
+    
+    private static final Log log = LogFactory.getLog(AnnotationMigrator.class);
+
+    private static final String PREFIX = "http://vitro.mannlib.cornell.edu/ns/vitro/role#";
+    private static final String OLD_ROLE_PUBLIC = PREFIX + "public";
+    private static final String OLD_ROLE_SELF = PREFIX + "selfEditor";
+    private static final String OLD_ROLE_EDITOR = PREFIX + "editor";
+    private static final String OLD_ROLE_CURATOR = PREFIX + "curator";
+    private static final String OLD_ROLE_DB_ADMIN = PREFIX + "dbAdmin";
+    private static final String OLD_ROLE_NOBODY = PREFIX + "nobody";
+    
+    private RDFService contentRdfService;
+    private RDFService configurationRdfService;
+    private Map<String,Set<String>> showMap;
+    
+    public AnnotationMigrator(RDFService contentRdfService, RDFService configurationRdfService) {
+        this.contentRdfService = contentRdfService;
+        this.configurationRdfService = configurationRdfService;
+        showMap = new HashMap<>();
+        showMap.put(OLD_ROLE_PUBLIC, allRoles);
+        showMap.put(OLD_ROLE_SELF, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI)));
+        showMap.put(OLD_ROLE_EDITOR, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI)));
+        showMap.put(OLD_ROLE_CURATOR, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI)));
+        showMap.put(OLD_ROLE_DB_ADMIN, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI)));
+        showMap.put(OLD_ROLE_NOBODY, Collections.emptySet());
+    }
+
+    protected void migrateConfiguration() {
+        log.info("Started annotation configuration conversion");
+        Map<String, Map<OperationGroup, Set<String>>> opConfigs = getObjectPropertyAnnotations();
+        log.info(String.format("Found %s object property annotation configurations", opConfigs.size()));
+        Map<String, Map<OperationGroup, Set<String>>> dpConfigs = getDataPropertyAnnotations();
+        log.info(String.format("Found %s data property annotation configurations", dpConfigs.size()));
+        Map<String, Map<OperationGroup, Set<String>>> classConfigs = getClassAnnotations();
+        log.info(String.format("Found %s class annotation configurations", classConfigs.size()));
+        Map<String, Map<OperationGroup, Set<String>>> fopConfigs = getFauxObjectPropertyAnnotations(opConfigs.keySet());
+        log.info(String.format("Found %s faux object property annotation configurations", fopConfigs.size()));
+        Map<String, Map<OperationGroup, Set<String>>> fdpConfigs = getFauxDataPropertyAnnotations(dpConfigs.keySet());
+        log.info(String.format("Found %s faux data property annotation configurations", fdpConfigs.size()));
+        Long[] valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.OBJECT_PROPERTY, opConfigs);
+        log.info(String.format("Updated object property datasets. Added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.DATA_PROPERTY, dpConfigs);
+        log.info(String.format("Updated data property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.CLASS, classConfigs);
+        log.info(String.format("Updated class property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.FAUX_OBJECT_PROPERTY, fopConfigs);
+        log.info(String.format("Updated faux object property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.FAUX_DATA_PROPERTY, fdpConfigs);
+        log.info(String.format("Updated data property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        PolicyLoader.getInstance().loadPolicies();
+    }
+
+    protected Map<String, Map<OperationGroup, Set<String>>> getFauxDataPropertyAnnotations(Set<String> dataProperties) {
+        String queryText = getAnnotationQuery(fauxTypeSpecificPatterns);
+        return getFauxConfigurations(queryText, configurationRdfService, dataProperties);
+    }
+
+    protected Map<String, Map<OperationGroup, Set<String>>> getFauxObjectPropertyAnnotations(Set<String> objectProperties) {
+        String queryText = getAnnotationQuery(fauxTypeSpecificPatterns);
+        return getFauxConfigurations(queryText, configurationRdfService, objectProperties);
+    }
+
+    protected Map<String, Map<OperationGroup, Set<String>>> getClassAnnotations() {
+        String queryText = getAnnotationQuery("  ?uri rdf:type owl:Class .\n");
+        return getConfigurations(queryText, contentRdfService);
+    }
+
+    protected Map<String, Map<OperationGroup, Set<String>>> getDataPropertyAnnotations() {
+        String queryText = getAnnotationQuery("  ?uri rdf:type owl:DatatypeProperty .\n");
+        return getConfigurations(queryText, contentRdfService);
+    }
+
+    protected Map<String, Map<OperationGroup, Set<String>>> getObjectPropertyAnnotations() {
+        String queryText = getAnnotationQuery("  ?uri rdf:type owl:ObjectProperty .\n");
+        return getConfigurations(queryText, contentRdfService);
+    }
+
+    /**
+     * @return map of entity URIs and maps of operations and list of allowed roles  
+     */
+    private Map<String, Map<OperationGroup, Set<String>>> getConfigurations(String queryText, RDFService service) {
+        Map<String, Map<OperationGroup, Set<String>>> configs = new HashMap<>();
+        try {
+            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, service);
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                collectConfiguration(configs, qs);
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        }
+        return configs;
+    }
+
+    /**
+     * @param targetProperties set of property URIs to get configurations from
+     * @return map of entity URIs and maps of operations and list of allowed roles  
+     */
+    private Map<String, Map<OperationGroup, Set<String>>> getFauxConfigurations(String queryText, RDFService service, Set<String> targetProperties) {
+        Map<String, Map<OperationGroup, Set<String>>> configs = new HashMap<>();
+        try {
+            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, service);
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                String baseUri = qs.getResource("base").getURI();
+                if (!targetProperties.contains(baseUri)) {
+                    continue;
+                }
+                collectConfiguration(configs, qs);
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        }
+        return configs;
+    }
+
+    private void collectConfiguration(Map<String, Map<OperationGroup, Set<String>>> configs, QuerySolution qs) {
+        String uri = qs.getResource("uri").getURI();
+        String displayAnnotation = qs.getResource("display").getURI();
+        Set<String> displayRoles = showMap.get(displayAnnotation);
+    
+        String publishAnnotation = qs.getResource("publish").getURI();
+        Set<String> publishRoles = showMap.get(publishAnnotation);
+        publishRoles.remove(ROLE_PUBLIC_URI);
+    
+        String updateAnnotation = qs.getResource("update").getURI();
+        Set<String> updateRoles = new HashSet<>(showMap.get(updateAnnotation));
+        updateRoles.remove(ROLE_PUBLIC_URI);
+    
+        Map<OperationGroup, Set<String>> config = new HashMap<>();
+        config.put(OperationGroup.UPDATE_GROUP, updateRoles);
+        config.put(OperationGroup.PUBLISH_GROUP, publishRoles);
+        config.put(OperationGroup.DISPLAY_GROUP, displayRoles);
+        configs.put(uri, config);
+    }
+
+    private static String getAnnotationQuery(String typeSpecificPatterns) {
+        return ""
+                + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
+                + "PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+                + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n"
+                + "SELECT ?base ?uri ?update ?display ?publish\n"
+                + "WHERE {\n"
+                + typeSpecificPatterns
+                + "{  OPTIONAL { ?uri vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayAssigned . }\n"
+                + "  BIND (COALESCE(?displayAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#public> ) AS ?display )\n"
+                + "  OPTIONAL { ?uri vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateAssigned . }\n"
+                + "  BIND (COALESCE(?updateAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor> ) AS ?update )\n"
+                + "  OPTIONAL { ?uri vitro:hiddenFromPublishBelowRoleLevelAnnot ?publishAssigned . }\n"
+                + "  BIND (COALESCE(?publishAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#public> ) AS ?publish )\n"
+                + "  FILTER (!isBlank(?uri))\n"
+                + "}} \n";
+    }
+
+    private static final String fauxTypeSpecificPatterns = ""
+      + "GRAPH <" + ModelNames.DISPLAY + "> {"
+      + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#configContextFor> ?base .\n"
+      + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#hasConfiguration> ?uri .\n"
+      + "  ?uri rdf:type <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#ObjectPropertyDisplayConfig> .\n"
+      + "} GRAPH <" + ModelNames.DISPLAY + ">";
+
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
new file mode 100644
index 0000000000..bba9e5d577
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
@@ -0,0 +1,255 @@
+package edu.cornell.mannlib.vitro.webapp.migration.auth;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.query.ParameterizedSparqlString;
+import org.apache.jena.query.QuerySolution;
+import org.apache.jena.query.ResultSet;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFServiceException;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.RDFServiceUtils;
+
+public class ArmMigrator {
+    
+    private static final Log log = LogFactory.getLog(ArmMigrator.class);
+
+    protected static String DISPLAY = "Display";
+    protected static String UPDATE = "Update";
+    protected static String PUBLISH = "Publish";
+    
+    protected static final String ARM_ADMIN = "ADMIN";
+    protected static final String ARM_CURATOR = "CURATOR";
+    protected static final String ARM_EDITOR  = "EDITOR";
+    protected static final String ARM_SELF_EDITOR = "SELF_EDITOR";
+    protected static final String ARM_PUBLIC = "PUBLIC";
+
+    protected static final List<String> armRoles = Arrays.asList(ARM_ADMIN, ARM_CURATOR, ARM_EDITOR, ARM_SELF_EDITOR, ARM_PUBLIC);
+    protected static final List<String> armOperations = Arrays.asList(DISPLAY, UPDATE, PUBLISH);
+    protected static final List<AccessObjectType> entityTypes = Arrays.asList(
+            AccessObjectType.CLASS,
+            AccessObjectType.OBJECT_PROPERTY,
+            AccessObjectType.DATA_PROPERTY,
+            AccessObjectType.FAUX_OBJECT_PROPERTY,
+            AccessObjectType.FAUX_DATA_PROPERTY
+            );
+
+    private RDFService contentRdfService;
+    private RDFService configurationRdfService;
+
+    private String VALUE_QUERY = ""
+            + "SELECT ?uri \n"
+            + "WHERE {\n"
+            + "  GRAPH <" + ModelNames.USER_ACCOUNTS + "> {\n"
+            + "  ?permission <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity> ?uri . \n"
+            + "  }\n"
+            + "}";
+
+    private static Map<String, String> roleMap;
+    private static Map<String, OperationGroup> operationMap;
+    
+    public ArmMigrator(RDFService contentRdfService, RDFService configurationRdfService) {
+        this.contentRdfService = contentRdfService;
+        this.configurationRdfService = configurationRdfService;  
+        operationMap = new HashMap<>();
+        operationMap.put(DISPLAY, OperationGroup.DISPLAY_GROUP);
+        operationMap.put(UPDATE, OperationGroup.UPDATE_GROUP);
+        operationMap.put(PUBLISH, OperationGroup.PUBLISH_GROUP);
+        roleMap = new HashMap<>();
+        roleMap.put(ARM_ADMIN, AuthMigrator.ROLE_ADMIN_URI);
+        roleMap.put(ARM_CURATOR, AuthMigrator.ROLE_CURATOR_URI);
+        roleMap.put(ARM_EDITOR, AuthMigrator.ROLE_EDITOR_URI);
+        roleMap.put(ARM_SELF_EDITOR, AuthMigrator.ROLE_SELF_EDITOR_URI);
+        roleMap.put(ARM_PUBLIC, AuthMigrator.ROLE_PUBLIC_URI);
+    }
+
+    public static String getArmPermissionSubject(String operation, String role) {
+        return "java:edu.cornell.mannlib.vitro.webapp.auth.permissions.Entity" + operation + "Permission#" + role ;
+    }
+
+    public void migrateConfiguration() {
+        cleanEntityDataSetValues();
+        Map<AccessObjectType,Set<String>> entityTypeMap = getEntityMap();
+        StringBuilder additions = new StringBuilder();
+        collectAdditions(entityTypeMap, additions);
+        PolicyLoader.getInstance().updateAccessControlModel(additions.toString(), true);
+    }
+
+    private void cleanEntityDataSetValues() {
+        StringBuilder removals = getStatementsToRemove();
+        PolicyLoader.getInstance().updateAccessControlModel(removals.toString(), false);
+    }
+
+    protected StringBuilder getStatementsToRemove() {
+        StringBuilder removals = new StringBuilder();
+        for (String role : armRoles) {
+            String newRole = roleMap.get(role);
+            for (String operation : armOperations) {
+                OperationGroup og = operationMap.get(operation);
+                for (AccessObjectType aot : entityTypes) {
+                    Set<String> entityUris = PolicyLoader.getInstance().getPolicyDataSetValues(og, aot, newRole);
+                    for( String entityUri : entityUris) {
+                        EntityPolicyController.getDataValueStatements(entityUri, aot, og, Collections.singleton(newRole), removals);    
+                    }
+                }
+            }
+        }
+        return removals;
+    }
+
+    protected void collectAdditions(Map<AccessObjectType, Set<String>> entityTypeMap, StringBuilder additions) {
+        for (String role : armRoles) {
+            String newRole = roleMap.get(role);
+            for (String operation : armOperations) {
+                String permissionUri = getArmPermissionSubject(operation, role);
+                Set<String> entities = getArmEntites(permissionUri);
+                OperationGroup og = operationMap.get(operation);
+                for (AccessObjectType aot : entityTypes) {
+                    if (entities.isEmpty()) {
+                        continue;
+                    }
+                    Set<String> retainEntitities = entityTypeMap.get(aot);
+                    if (retainEntitities.isEmpty()) {
+                        continue;
+                    }
+                    HashSet<String> typeEntities = new HashSet<>(entities);
+                    typeEntities.retainAll(retainEntitities);
+                    for (String entityUri : typeEntities) {
+                        EntityPolicyController.getDataValueStatements(entityUri, aot, og, Collections.singleton(newRole), additions);    
+                    }
+                }
+            }
+        }
+    }
+    
+    protected Map<AccessObjectType, Set<String>> getEntityMap() {
+        Map<AccessObjectType, Set<String>> map = new HashMap<>();
+        for (AccessObjectType type : entityTypes) {
+            addEntitiesForType(type, map);
+        } 
+        return map;
+    }
+
+    private void addEntitiesForType(AccessObjectType type, Map<AccessObjectType, Set<String>> map) {
+        Set<String> entities = new HashSet<>();
+        String queryText = getQueryText(type);
+        RDFService service = getRdfService(type);
+        try {
+            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, service);
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                String entity = qs.getResource("uri").getURI();
+                if (AccessObjectType.FAUX_DATA_PROPERTY.equals(type)){
+                    String baseUri = qs.getResource("base").getURI();
+                    Set<String> set = map.get(AccessObjectType.DATA_PROPERTY);
+                    if (!set.contains(baseUri)) {
+                        continue;
+                    }
+                }
+                if (AccessObjectType.FAUX_OBJECT_PROPERTY.equals(type)){
+                    String baseUri = qs.getResource("base").getURI();
+                    Set<String> set = map.get(AccessObjectType.OBJECT_PROPERTY);
+                    if (!set.contains(baseUri)) {
+                        continue;
+                    }
+                }
+                entities.add(entity);
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        }
+        map.put(type, entities);
+    }
+    
+    private String getQueryText(AccessObjectType type) {
+        String fauxTypeSpecificPatterns = ""
+        + "GRAPH <" + ModelNames.DISPLAY + "> {"
+        + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#configContextFor> ?base .\n"
+        + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#hasConfiguration> ?uri .\n"
+        + "  ?uri rdf:type <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#ObjectPropertyDisplayConfig> .\n"
+        + "}";
+        switch (type) {
+        case FAUX_OBJECT_PROPERTY:
+            return getQuery(fauxTypeSpecificPatterns);
+        case FAUX_DATA_PROPERTY:
+            return getQuery(fauxTypeSpecificPatterns);
+        case CLASS:
+            return getQuery("{?uri rdf:type owl:Class .}\n");
+        case DATA_PROPERTY:
+            return getQuery("{?uri rdf:type owl:DatatypeProperty .}\n");
+        default:
+            return getQuery("{?uri rdf:type owl:ObjectProperty .}\n");
+        } 
+    }
+    
+    private static String getQuery(String typePatterns) {
+        return ""
+                + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
+                + "PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+                + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n"
+                + "SELECT ?base ?uri \n"
+                + "WHERE {\n"
+                + typePatterns
+                + "} \n";
+    }
+
+    private RDFService getRdfService(AccessObjectType type) {
+        if (AccessObjectType.FAUX_OBJECT_PROPERTY.equals(type) ||
+            AccessObjectType.FAUX_DATA_PROPERTY.equals(type)) {
+            return configurationRdfService;
+        } 
+        return contentRdfService;
+    }
+
+    private Set<String> getArmEntites(String permissionUri) {
+        Set<String> entities = new HashSet<>();
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(VALUE_QUERY );
+        pss.setIri("permission", permissionUri);
+        String queryText = pss.toString();
+        try {
+            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, configurationRdfService);
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                String entity = qs.getResource("uri").getURI();
+                entities.add(entity);
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        }
+        return entities;
+    }
+
+    public boolean isArmConfiguation() {
+        return containsAdminDisplayPermission();
+    }
+    
+    private boolean containsAdminDisplayPermission() {
+        boolean result = false;
+        String query = ""
+                + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+                + "ASK WHERE {\n"
+                + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n"
+                + "       <" + getArmPermissionSubject(DISPLAY, ARM_ADMIN) + "> ?p ?o .\n" 
+                + "  }\n" 
+                + "}";
+        try {
+            result = configurationRdfService.sparqlAskQuery(query);
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+        return result;
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 8ac2578ea5..a2399fa85d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -15,6 +15,7 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.jena.query.ParameterizedSparqlString;
 import org.apache.jena.query.QuerySolution;
 import org.apache.jena.query.ResultSet;
 
@@ -23,8 +24,6 @@
 import javax.servlet.ServletContextListener;
 
 import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
@@ -32,48 +31,26 @@
 import java.util.regex.Pattern;
 
 public class AuthMigrator implements ServletContextListener { 
-    private static final String PREFIX = "http://vitro.mannlib.cornell.edu/ns/vitro/role#";
 
     private static final Log log = LogFactory.getLog(AuthMigrator.class);
-
-    private static final String OLD_ROLE_PUBLIC = PREFIX + "public";
-    private static final String OLD_ROLE_SELF = PREFIX + "selfEditor";
-    private static final String OLD_ROLE_EDITOR = PREFIX + "editor";
-    private static final String OLD_ROLE_CURATOR = PREFIX + "curator";
-    private static final String OLD_ROLE_DB_ADMIN = PREFIX + "dbAdmin";
-    private static final String OLD_ROLE_NOBODY = PREFIX + "nobody";
-    
-    private static final String ROLE_ADMIN_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
-    private static final String ROLE_CURATOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR";
-    private static final String ROLE_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
-    private static final String ROLE_SELF_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR";
-    private static final String ROLE_PUBLIC_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
-
-    private static final String fauxTypeSpecificPatterns = 
-            "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#configContextFor> ?base .\n"
-          + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#hasConfiguration> ?uri .\n"
-          + "  ?uri rdf:type <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#ObjectPropertyDisplayConfig> .\n";
-    protected static final Map<String,Set<String>> showMap;
-    protected static final Set<String> allRoles;
+    protected static final String ROLE_ADMIN_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
+    protected static final String ROLE_CURATOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR";
+    protected static final String ROLE_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
+    protected static final String ROLE_SELF_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR";
+    protected static final String ROLE_PUBLIC_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
+    protected static final Set<String> allRoles = new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI));
 
     private RDFService contentRdfService;
     private RDFService configurationRdfService;
-    static {
-        allRoles = new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI));
-        showMap = new HashMap<>();
-        showMap.put(OLD_ROLE_PUBLIC, allRoles);
-        showMap.put(OLD_ROLE_SELF, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI)));
-        showMap.put(OLD_ROLE_EDITOR, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI)));
-        showMap.put(OLD_ROLE_CURATOR, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI)));
-        showMap.put(OLD_ROLE_DB_ADMIN, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI)));
-        showMap.put(OLD_ROLE_NOBODY, Collections.emptySet());
-    }
 
     @Override
     public void contextInitialized(ServletContextEvent sce) {
         long begin = System.currentTimeMillis();
         ContextModelAccess modelAccess = ModelAccess.getInstance();
         initialize(modelAccess.getRDFService(WhichService.CONTENT), modelAccess.getRDFService(WhichService.CONFIGURATION));
+        if (!isMigrationRequired()) {
+            return;
+        }
         ServletContext ctx = sce.getServletContext();
         StartupStatus ss = StartupStatus.getBean(ctx);
         log.info("Started authorization configuration update");
@@ -81,7 +58,7 @@ public void contextInitialized(ServletContextEvent sce) {
         log.info("Finished authorization configuration update");
         ss.info(this, secondsSince(begin) + " seconds to migrate auth models");
     }
-    
+
     protected void initialize(RDFService content, RDFService configuration) {
         contentRdfService = content;
         configurationRdfService = configuration;
@@ -91,61 +68,23 @@ protected void convertAuthorizationConfiguration() {
         if(isArmConfiguration()) {
             convertArmConfiguration();
         } else {
-            convertAnnotationConfiguration();
+            convertAnnotationConfiguation();
         }
-    }
-    
-    protected void convertAnnotationConfiguration() {
-        log.info("Started annotation configuration conversion");
-        Map<String, Map<OperationGroup, Set<String>>> opConfigs = getObjectPropertyAnnotations();
-        log.info(String.format("Found %s object property annotation configurations", opConfigs.size()));
-        Map<String, Map<OperationGroup, Set<String>>> dpConfigs = getDataPropertyAnnotations();
-        log.info(String.format("Found %s data property annotation configurations", dpConfigs.size()));
-        Map<String, Map<OperationGroup, Set<String>>> classConfigs = getClassAnnotations();
-        log.info(String.format("Found %s class annotation configurations", classConfigs.size()));
-        Map<String, Map<OperationGroup, Set<String>>> fopConfigs = getFauxObjectPropertyAnnotations(opConfigs.keySet());
-        log.info(String.format("Found %s faux object property annotation configurations", fopConfigs.size()));
-        Map<String, Map<OperationGroup, Set<String>>> fdpConfigs = getFauxDataPropertyAnnotations(dpConfigs.keySet());
-        log.info(String.format("Found %s faux data property annotation configurations", fdpConfigs.size()));
-        Long[] valueCounts = updatePolicyDatasets(AccessObjectType.OBJECT_PROPERTY, opConfigs);
-        log.info(String.format("Updated object property datasets. Added %d values, removed %d values", valueCounts[0], valueCounts[1]));
-        valueCounts = updatePolicyDatasets(AccessObjectType.DATA_PROPERTY, dpConfigs);
-        log.info(String.format("Updated data property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
-        valueCounts = updatePolicyDatasets(AccessObjectType.CLASS, classConfigs);
-        log.info(String.format("Updated class property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
-        valueCounts = updatePolicyDatasets(AccessObjectType.FAUX_OBJECT_PROPERTY, fopConfigs);
-        log.info(String.format("Updated faux object property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
-        valueCounts = updatePolicyDatasets(AccessObjectType.FAUX_DATA_PROPERTY, fdpConfigs);
-        log.info(String.format("Updated data property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
-        PolicyLoader.getInstance().loadPolicies();
-    }
-
-    protected Map<String, Map<OperationGroup, Set<String>>> getFauxDataPropertyAnnotations(Set<String> dataProperties) {
-        String queryText = getAnnotationQuery(fauxTypeSpecificPatterns);
-        return getFauxConfigurations(queryText, configurationRdfService, dataProperties);
-    }
-
-    protected Map<String, Map<OperationGroup, Set<String>>> getFauxObjectPropertyAnnotations(Set<String> objectProperties) {
-        String queryText = getAnnotationQuery(fauxTypeSpecificPatterns);
-        return getFauxConfigurations(queryText, configurationRdfService, objectProperties);
+        removeVersion(getVersion());
+        setVersion(1L);
     }
 
-    protected Map<String, Map<OperationGroup, Set<String>>> getClassAnnotations() {
-        String queryText = getAnnotationQuery("  ?uri rdf:type owl:Class .\n");
-        return getConfigurations(queryText, contentRdfService);
-    }
-
-    protected Map<String, Map<OperationGroup, Set<String>>> getDataPropertyAnnotations() {
-        String queryText = getAnnotationQuery("  ?uri rdf:type owl:DatatypeProperty .\n");
-        return getConfigurations(queryText, contentRdfService);
+    private void convertArmConfiguration() {
+        ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService);
+        armMigrator.migrateConfiguration();
     }
     
-    protected Map<String, Map<OperationGroup, Set<String>>> getObjectPropertyAnnotations() {
-        String queryText = getAnnotationQuery("  ?uri rdf:type owl:ObjectProperty .\n");
-        return getConfigurations(queryText, contentRdfService);
+    private void convertAnnotationConfiguation() {
+        AnnotationMigrator annotationMigrator = new AnnotationMigrator(contentRdfService, configurationRdfService);
+        annotationMigrator.migrateConfiguration();
     }
-
-    private Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<OperationGroup, Set<String>>> configs) {
+    
+    static Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<OperationGroup, Set<String>>> configs) {
         StringBuilder additions = new StringBuilder();
         StringBuilder removals = new StringBuilder();
         for (String entityUri : configs.keySet()) {
@@ -164,90 +103,67 @@ private Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<Operat
         return new Long[]{getLineCount(additions.toString()), getLineCount(removals.toString())};
     }
     
-    /**
-     * @param targetProperties set of property URIs to get configurations from
-     * @return map of entity URIs and maps of operations and list of allowed roles  
-     */
-    private Map<String, Map<OperationGroup, Set<String>>> getFauxConfigurations(String queryText, RDFService service, Set<String> targetProperties) {
-        Map<String, Map<OperationGroup, Set<String>>> configs = new HashMap<>();
-        try {
-            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, service);
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                String baseUri = qs.getResource("base").getURI();
-                if (!targetProperties.contains(baseUri)) {
-                    continue;
-                }
-                collectConfiguration(configs, qs);
-            }
-        } catch (Exception e) {
-            log.error(e, e);
+    private boolean isMigrationRequired() {
+        if (getVersion() == 0L) {
+            return true;
         }
-        return configs;
+        return false;
+    }
+
+    private boolean isArmConfiguration() {
+        ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService);
+        return armMigrator.isArmConfiguation();
     }
     
-    /**
-     * @return map of entity URIs and maps of operations and list of allowed roles  
-     */
-    private Map<String, Map<OperationGroup, Set<String>>> getConfigurations(String queryText, RDFService service) {
-        Map<String, Map<OperationGroup, Set<String>>> configs = new HashMap<>();
+    protected long getVersion() {
+        long version = 0L;
+        String query = ""
+                + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+                + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+                + "SELECT ?version \n" 
+                + "WHERE {\n"
+                + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+                + "       ?configuration rdf:type ao:Configuration .\n" 
+                + "       ?configuration ao:version ?version .\n"
+                + "  }\n" 
+                + "}";
         try {
-            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, service);
+            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(query, configurationRdfService);
             while (rs.hasNext()) {
                 QuerySolution qs = rs.next();
-                collectConfiguration(configs, qs);
+                if (!qs.contains("version") || !qs.get("version").isLiteral()) {
+                    continue;
+                }
+                version = qs.getLiteral("version").getLong();
             }
         } catch (Exception e) {
             log.error(e, e);
         }
-        return configs;
-    }
-
-    private void collectConfiguration(Map<String, Map<OperationGroup, Set<String>>> configs, QuerySolution qs) {
-        String uri = qs.getResource("uri").getURI();
-        String displayAnnotation = qs.getResource("display").getURI();
-        Set<String> displayRoles = showMap.get(displayAnnotation);
-
-        String publishAnnotation = qs.getResource("publish").getURI();
-        Set<String> publishRoles = showMap.get(publishAnnotation);
-        publishRoles.remove(ROLE_PUBLIC_URI);
-
-        String updateAnnotation = qs.getResource("update").getURI();
-        Set<String> updateRoles = new HashSet<>(showMap.get(updateAnnotation));
-        updateRoles.remove(ROLE_PUBLIC_URI);
-
-        Map<OperationGroup, Set<String>> config = new HashMap<>();
-        config.put(OperationGroup.UPDATE_GROUP, updateRoles);
-        config.put(OperationGroup.PUBLISH_GROUP, publishRoles);
-        config.put(OperationGroup.DISPLAY_GROUP, displayRoles);
-        configs.put(uri, config);
-    }
-
-    private void convertArmConfiguration() {
-        // TODO Auto-generated method stub
-    }
-
-    private boolean isArmConfiguration() {
-        return false;
+        return version;
+    }
+    protected void removeVersion(long version) {
+        String template = ""
+                + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
+                + "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
+                + "<https://vivoweb.org/ontology/vitro-application/auth/vocabulary/version> "
+                + "?version .";
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(template);
+        pss.setLiteral("version", version);
+        PolicyLoader.getInstance().updateAccessControlModel(pss.toString(), false);
     }
-
-    private String getAnnotationQuery(String typeSpecificPatterns) {
-        return ""
-                + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
-                + "PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-                + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n"
-                + "SELECT ?base ?uri ?update ?display ?publish\n"
-                + "WHERE {\n"
-                + typeSpecificPatterns
-                + "  OPTIONAL { ?uri vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayAssigned . }\n"
-                + "  BIND (COALESCE(?displayAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#public> ) AS ?display )\n"
-                + "  OPTIONAL { ?uri vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateAssigned . }\n"
-                + "  BIND (COALESCE(?updateAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor> ) AS ?update )\n"
-                + "  OPTIONAL { ?uri vitro:hiddenFromPublishBelowRoleLevelAnnot ?publishAssigned . }\n"
-                + "  BIND (COALESCE(?publishAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#public> ) AS ?publish )\n"
-                + "  FILTER (!isBlank(?uri))\n"
-                + "} \n";
+    
+    protected void setVersion(long version) {
+        String template = ""
+                + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
+                + "@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .\n"
+                + "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
+                + "rdf:type ao:Configuration ;\n"
+                + "ao:version ?version .";
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(template);
+        pss.setLiteral("version", version);
+        PolicyLoader.getInstance().updateAccessControlModel(pss.toString(), true);
     }
+    
 
     @Override
     public void contextDestroyed(ServletContextEvent sce) {
@@ -258,7 +174,7 @@ private long secondsSince(long startTime) {
         return (System.currentTimeMillis() - startTime) / 1000;
     }
 
-    private long getLineCount(String lines) {
+    private static long getLineCount(String lines) {
         Matcher matcher = Pattern.compile("\n").matcher(lines);
         long i = 0;
         while (matcher.find()) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 3b11255d3d..8b599b1119 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -239,13 +239,13 @@ public class PolicyTest {
     
     protected Model accessControlModel;
     protected PolicyLoader loader;
-    protected Dataset ds;
+    protected Dataset configurationDataSet;
 
     @Before
     public void init() {
         accessControlModel = ModelFactory.createDefaultModel();
-        ds = DatasetFactory.createTxnMem();
-        ds.addNamedModel(ModelNames.ACCESS_CONTROL, accessControlModel);
+        configurationDataSet = DatasetFactory.createTxnMem();
+        configurationDataSet.addNamedModel(ModelNames.ACCESS_CONTROL, accessControlModel);
         load(ATTRIBUTES_PATH);
         load(OPERATIONS_PATH);
         load(OPERATION_GROUPS);
@@ -255,7 +255,7 @@ public void init() {
         load(TEST_TYPES_PATH);
         load(TEST_VALUES_PATH);
         load(TEST_DECISIONS);
-        RDFServiceModel rdfService = new RDFServiceModel(ds);
+        RDFServiceModel rdfService = new RDFServiceModel(configurationDataSet);
         
         PolicyLoader.initialize(rdfService);
         loader = PolicyLoader.getInstance();
@@ -299,7 +299,7 @@ protected void load(String filePath) {
         } finally {
             accessControlModel.leaveCriticalSection();
         }
-        ds.replaceNamedModel(ModelNames.ACCESS_CONTROL, accessControlModel);
+        configurationDataSet.replaceNamedModel(ModelNames.ACCESS_CONTROL, accessControlModel);
 
     }
     
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java
new file mode 100644
index 0000000000..add849089e
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java
@@ -0,0 +1,68 @@
+package edu.cornell.mannlib.vitro.webapp.migration.auth;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.ModelFactory;
+import org.junit.Test;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
+
+    
+public class AnnotationMigratorTest extends AuthMigratorTest {
+    
+    @Test
+    public void testGetAnnotationConfigs() {
+        AnnotationMigrator annotationMigrator = new AnnotationMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet));
+        Map<String, Map<OperationGroup, Set<String>>> configs = annotationMigrator.getObjectPropertyAnnotations();
+        Set<String> ops = configs.keySet();
+        assertEquals(1, configs.size());
+        configs = annotationMigrator.getDataPropertyAnnotations();
+        Set<String> dps = configs.keySet();
+        assertEquals(1, configs.size());
+        configs = annotationMigrator.getClassAnnotations();
+        assertEquals(2, configs.size());
+        configs = annotationMigrator.getFauxObjectPropertyAnnotations(ops);
+        assertEquals(1, configs.size());
+        configs = annotationMigrator.getFauxDataPropertyAnnotations(dps);
+        assertEquals(1, configs.size());
+    }
+    
+    @Test
+    public void testConvertAnnotationConfiguration() {
+        AnnotationMigrator annotationMigrator = new AnnotationMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet));
+        Model tmpModel = ModelFactory.createDefaultModel();
+        tmpModel.add(configurationDataSet.getNamedModel(ModelNames.ACCESS_CONTROL));
+        long initialSize = accessControlModel.size();
+        annotationMigrator.migrateConfiguration();
+        assertTrue(configurationDataSet.getNamedModel(ModelNames.ACCESS_CONTROL).size() > initialSize);
+        Model diff = configurationDataSet.getNamedModel(ModelNames.ACCESS_CONTROL).difference(tmpModel);
+        try(ByteArrayOutputStream baos = new ByteArrayOutputStream()){
+            diff.write(baos, "TTL");
+            String newData = baos.toString();
+            //System.out.println(newData);
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+    }
+    
+    @Test
+    public void testConfigurationVersion() {
+        Model tmpModel = ModelFactory.createDefaultModel();
+        tmpModel.add(configurationDataSet.getNamedModel(ModelNames.ACCESS_CONTROL));
+        assertEquals(0L, migrator.getVersion());
+        migrator.setVersion(1);
+        assertEquals(1L, migrator.getVersion());
+        migrator.removeVersion(1);
+        migrator.setVersion(2);
+        assertEquals(2L, migrator.getVersion());
+    }
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
new file mode 100644
index 0000000000..d389e332a5
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -0,0 +1,121 @@
+package edu.cornell.mannlib.vitro.webapp.migration.auth;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Map;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.ModelFactory;
+import org.apache.jena.rdf.model.Statement;
+import org.apache.jena.rdf.model.impl.PropertyImpl;
+import org.apache.jena.rdf.model.impl.ResourceImpl;
+import org.apache.jena.rdf.model.impl.StatementImpl;
+import org.junit.Before;
+import org.junit.Test;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
+
+    
+public class ArmMigratorTest extends AuthMigratorTest {
+    
+    private static final String FAUX_DATA_PROPERTY_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/siteConfig/fp396";
+    private static final String FAUX_OBJECT_PROPERTY_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/siteConfig/orgAdministersGrantConfig";
+    private static final String DATA_PROPERTY_URI = "http://vivoweb.org/ontology/core#abbreviation";
+    private static final String CLASS_URI = "http://xmlns.com/foaf/0.1/Organization";
+    private static final String OBJECT_PROPERTY_URI = "http://purl.obolibrary.org/obo/RO_0000053";
+    private Model userAccountsModel;
+    private ArmMigrator armMigrator;
+    private String propertyUri = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity";
+    private String dataValue = "https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue";
+
+    @Before 
+    public void initArmMigration() {
+        userAccountsModel = ModelFactory.createDefaultModel();
+        configurationDataSet.addNamedModel(ModelNames.USER_ACCOUNTS, userAccountsModel);
+        armMigrator = new ArmMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet));
+    }
+    
+    @Test
+    public void isArmConfigurationTest() {
+        assertFalse(armMigrator.isArmConfiguation());
+        addArmStatement(ArmMigrator.ARM_ADMIN,ArmMigrator.DISPLAY, OBJECT_PROPERTY_URI);
+        assertTrue(armMigrator.isArmConfiguation());
+    }
+
+    private void addArmStatement(String role, String operation, String uri) {
+        String persmissionUri = ArmMigrator.getArmPermissionSubject(operation, role);
+        String objectUri = uri;
+        Statement statement = new StatementImpl(new ResourceImpl(persmissionUri), new PropertyImpl(propertyUri), new ResourceImpl(objectUri));
+        userAccountsModel.add(statement);
+        configurationDataSet.replaceNamedModel(ModelNames.USER_ACCOUNTS, userAccountsModel);
+    }
+    
+    @Test
+    public void getEntityMapTest() {
+        Map<AccessObjectType, Set<String>> map = armMigrator.getEntityMap();
+        assertFalse(map.isEmpty());
+        assertEquals(1, map.get(AccessObjectType.OBJECT_PROPERTY).size());
+        assertEquals(1, map.get(AccessObjectType.DATA_PROPERTY).size());
+        assertEquals(2, map.get(AccessObjectType.CLASS).size());
+        assertEquals(1, map.get(AccessObjectType.FAUX_DATA_PROPERTY).size());
+        assertEquals(1, map.get(AccessObjectType.FAUX_DATA_PROPERTY).size());
+    }
+    
+    @Test
+    public void getStatementsToRemoveTest() {
+        StringBuilder removals = armMigrator.getStatementsToRemove();
+        assertTrue(removals.toString().isBlank());
+        EntityPolicyController.updateEntityPolicy("test:entity", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP, ROLE_LIST, ROLE_LIST);
+        removals = armMigrator.getStatementsToRemove();
+        assertEquals(5, getCount("\n", removals.toString()));
+    }
+    
+    @Test
+    public void migrateConfigurationTest() {
+        addArmStatement(ArmMigrator.ARM_ADMIN,ArmMigrator.DISPLAY, OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_EDITOR,ArmMigrator.PUBLISH, OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_CURATOR,ArmMigrator.UPDATE, OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_SELF_EDITOR,ArmMigrator.DISPLAY, CLASS_URI);
+        addArmStatement(ArmMigrator.ARM_EDITOR,ArmMigrator.PUBLISH, CLASS_URI);
+        addArmStatement(ArmMigrator.ARM_EDITOR,ArmMigrator.UPDATE, CLASS_URI);
+        addArmStatement(ArmMigrator.ARM_ADMIN,ArmMigrator.DISPLAY, DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_EDITOR,ArmMigrator.PUBLISH, DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_CURATOR,ArmMigrator.UPDATE, DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_SELF_EDITOR,ArmMigrator.DISPLAY, FAUX_DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_EDITOR,ArmMigrator.PUBLISH, FAUX_DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_ADMIN,ArmMigrator.UPDATE, FAUX_DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_PUBLIC,ArmMigrator.DISPLAY, FAUX_OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_EDITOR,ArmMigrator.PUBLISH, FAUX_OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_CURATOR,ArmMigrator.UPDATE, FAUX_OBJECT_PROPERTY_URI);
+        Map<AccessObjectType, Set<String>> entityTypeMap = armMigrator.getEntityMap();
+        StringBuilder additions = new StringBuilder();
+        armMigrator.collectAdditions(entityTypeMap, additions);
+        String stringResult = additions.toString();
+        assertFalse(stringResult.isEmpty());
+        assertEquals(15, getCount("\n", stringResult));
+        assertEquals(15, getCount(dataValue, stringResult));
+        assertEquals(3, getCount(OBJECT_PROPERTY_URI, stringResult));
+        assertEquals(3, getCount(CLASS_URI, stringResult));
+        assertEquals(3, getCount(DATA_PROPERTY_URI, stringResult));
+        assertEquals(3, getCount(FAUX_DATA_PROPERTY_URI, stringResult));
+        assertEquals(3, getCount(FAUX_OBJECT_PROPERTY_URI, stringResult));
+    }
+    
+    private static long getCount(String pattern, String lines) {
+        Matcher matcher = Pattern.compile(pattern).matcher(lines);
+        long i = 0;
+        while (matcher.find()) {
+            i ++;
+        }
+        return i;
+    }
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
index 9114e892c8..3312ed7994 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
@@ -1,76 +1,35 @@
 package edu.cornell.mannlib.vitro.webapp.migration.auth;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.Map;
-import java.util.Set;
 
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
 import org.junit.Before;
-import org.junit.Test;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
 
+    
 public class AuthMigratorTest extends PolicyTest {
+    protected static final String TEST_MIGRATION_RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/";
+    protected static final String CONTENT = TEST_MIGRATION_RESOURCES_PREFIX + "content.n3";
+    protected static final String CONFIGURATION = TEST_MIGRATION_RESOURCES_PREFIX + "configuration.n3";
     
-    private static final String TEST_MIGRATION_RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/";
-    private static final String CONTENT = TEST_MIGRATION_RESOURCES_PREFIX + "content.n3";
-    private static final String CONFIGURATRION = TEST_MIGRATION_RESOURCES_PREFIX + "configuration.n3";
-
-    private Model contentModel;
-    private Model configurationModel;
-    private AuthMigrator migrator;
+    protected Model contentModel;
+    protected Model configurationModel;
+    protected AuthMigrator migrator;
 
     @Before 
-    public void initMigrationTest() {
+    public void initAuthMigration() {
         contentModel = ModelFactory.createDefaultModel();
         configurationModel = ModelFactory.createDefaultModel();
         migrator = new AuthMigrator();
-        migrator.initialize(new RDFServiceModel(contentModel), new RDFServiceModel(configurationModel));
+        configurationDataSet.addNamedModel(ModelNames.DISPLAY, configurationModel);
+        migrator.initialize(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet));
         loadAllEntityPolicies();
-        load(configurationModel, CONFIGURATRION);
+        load(configurationModel, CONFIGURATION);
+        configurationDataSet.replaceNamedModel(ModelNames.DISPLAY, configurationModel);
         load(contentModel, CONTENT);
     }
-    
-    
-    @Test
-    public void testGetAnnotationConfigs() {
-        Map<String, Map<OperationGroup, Set<String>>> configs = migrator.getObjectPropertyAnnotations();
-        Set<String> ops = configs.keySet();
-        assertEquals(1, configs.size());
-        configs = migrator.getDataPropertyAnnotations();
-        Set<String> dps = configs.keySet();
-        assertEquals(1, configs.size());
-        configs = migrator.getClassAnnotations();
-        assertEquals(2, configs.size());
-        configs = migrator.getFauxObjectPropertyAnnotations(ops);
-        assertEquals(1, configs.size());
-        configs = migrator.getFauxDataPropertyAnnotations(dps);
-        assertEquals(1, configs.size());
-    }
-    
-    @Test
-    public void testConvertAnnotationConfiguration() {
-        Model tmpModel = ModelFactory.createDefaultModel();
-        tmpModel.add(ds.getNamedModel(ModelNames.ACCESS_CONTROL));
-        long initialSize = accessControlModel.size();
-        migrator.convertAnnotationConfiguration();
-        assertTrue(ds.getNamedModel(ModelNames.ACCESS_CONTROL).size() > initialSize);
-        Model diff = ds.getNamedModel(ModelNames.ACCESS_CONTROL).difference(tmpModel);
-        try(ByteArrayOutputStream baos = new ByteArrayOutputStream()){
-            diff.write(baos, "TTL");
-            String newData = baos.toString();
-            //System.out.println(newData);
-        } catch (IOException e) {
-            e.printStackTrace();
-        }
-       
-    }
+
 }

From 16505d901eddd1e79770db6624513aec7c8a3cc9 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 12 Jun 2023 08:10:41 +0200
Subject: [PATCH 022/148] fixed access rule name

---
 .../firsttime/policy_admin_display_data_property.n3           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
index 4cb6807143..583d3f3e06 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
@@ -13,7 +13,7 @@ ai:AdminDisplayDataPropertyPolicy rdf:type ao:Policy ;
           ao:policyKey ai:AdminDisplayDataPropertyPolicyKey .
 
 ai:AdminDisplayDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AdminDisplayDataPropertyStatementAttribute ;
+          ao:rule ai:AllowAdminDisplayDataPropertyStatementRule ;
           ao:rule ai:AllowAdminDisplayDataPropertyRule .
 
 ai:AdminDisplayDataPropertyTestDatasets rdf:type ao:TestDatasets ;
@@ -48,6 +48,6 @@ ai:AdminDisplayDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
          ao:type ai:ObjectUri ;
          ao:setValue ai:AdminDisplayDataPropertyTestData .
-         
+
 ai:AdminDisplayDataPropertyTestData rdf:type ao:TestData ;
        .

From 6a5284c9fd05aa7163c5b0c5b540568b2def9661 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 12 Jun 2023 08:11:20 +0200
Subject: [PATCH 023/148] formatting cleanup

---
 .../firsttime/policy_curator_display_data_property.n3         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
index e45d071ee7..34b2d7721a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
@@ -13,7 +13,7 @@ ai:CuratorDisplayDataPropertyPolicy rdf:type ao:Policy ;
           ao:policyKey ai:CuratorDisplayDataPropertyPolicyKey .
 
 ai:CuratorDisplayDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorDisplayDataPropertyStatementRule;
+          ao:rule ai:AllowCuratorDisplayDataPropertyStatementRule ;
           ao:rule ai:AllowCuratorDisplayDataPropertyRule .
 
 ai:CuratorDisplayDataPropertyTestDatasets rdf:type ao:TestDatasets ;
@@ -48,6 +48,6 @@ ai:CuratorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
          ao:type ai:ObjectUri ;
          ao:setValue ai:CuratorDisplayDataPropertyTestData .
-         
+
 ai:CuratorDisplayDataPropertyTestData rdf:type ao:TestData ;
        .

From 6f713b7b5cd340c5a22e48d8e87c8828227b693c Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 12 Jun 2023 08:13:09 +0200
Subject: [PATCH 024/148] renamed attributes

---
 ...ute.java => AccessObjectUriAttribute.java} |  8 ++--
 .../auth/attributes/AttributeFactory.java     |  6 +--
 .../webapp/auth/attributes/AttributeType.java |  8 ++--
 .../attributes/DataPropertyUriAttribute.java  | 39 -------------------
 .../ObjectPropertyUriAttribute.java           | 39 -------------------
 .../auth/attributes/SubjectTypeAttribute.java |  2 +-
 .../webapp/auth/policy/PolicyHelper.java      |  5 +++
 .../auth/rules/test_policy_valid_set.n3       |  4 +-
 .../firsttime/attribute_types.n3              | 14 ++-----
 .../rdf/accessControl/firsttime/attributes.n3 | 20 +++++-----
 .../firsttime/policy_admin_display_class.n3   |  2 +-
 .../policy_admin_display_data_property.n3     |  2 +-
 ...policy_admin_display_faux_data_property.n3 |  2 +-
 ...licy_admin_display_faux_object_property.n3 |  2 +-
 .../policy_admin_display_object_property.n3   |  2 +-
 .../firsttime/policy_admin_publish_class.n3   |  2 +-
 .../policy_admin_publish_data_property.n3     |  2 +-
 ...policy_admin_publish_faux_data_property.n3 |  2 +-
 ...licy_admin_publish_faux_object_property.n3 |  2 +-
 .../policy_admin_publish_object_property.n3   |  2 +-
 .../policy_admin_simple_permissions.n3        |  2 +-
 .../firsttime/policy_admin_update_class.n3    |  2 +-
 .../policy_admin_update_data_property.n3      |  2 +-
 .../policy_admin_update_faux_data_property.n3 |  2 +-
 ...olicy_admin_update_faux_object_property.n3 |  2 +-
 .../policy_admin_update_object_property.n3    |  2 +-
 .../firsttime/policy_curator_display_class.n3 |  2 +-
 .../policy_curator_display_data_property.n3   |  2 +-
 ...licy_curator_display_faux_data_property.n3 |  2 +-
 ...cy_curator_display_faux_object_property.n3 |  2 +-
 .../policy_curator_display_object_property.n3 |  2 +-
 .../firsttime/policy_curator_publish_class.n3 |  2 +-
 .../policy_curator_publish_data_property.n3   |  2 +-
 ...licy_curator_publish_faux_data_property.n3 |  2 +-
 ...cy_curator_publish_faux_object_property.n3 |  2 +-
 .../policy_curator_publish_object_property.n3 |  2 +-
 .../policy_curator_simple_permissions.n3      |  2 +-
 .../firsttime/policy_curator_update_class.n3  |  2 +-
 .../policy_curator_update_data_property.n3    |  2 +-
 ...olicy_curator_update_faux_data_property.n3 |  2 +-
 ...icy_curator_update_faux_object_property.n3 |  2 +-
 .../policy_curator_update_object_property.n3  |  2 +-
 .../firsttime/policy_editor_display_class.n3  |  2 +-
 .../policy_editor_display_data_property.n3    |  2 +-
 ...olicy_editor_display_faux_data_property.n3 |  2 +-
 ...icy_editor_display_faux_object_property.n3 |  2 +-
 .../policy_editor_display_object_property.n3  |  2 +-
 .../firsttime/policy_editor_publish_class.n3  |  2 +-
 .../policy_editor_publish_data_property.n3    |  2 +-
 ...olicy_editor_publish_faux_data_property.n3 |  2 +-
 ...icy_editor_publish_faux_object_property.n3 |  2 +-
 .../policy_editor_publish_object_property.n3  |  2 +-
 .../policy_editor_simple_permissions.n3       |  2 +-
 .../firsttime/policy_editor_update_class.n3   |  2 +-
 .../policy_editor_update_data_property.n3     |  2 +-
 ...policy_editor_update_faux_data_property.n3 |  2 +-
 ...licy_editor_update_faux_object_property.n3 |  2 +-
 .../policy_editor_update_object_property.n3   |  2 +-
 .../firsttime/policy_public_display_class.n3  |  2 +-
 .../policy_public_display_data_property.n3    |  2 +-
 ...olicy_public_display_faux_data_property.n3 |  2 +-
 ...icy_public_display_faux_object_property.n3 |  2 +-
 .../policy_public_display_object_property.n3  |  2 +-
 .../policy_public_simple_permissions.n3       |  2 +-
 .../firsttime/policy_public_update_class.n3   |  2 +-
 .../policy_public_update_data_property.n3     |  2 +-
 .../policy_public_update_object_property.n3   |  2 +-
 .../policy_self_editor_display_class.n3       |  2 +-
 ...olicy_self_editor_display_data_property.n3 |  2 +-
 ..._self_editor_display_faux_data_property.n3 |  2 +-
 ...elf_editor_display_faux_object_property.n3 |  2 +-
 ...icy_self_editor_display_object_property.n3 |  2 +-
 .../policy_self_editor_publish_class.n3       |  2 +-
 ...olicy_self_editor_publish_data_property.n3 |  2 +-
 ..._self_editor_publish_faux_data_property.n3 |  2 +-
 ...elf_editor_publish_faux_object_property.n3 |  2 +-
 ...icy_self_editor_publish_object_property.n3 |  2 +-
 .../policy_self_editor_simple_permissions.n3  |  2 +-
 .../policy_self_editor_update_class.n3        |  2 +-
 ...policy_self_editor_update_data_property.n3 |  2 +-
 ...y_self_editor_update_faux_data_property.n3 |  2 +-
 ...self_editor_update_faux_object_property.n3 |  2 +-
 ...licy_self_editor_update_object_property.n3 |  2 +-
 83 files changed, 105 insertions(+), 186 deletions(-)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{ObjectUriAttribute.java => AccessObjectUriAttribute.java} (75%)
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/DataPropertyUriAttribute.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectPropertyUriAttribute.java

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java
similarity index 75%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectUriAttribute.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java
index 53a3934969..8ce70e3945 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java
@@ -6,11 +6,11 @@
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
-public class ObjectUriAttribute extends AbstractAttribute {
+public class AccessObjectUriAttribute extends AbstractAttribute {
 
-    private static final Log log = LogFactory.getLog(ObjectUriAttribute.class);
+    private static final Log log = LogFactory.getLog(AccessObjectUriAttribute.class);
 
-    public ObjectUriAttribute(String uri, String objectUri) {
+    public AccessObjectUriAttribute(String uri, String objectUri) {
         super(uri, objectUri);
     }
 
@@ -28,7 +28,7 @@ public boolean match(AuthorizationRequest ar) {
 
     @Override
     public AttributeType getAttributeType() {
-        return AttributeType.OBJECT_URI;
+        return AttributeType.ACCESS_OBJECT_URI;
     }
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
index b70425cba6..78d3d54a54 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
@@ -21,10 +21,10 @@ public static Attribute createAttribute(QuerySolution qs) {
         case OPERATION:
             at = new OperationAttribute(attributeUri, value);
             break;
-        case OBJECT_URI:
-            at = new ObjectUriAttribute(attributeUri, value);
+        case ACCESS_OBJECT_URI:
+            at = new AccessObjectUriAttribute(attributeUri, value);
             break;
-        case OBJECT_TYPE:
+        case ACCESS_OBJECT_TYPE:
             at = new ObjectTypeAttribute(attributeUri, value);
             break;
         case SUBJECT_TYPE:
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java
index 7b6bb4ecab..cb56fccbdf 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java
@@ -3,12 +3,10 @@
 public enum AttributeType {
     OPERATION,
     SUBJECT_ROLE_URI,
-    OBJECT_URI,
-    OBJECT_TYPE,
+    SUBJECT_TYPE,
+    ACCESS_OBJECT_URI,
+    ACCESS_OBJECT_TYPE,
     STATEMENT_OBJECT_URI,
     STATEMENT_PREDICATE_URI,
     STATEMENT_SUBJECT_URI,
-    OBJECT_PROPERTY_URI,
-    DATA_PROPERTY_URI,
-    SUBJECT_TYPE 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/DataPropertyUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/DataPropertyUriAttribute.java
deleted file mode 100644
index 50ae122312..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/DataPropertyUriAttribute.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
-
-public class DataPropertyUriAttribute extends AbstractAttribute {
-
-    private static final Log log = LogFactory.getLog(DataPropertyUriAttribute.class);
-
-    public DataPropertyUriAttribute(String uri, String value) {
-        super(uri, value);
-    }
-
-    @Override
-    public boolean match(AuthorizationRequest ar) {
-        AccessObject ao = ar.getAccessObject();
-        DataProperty dataProperty = ao.getDataProperty();
-        String inputValue = dataProperty.getURI();
-        if (dataProperty != null) {
-            inputValue = dataProperty.getURI();
-        }
-        if (AttributeValueTester.test(this, ar, inputValue)) {
-            log.debug("Attribute value(s) match requested statement data property uri '" + inputValue + "'");
-            return true;
-        }
-        log.debug("Attribute value(s) don't match requested statement data property uri '" + inputValue + "'");
-        return false;
-    }
-
-    @Override
-    public AttributeType getAttributeType() {
-        return AttributeType.OBJECT_PROPERTY_URI;
-    }
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectPropertyUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectPropertyUriAttribute.java
deleted file mode 100644
index 7ce8ed249e..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectPropertyUriAttribute.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
-
-public class ObjectPropertyUriAttribute extends AbstractAttribute {
-
-    private static final Log log = LogFactory.getLog(ObjectPropertyUriAttribute.class);
-
-    public ObjectPropertyUriAttribute(String uri, String value) {
-        super(uri, value);
-    }
-
-    @Override
-    public boolean match(AuthorizationRequest ar) {
-        AccessObject ao = ar.getAccessObject();
-        ObjectProperty objectProperty = ao.getObjectProperty();
-        String inputValue = objectProperty.getURI();
-        if (objectProperty != null) {
-            inputValue = objectProperty.getURI();
-        }
-        if (AttributeValueTester.test(this, ar, inputValue)) {
-            log.debug("Attribute value match requested statement object property uri '" + inputValue + "'");
-            return true;
-        }
-        log.debug("Attribute value don't match requested statement object property uri '" + inputValue + "'");
-        return false;
-    }
-
-    @Override
-    public AttributeType getAttributeType() {
-        return AttributeType.OBJECT_PROPERTY_URI;
-    }
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
index e2ff0514a1..db8e3f4c08 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
@@ -30,6 +30,6 @@ public boolean match(AuthorizationRequest ar) {
 
     @Override
     public AttributeType getAttributeType() {
-        return AttributeType.OBJECT_TYPE;
+        return AttributeType.ACCESS_OBJECT_TYPE;
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
index ac959f6e44..a3ee21abbd 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
@@ -40,6 +40,7 @@
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
+import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 
 /**
  * A collection of static methods to help determine whether requested actions
@@ -113,7 +114,11 @@ private static boolean actionRequestIsAuthorized(IdentifierBundle ids, AccessObj
         }
         AuthorizationRequest ar = new SimpleAuthorizationRequest(ao, operation);
         Collection<String> uris = IdentifierPermissionSetProvider.getPermissionSetUris(ids);
+        if (uris.isEmpty()) {
+            uris.add(VitroVocabulary.VITRO_AUTH + "PUBLIC");
+        }
         ar.setRoleUris(new ArrayList<String>(uris));
+        
         ar.setIds(ids);
         ar.setEditorUris(new ArrayList<String>(HasAssociatedIndividual.getIndividualUris(ids)));
 	    PolicyDecision decision = PolicyDecisionPoint.decide(ar);
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index 0d361d0b74..1b56d26ab7 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -21,13 +21,13 @@ ai:ValidRule rdf:type ao:Rule ;
           
 ai:ValidAttribute1 rdf:type ao:Attribute ;
          ao:test ai:Equals ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:valueSet3 ;
          ao:setValue ai:valueSet1 .
          
 ai:ValidAttribute2 rdf:type ao:Attribute ;
          ao:test ai:Equals ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:valueSet4 ;
          ao:setValue ai:valueSet2 .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/attribute_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/attribute_types.n3
index f52674cd07..8a74ad6fd5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/attribute_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/attribute_types.n3
@@ -17,11 +17,11 @@ ai:SubjectRole rdf:type ao:AttributeType ;
 ai:SubjectType rdf:type ao:AttributeType ;
          ao:id "SUBJECT_TYPE" .
 
-ai:ObjectUri rdf:type ao:AttributeType ;
-         ao:id "OBJECT_URI" .
+ai:AccessObjectUri rdf:type ao:AttributeType ;
+         ao:id "ACCESS_OBJECT_URI" .
          
-ai:ObjectType rdf:type ao:AttributeType ;
-         ao:id "OBJECT_TYPE" .
+ai:AccessObjectType rdf:type ao:AttributeType ;
+         ao:id "ACCESS_OBJECT_TYPE" .
 
 ai:Operation rdf:type ao:AttributeType ;
          ao:id "OPERATION" .
@@ -44,11 +44,5 @@ ai:StatementPredicateUri rdf:type ao:AttributeType ;
 ai:StatementSubjectUri rdf:type ao:AttributeType ;
          ao:id "STATEMENT_SUBJECT_URI" .
 
-ai:ObjectPropertyUri rdf:type ao:AttributeType ;
-         ao:id "OBJECT_PROPERTY_URI" .
-         
-ai:DataPropertyUri rdf:type ao:AttributeType ;
-         ao:id "DATA_PROPERTY_URI" .
-      
 ai:StatementObjectUri rdf:type ao:AttributeType ;
          ao:id "STATEMENT_OBJECT_URI" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3 b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
index 2143727c2c..8bbcdfa5c5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
@@ -94,52 +94,52 @@ ai:UpdateAddEditOrDropOperationsAttribute rdf:type ao:Attribute ;
 
 ai:ObjectPropertyTypeAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
-         ao:type ai:ObjectType ;
+         ao:type ai:AccessObjectType ;
          ao:value ai:ObjectPropertyAccesObject .
 
 ai:DataPropertyTypeAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
-         ao:type ai:ObjectType ;
+         ao:type ai:AccessObjectType ;
          ao:value ai:DataPropertyAccesObject .
 
 ai:ObjectPropertyStatementTypeAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
-         ao:type ai:ObjectType ;
+         ao:type ai:AccessObjectType ;
          ao:value ai:ObjectPropertyStatementAccesObject .
          
 ai:DataPropertyStatementTypeAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
-         ao:type ai:ObjectType ;
+         ao:type ai:AccessObjectType ;
          ao:value ai:DataPropertyStatementAccesObject .
 
 ai:FauxObjectPropertyStatementTypeAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
-         ao:type ai:ObjectType ;
+         ao:type ai:AccessObjectType ;
          ao:value ai:FauxObjectPropertyStatementAccesObject .
          
 ai:FauxDataPropertyStatementTypeAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
-         ao:type ai:ObjectType ;
+         ao:type ai:AccessObjectType ;
          ao:value ai:FauxDataPropertyStatementAccesObject .
 
 ai:NamedObjectTypeAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
-         ao:type ai:ObjectType ;
+         ao:type ai:AccessObjectType ;
          ao:value ai:NamedObject .
          
 ai:ClassTypeAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
-         ao:type ai:ObjectType ;
+         ao:type ai:AccessObjectType ;
          ao:value ai:Class .
          
 ai:FauxObjectPropertyTypeAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
-         ao:type ai:ObjectType ;
+         ao:type ai:AccessObjectType ;
          ao:value ai:FauxObjectPropertyAccesObject .
 
 ai:FauxDataPropertyTypeAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
-         ao:type ai:ObjectType ;
+         ao:type ai:AccessObjectType ;
          ao:value ai:FauxDataPropertyAccesObject .
 
 ai:SelfEditorRelatedResourcesAttribute rdf:type ao:Attribute ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3
index 05aefb2b42..911895df7a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3
@@ -34,7 +34,7 @@ ai:AllowAdminDisplayClassRule rdf:type ao:Rule;
          
 ai:AdminDisplayClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminDisplayClassTestData .
          
 ai:AdminDisplayClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
index 583d3f3e06..5ccd707bfe 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
@@ -46,7 +46,7 @@ ai:AdminDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:AdminDisplayDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminDisplayDataPropertyTestData .
 
 ai:AdminDisplayDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3
index 544f3455fc..822eea399e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3
@@ -46,7 +46,7 @@ ai:AdminDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:AdminDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminDisplayFauxDataPropertyTestData .
          
 ai:AdminDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3
index 44c1a38724..1e5e965089 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3
@@ -46,7 +46,7 @@ ai:AdminDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:AdminDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminDisplayFauxObjectPropertyTestData .
          
 ai:AdminDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3
index 8dd572284f..0af0f57c0f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3
@@ -46,7 +46,7 @@ ai:AdminDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:AdminDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminDisplayObjectPropertyTestData .
          
 ai:AdminDisplayObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3
index 527486f38a..e400c5d202 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3
@@ -34,7 +34,7 @@ ai:AllowAdminPublishClassRule rdf:type ao:Rule;
          
 ai:AdminPublishClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminPublishClassTestData .
          
 ai:AdminPublishClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
index 8d86a4d2d6..e66c1743bd 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
@@ -46,7 +46,7 @@ ai:AdminPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:AdminPublishDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminPublishDataPropertyTestData .
          
 ai:AdminPublishDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3
index 40dad09966..9b2512d225 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3
@@ -46,7 +46,7 @@ ai:AdminPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:AdminPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminPublishFauxDataPropertyTestData .
          
 ai:AdminPublishFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3
index d959a9073e..03cc6c8a1a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3
@@ -46,7 +46,7 @@ ai:AdminPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:AdminPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminPublishFauxObjectPropertyTestData .
          
 ai:AdminPublishFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3
index 1b113aa80f..e368538075 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3
@@ -46,7 +46,7 @@ ai:AdminPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:AdminPublishObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminPublishObjectPropertyTestData .
          
 ai:AdminPublishObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3
index 62459d23ea..d10d9bdd51 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3
@@ -30,7 +30,7 @@ ai:AllowAdminSimplePermissions rdf:type ao:Rule;
           
 ai:PermissionNameInAdminAllowed rdf:type ao:Attribute ;
         ao:test ai:OneOf ;
-        ao:type ai:ObjectUri ;
+        ao:type ai:AccessObjectUri ;
         ao:setValue ai:AdminSimplePermissionsTestData .
 
 ai:AdminSimplePermissionsTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
index c4de1a4085..64c0ca2118 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
@@ -34,7 +34,7 @@ ai:AllowAdminUpdateClassRule rdf:type ao:Rule;
          
 ai:AdminUpdateClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateClassTestData .
          
 ai:AdminUpdateClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
index 951dad835f..04268df135 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
@@ -46,7 +46,7 @@ ai:AdminUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:AdminUpdateDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateDataPropertyTestData .
          
 ai:AdminUpdateDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
index a31bd25acf..e94acbd2ce 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
@@ -46,7 +46,7 @@ ai:AdminUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:AdminUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateFauxDataPropertyTestData .
          
 ai:AdminUpdateFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
index bfd58555fc..c9ce49dfce 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
@@ -46,7 +46,7 @@ ai:AdminUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:AdminUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateFauxObjectPropertyTestData .
          
 ai:AdminUpdateFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
index 7e8d6d42e5..1e9fbd470b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
@@ -46,7 +46,7 @@ ai:AdminUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:AdminUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateObjectPropertyTestData .
          
 ai:AdminUpdateObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3
index 60676cbd1d..20491906f4 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3
@@ -34,7 +34,7 @@ ai:AllowCuratorDisplayClassRule rdf:type ao:Rule;
          
 ai:CuratorDisplayClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorDisplayClassTestData .
          
 ai:CuratorDisplayClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
index 34b2d7721a..8c0be0adbd 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
@@ -46,7 +46,7 @@ ai:CuratorDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:CuratorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorDisplayDataPropertyTestData .
 
 ai:CuratorDisplayDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3
index 5a3ee2ba10..d8450bfcb3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3
@@ -46,7 +46,7 @@ ai:CuratorDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:CuratorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorDisplayFauxDataPropertyTestData .
          
 ai:CuratorDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3
index 5eabe48aa8..3432e1e04e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3
@@ -46,7 +46,7 @@ ai:CuratorDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:CuratorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorDisplayFauxObjectPropertyTestData .
          
 ai:CuratorDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3
index c18079872b..64c3f5b8e1 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3
@@ -46,7 +46,7 @@ ai:CuratorDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:CuratorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorDisplayObjectPropertyTestData .
          
 ai:CuratorDisplayObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3
index adc4aff06f..e82272d4de 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3
@@ -34,7 +34,7 @@ ai:AllowCuratorPublishClassRule rdf:type ao:Rule;
          
 ai:CuratorPublishClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorPublishClassTestData .
          
 ai:CuratorPublishClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3
index ea4024c0f6..03098c9ee0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3
@@ -46,7 +46,7 @@ ai:CuratorPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:CuratorPublishDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorPublishDataPropertyTestData .
          
 ai:CuratorPublishDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3
index ad23aa5048..77cdf007b5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3
@@ -46,7 +46,7 @@ ai:CuratorPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:CuratorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorPublishFauxDataPropertyTestData .
          
 ai:CuratorPublishFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3
index 8302eeb844..c461a7f17d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3
@@ -46,7 +46,7 @@ ai:CuratorPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:CuratorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorPublishFauxObjectPropertyTestData .
          
 ai:CuratorPublishFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3
index 9eab3a32b1..4148919550 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3
@@ -46,7 +46,7 @@ ai:CuratorPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:CuratorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorPublishObjectPropertyTestData .
          
 ai:CuratorPublishObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3
index 0fc6045eb7..d5701a16a5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3
@@ -30,7 +30,7 @@ ai:AllowCuratorSimplePermissions rdf:type ao:Rule;
           
 ai:PermissionNameInCuratorAllowed rdf:type ao:Attribute ;
         ao:test ai:OneOf ;
-        ao:type ai:ObjectUri ;
+        ao:type ai:AccessObjectUri ;
         ao:setValue ai:CuratorSimplePermissionsTestData .
 
 ai:CuratorSimplePermissionsTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
index db4a1f57c9..16d6bda2fe 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
@@ -34,7 +34,7 @@ ai:AllowCuratorUpdateClassRule rdf:type ao:Rule;
          
 ai:CuratorUpdateClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateClassTestData .
          
 ai:CuratorUpdateClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
index b42f9b5eee..ed93e04158 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
@@ -46,7 +46,7 @@ ai:CuratorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:CuratorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateDataPropertyTestData .
          
 ai:CuratorUpdateDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
index 176dae345f..a48477ea5a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
@@ -46,7 +46,7 @@ ai:CuratorUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:CuratorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateFauxDataPropertyTestData .
          
 ai:CuratorUpdateFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
index f0c1a1a932..3071c393eb 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
@@ -46,7 +46,7 @@ ai:CuratorUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:CuratorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateFauxObjectPropertyTestData .
          
 ai:CuratorUpdateFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
index 5bd00c9db6..8299b7333c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
@@ -46,7 +46,7 @@ ai:CuratorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:CuratorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateObjectPropertyTestData .
          
 ai:CuratorUpdateObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3
index c47599c95f..5676e113e3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3
@@ -34,7 +34,7 @@ ai:AllowEditorDisplayClassRule rdf:type ao:Rule;
          
 ai:EditorDisplayClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorDisplayClassTestData .
          
 ai:EditorDisplayClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3
index 5893811404..b2adac5eab 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3
@@ -46,7 +46,7 @@ ai:EditorDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:EditorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorDisplayDataPropertyTestData .
          
 ai:EditorDisplayDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3
index 36a5622606..cc06d53c02 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3
@@ -46,7 +46,7 @@ ai:EditorDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:EditorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorDisplayFauxDataPropertyTestData .
          
 ai:EditorDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3
index 1ee636931f..b04b749297 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3
@@ -46,7 +46,7 @@ ai:EditorDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:EditorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorDisplayFauxObjectPropertyTestData .
          
 ai:EditorDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3
index 2cfece9788..6e9a8042d7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3
@@ -46,7 +46,7 @@ ai:EditorDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:EditorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorDisplayObjectPropertyTestData .
          
 ai:EditorDisplayObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3
index fe42957867..cbd4160bb2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3
@@ -34,7 +34,7 @@ ai:AllowEditorPublishClassRule rdf:type ao:Rule;
          
 ai:EditorPublishClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorPublishClassTestData .
          
 ai:EditorPublishClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3
index 0cc328e0a5..2eb33eef78 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3
@@ -46,7 +46,7 @@ ai:EditorPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:EditorPublishDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorPublishDataPropertyTestData .
          
 ai:EditorPublishDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3
index e895701d7b..65d07a875f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3
@@ -46,7 +46,7 @@ ai:EditorPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:EditorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorPublishFauxDataPropertyTestData .
          
 ai:EditorPublishFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3
index d45baf60ba..33f5690bd3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3
@@ -46,7 +46,7 @@ ai:EditorPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:EditorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorPublishFauxObjectPropertyTestData .
          
 ai:EditorPublishFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3
index f1ecbc5412..63da030b64 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3
@@ -46,7 +46,7 @@ ai:EditorPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:EditorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorPublishObjectPropertyTestData .
          
 ai:EditorPublishObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3
index 056a777b6e..c2eebb2a3f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3
@@ -30,7 +30,7 @@ ai:AllowEditorSimplePermissions rdf:type ao:Rule;
           
 ai:PermissionNameInEditorAllowed rdf:type ao:Attribute ;
         ao:test ai:OneOf ;
-        ao:type ai:ObjectUri ;
+        ao:type ai:AccessObjectUri ;
         ao:setValue ai:EditorSimplePermissionsTestData .
 
 ai:EditorSimplePermissionsTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
index 0f7dbc52d8..298cf648c2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
@@ -34,7 +34,7 @@ ai:AllowEditorUpdateClassRule rdf:type ao:Rule;
          
 ai:EditorUpdateClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateClassTestData .
          
 ai:EditorUpdateClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
index a9bed27642..1846f5438d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
@@ -46,7 +46,7 @@ ai:EditorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:EditorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateDataPropertyTestData .
          
 ai:EditorUpdateDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
index ea2dd3c33a..ae7c4fba83 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
@@ -46,7 +46,7 @@ ai:EditorUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:EditorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateFauxDataPropertyTestData .
          
 ai:EditorUpdateFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
index 917901e9ab..1ce14349cd 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
@@ -46,7 +46,7 @@ ai:EditorUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:EditorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateFauxObjectPropertyTestData .
          
 ai:EditorUpdateFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
index 9859637ba1..bc2be24d48 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
@@ -46,7 +46,7 @@ ai:EditorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:EditorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateObjectPropertyTestData .
          
 ai:EditorUpdateObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3
index a4b926d2f3..ae6efaceb7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3
@@ -34,7 +34,7 @@ ai:AllowPublicDisplayClassRule rdf:type ao:Rule;
          
 ai:PublicDisplayClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicDisplayClassTestData .
          
 ai:PublicDisplayClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3
index cbfe027848..2f4c397cf4 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3
@@ -46,7 +46,7 @@ ai:PublicDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:PublicDisplayDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicDisplayDataPropertyTestData .
          
 ai:PublicDisplayDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3
index 4c8a8e7f1e..ac1f5ef6e9 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3
@@ -46,7 +46,7 @@ ai:PublicDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:PublicDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicDisplayFauxDataPropertyTestData .
          
 ai:PublicDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3
index 36eac84f37..29c7197331 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3
@@ -46,7 +46,7 @@ ai:PublicDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:PublicDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicDisplayFauxObjectPropertyTestData .
          
 ai:PublicDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3
index e843d56f4a..ae3dd4af55 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3
@@ -46,7 +46,7 @@ ai:PublicDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:PublicDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicDisplayObjectPropertyTestData .
          
 ai:PublicDisplayObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3
index 6162c2d5cb..aa18a08420 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3
@@ -30,7 +30,7 @@ ai:AllowPublicSimplePermissions rdf:type ao:Rule;
           
 ai:PermissionNameInPublicAllowed rdf:type ao:Attribute ;
         ao:test ai:OneOf ;
-        ao:type ai:ObjectUri ;
+        ao:type ai:AccessObjectUri ;
         ao:setValue ai:PublicSimplePermissionsTestData .
 
 ai:PublicSimplePermissionsTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
index 42c6fc848f..2838c7f5bb 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
@@ -34,7 +34,7 @@ ai:AllowPublicUpdateClassRule rdf:type ao:Rule;
          
 ai:PublicUpdateClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicUpdateClassTestData .
          
 ai:PublicUpdateClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
index 4011603c3a..f3d62a2930 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
@@ -46,7 +46,7 @@ ai:PublicUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:PublicUpdateDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicUpdateDataPropertyTestData .
          
 ai:PublicUpdateDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
index 424fccfe66..525515eac7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
@@ -46,7 +46,7 @@ ai:PublicUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:PublicUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicUpdateObjectPropertyTestData .
          
 ai:PublicUpdateObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3
index 23fddeb254..a9e214d2d6 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3
@@ -34,7 +34,7 @@ ai:AllowSelfEditorDisplayClassRule rdf:type ao:Rule;
          
 ai:SelfEditorDisplayClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayClassTestData .
          
 ai:SelfEditorDisplayClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
index e110869cd8..97088993a2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
@@ -46,7 +46,7 @@ ai:SelfEditorDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:SelfEditorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayDataPropertyTestData .
          
 ai:SelfEditorDisplayDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
index 7103236609..dafe69b256 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
@@ -46,7 +46,7 @@ ai:SelfEditorDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:SelfEditorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayFauxDataPropertyTestData .
          
 ai:SelfEditorDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
index 8469d69721..1a8bc58501 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
@@ -46,7 +46,7 @@ ai:SelfEditorDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
          
 ai:SelfEditorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayFauxObjectPropertyTestData .
          
 ai:SelfEditorDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
index 7aac7809f7..5d72b917e0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
@@ -46,7 +46,7 @@ ai:SelfEditorDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:SelfEditorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayObjectPropertyTestData .
          
 ai:SelfEditorDisplayObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3
index 725b350bbd..110b47a228 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3
@@ -34,7 +34,7 @@ ai:AllowSelfEditorPublishClassRule rdf:type ao:Rule;
          
 ai:SelfEditorPublishClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishClassTestData .
          
 ai:SelfEditorPublishClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
index de414bbc3b..2211c634a7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
@@ -46,7 +46,7 @@ ai:SelfEditorPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:SelfEditorPublishDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishDataPropertyTestData .
          
 ai:SelfEditorPublishDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
index be47dbb565..e089de9d2b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
@@ -46,7 +46,7 @@ ai:SelfEditorPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:SelfEditorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishFauxDataPropertyTestData .
          
 ai:SelfEditorPublishFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
index 3e32ddeeae..92c6fd178d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
@@ -46,7 +46,7 @@ ai:SelfEditorPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:SelfEditorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishFauxObjectPropertyTestData .
          
 ai:SelfEditorPublishFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
index f11f558ad3..d363b0518c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
@@ -46,7 +46,7 @@ ai:SelfEditorPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:SelfEditorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishObjectPropertyTestData .
          
 ai:SelfEditorPublishObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3
index fa5b02d8e2..2587a9c637 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3
@@ -30,7 +30,7 @@ ai:AllowSelfEditorSimplePermissions rdf:type ao:Rule;
           
 ai:PermissionNameInSelfEditorAllowed rdf:type ao:Attribute ;
         ao:test ai:OneOf ;
-        ao:type ai:ObjectUri ;
+        ao:type ai:AccessObjectUri ;
         ao:setValue ai:SelfEditorSimplePermissionsTestData .
 
 ai:SelfEditorSimplePermissionsTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
index 68c7df3384..2b13da6d64 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
@@ -34,7 +34,7 @@ ai:AllowSelfEditorUpdateClassRule rdf:type ao:Rule;
          
 ai:SelfEditorUpdateClassAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateClassTestData .
          
 ai:SelfEditorUpdateClassTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
index 9393e31083..47ceb970b4 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
@@ -47,7 +47,7 @@ ai:SelfEditorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:SelfEditorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateDataPropertyTestData .
          
 ai:SelfEditorUpdateDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
index 2f86cd350f..888cfb98cf 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
@@ -47,7 +47,7 @@ ai:SelfEditorUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:SelfEditorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateFauxDataPropertyTestData .
          
 ai:SelfEditorUpdateFauxDataPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
index b3f6896b05..65ac56c489 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
@@ -47,7 +47,7 @@ ai:SelfEditorUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:SelfEditorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateFauxObjectPropertyTestData .
          
 ai:SelfEditorUpdateFauxObjectPropertyTestData rdf:type ao:TestData ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
index 05ca02cc40..951e61050c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
@@ -47,7 +47,7 @@ ai:SelfEditorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
 
 ai:SelfEditorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:test ai:OneOf ;
-         ao:type ai:ObjectUri ;
+         ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateObjectPropertyTestData .
          
 ai:SelfEditorUpdateObjectPropertyTestData rdf:type ao:TestData ;

From b4adf1203700eaffd8040240abfb148518f7f347 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 12 Jun 2023 08:14:25 +0200
Subject: [PATCH 025/148] migration fixes

---
 .../vitro/webapp/migration/auth/AnnotationMigrator.java      | 4 ++--
 .../mannlib/vitro/webapp/migration/auth/AuthMigrator.java    | 5 +++++
 .../vitro/webapp/migration/auth/AnnotationMigratorTest.java  | 4 +++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
index 6dc989fc9a..5dc240ddbe 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
@@ -141,10 +141,10 @@ private Map<String, Map<OperationGroup, Set<String>>> getFauxConfigurations(Stri
     private void collectConfiguration(Map<String, Map<OperationGroup, Set<String>>> configs, QuerySolution qs) {
         String uri = qs.getResource("uri").getURI();
         String displayAnnotation = qs.getResource("display").getURI();
-        Set<String> displayRoles = showMap.get(displayAnnotation);
+        Set<String> displayRoles = new HashSet<>(showMap.get(displayAnnotation));
     
         String publishAnnotation = qs.getResource("publish").getURI();
-        Set<String> publishRoles = showMap.get(publishAnnotation);
+        Set<String> publishRoles = new HashSet<>(showMap.get(publishAnnotation));
         publishRoles.remove(ROLE_PUBLIC_URI);
     
         String updateAnnotation = qs.getResource("update").getURI();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index a2399fa85d..8e744375fa 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -94,6 +94,11 @@ static Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<Operati
                 EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToAdd, additions);
                 Set<String> rolesToRemove = new HashSet<>(allRoles);
                 rolesToRemove.removeAll(rolesToAdd);
+                //Don't remove public publish and update data sets, as there are no public policies for that operation groups  
+                if (OperationGroup.PUBLISH_GROUP.equals(og) ||
+                    OperationGroup.UPDATE_GROUP.equals(og)) {
+                    rolesToRemove.remove(ROLE_PUBLIC_URI);
+                }
                 EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToRemove, removals);
                 log.debug(String.format("Updated entity %s dataset for operation group %s access object type %s roles %s", entityUri, og, aot, rolesToAdd));
             }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java
index add849089e..2e4e9e4046 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java
@@ -1,6 +1,7 @@
 package edu.cornell.mannlib.vitro.webapp.migration.auth;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
 import java.io.ByteArrayOutputStream;
@@ -8,6 +9,7 @@
 import java.util.Map;
 import java.util.Set;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
 import org.junit.Test;
@@ -48,7 +50,7 @@ public void testConvertAnnotationConfiguration() {
         try(ByteArrayOutputStream baos = new ByteArrayOutputStream()){
             diff.write(baos, "TTL");
             String newData = baos.toString();
-            //System.out.println(newData);
+            assertFalse(StringUtils.isBlank(newData));
         } catch (IOException e) {
             e.printStackTrace();
         }

From 1ac683146207ce7480cf0de0b6d9977a727f731c Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 12 Jun 2023 08:15:46 +0200
Subject: [PATCH 026/148] naming fixes

---
 ...tTypeAttribute.java => AccessObjectTypeAttribute.java} | 8 ++++----
 .../vitro/webapp/auth/attributes/AttributeFactory.java    | 2 +-
 .../webapp/auth/attributes/SubjectTypeAttribute.java      | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{ObjectTypeAttribute.java => AccessObjectTypeAttribute.java} (76%)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java
similarity index 76%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java
index 8370e80863..1542c668ea 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ObjectTypeAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java
@@ -6,11 +6,11 @@
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
-public class ObjectTypeAttribute extends AbstractAttribute {
+public class AccessObjectTypeAttribute extends AbstractAttribute {
 
-    private static final Log log = LogFactory.getLog(ObjectTypeAttribute.class);
+    private static final Log log = LogFactory.getLog(AccessObjectTypeAttribute.class);
 
-    public ObjectTypeAttribute(String uri, String value) {
+    public AccessObjectTypeAttribute(String uri, String value) {
         super(uri, value);
     }
 
@@ -28,6 +28,6 @@ public boolean match(AuthorizationRequest ar) {
 
     @Override
     public AttributeType getAttributeType() {
-        return AttributeType.SUBJECT_TYPE;
+        return AttributeType.ACCESS_OBJECT_TYPE;
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
index 78d3d54a54..ec17e8532f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
@@ -25,7 +25,7 @@ public static Attribute createAttribute(QuerySolution qs) {
             at = new AccessObjectUriAttribute(attributeUri, value);
             break;
         case ACCESS_OBJECT_TYPE:
-            at = new ObjectTypeAttribute(attributeUri, value);
+            at = new AccessObjectTypeAttribute(attributeUri, value);
             break;
         case SUBJECT_TYPE:
             at = new SubjectTypeAttribute(attributeUri, value);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
index db8e3f4c08..6f5194fd91 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
@@ -30,6 +30,6 @@ public boolean match(AuthorizationRequest ar) {
 
     @Override
     public AttributeType getAttributeType() {
-        return AttributeType.ACCESS_OBJECT_TYPE;
+        return AttributeType.SUBJECT_TYPE;
     }
 }

From ce24a549fa722321295182d58ac8ebdfa5b15b0a Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 12 Jun 2023 08:17:04 +0200
Subject: [PATCH 027/148] provide empty uri if query template doesn't use
 person uri

---
 .../webapp/auth/attributes/AttributeValueTester.java      | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
index ce65904160..f953178b7b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
@@ -55,8 +55,12 @@ private static boolean sparqlQueryContains(Attribute attr, AuthorizationRequest
         }
         List<String> personUris = ar.getEditorUris();
         if (personUris.isEmpty()) {
-            log.debug("SparqlQueryContins person uri is empty");
-            return false;
+            if (queryTemplate.contains("?personUri")) {
+                log.debug("Subject has no person URIs");
+                return false;    
+            } else {
+                personUris.add("");
+            }
         }
         List<String> resourceUris = Arrays.asList(ao.getResourceUris());
         return ProximityChecker.isAanyRelated(m, resourceUris, personUris, queryTemplate);

From 54a27e7470737bcdac88130526340ca0ee66d8fa Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 12 Jun 2023 09:09:39 +0200
Subject: [PATCH 028/148] allow self editor access to related resource pages

---
 .../auth/policy/EditablePagesPolicyTest.java      |  5 +++--
 .../firsttime/policy_editable_pages.n3            | 15 +++++++++++++++
 .../rdf/accessControl/firsttime/test_values.n3    |  4 ++++
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
index ac26cdd993..fb1dff8dc3 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
@@ -2,7 +2,8 @@
 
 import static org.junit.Assert.assertTrue;
 
-import java.util.Collections;
+import java.util.Arrays;
+import java.util.HashSet;
 
 import org.junit.Test;
 
@@ -16,6 +17,6 @@ public void testLoadEditablePagesPolicy() {
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/EditIndividualPagesPolicy";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
-        countRulesAndAttributes(policy, 1, Collections.singleton(5));
+        countRulesAndAttributes(policy, 2, new HashSet<>(Arrays.asList(5,6)));
     }
 }
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index 8d35c45538..2a50b18996 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -11,6 +11,7 @@ ai:EditIndividualPagesPolicy rdf:type ao:Policy ;
           ao:rules ai:EditIndividualPagesRuleSet .
 
 ai:EditIndividualPagesRuleSet rdf:type ao:Rules ;
+          ao:rule ai:AllowEditRelatedPagesRule ;
           ao:rule ai:AllowEditIndividualPagesRule .
 
 ai:AllowEditIndividualPagesRule rdf:type ao:Rule;
@@ -19,6 +20,14 @@ ai:AllowEditIndividualPagesRule rdf:type ao:Rule;
           ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
           ao:attribute ai:SomeObjectUriAttribute ;
           ao:attribute ai:SomePredicateAttribute .
+          
+ai:AllowEditRelatedPagesRule rdf:type ao:Rule;
+          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+          ao:attribute ai:StatementObjectUriContainsSelfEditorResourceAttribute;
+          ao:attribute ai:AddOperationAttribute ;
+          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+          ao:attribute ai:SomeObjectUriAttribute ;
+          ao:attribute ai:SomePredicateAttribute .
          
 ai:SomePredicateAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
@@ -29,3 +38,9 @@ ai:SomeObjectUriAttribute rdf:type ao:Attribute ;
          ao:test ai:Equals ;
          ao:type ai:StatementObjectUri ;
          ao:value ai:SomeUriTestData .
+         
+ai:StatementObjectUriContainsSelfEditorResourceAttribute rdf:type ao:Attribute ;
+         ao:test ai:SparqlSelectQueryContains ;
+         ao:type ai:StatementSubjectUri ;
+         ao:value ai:PersonProfileProximityToResourceUri .
+
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3 b/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
index 8955a4a2fd..fa13ddc5b8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
@@ -73,6 +73,10 @@ ai:PersonProfileProximityToResourceUri rdf:type ao:TestData ;
                   ?roleUri <http://vivoweb.org/ontology/core#contributesTo> ?resourceUri .
                   ?resourceUri a <http://vivoweb.org/ontology/core#Service> .
                 }
+                UNION
+                { 
+                  BIND ( ?personUri as ?resourceUri)
+                }
         }
         """ .
 

From e5e9c10be19ca80a032c6cc32977610cc462cad8 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Mon, 12 Jun 2023 16:28:53 +0200
Subject: [PATCH 029/148] Defined order for attribute computation. Compute less
 expensive attributes first.

---
 .../auth/attributes/AbstractAttribute.java    | 26 ++++++++++
 .../webapp/auth/attributes/Attribute.java     |  3 ++
 .../vitro/webapp/auth/policy/PolicyStore.java |  2 +-
 .../vitro/webapp/auth/rules/AccessRule.java   |  4 +-
 .../webapp/auth/rules/AccessRuleImpl.java     | 49 ++++++++++++++-----
 .../vitro/webapp/auth/policy/PolicyTest.java  |  2 +-
 .../webapp/auth/rules/AccessRuleTest.java     | 32 ++++++++++++
 7 files changed, 101 insertions(+), 17 deletions(-)
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
index 1457632117..1b6a98f862 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
@@ -10,6 +10,8 @@ public abstract class AbstractAttribute implements Attribute {
     
     private Set<String> values = new HashSet<>();
     private String uri;
+    private long computationalCost;
+
     private TestType testType = TestType.EQUALS;
 
     public AbstractAttribute(String uri, String value) {
@@ -31,6 +33,7 @@ public TestType getTestType() {
     
     public void setTestType(TestType testType) {
         this.testType = testType;
+        adjustComputationCost(testType);
     }
     
     @Override
@@ -66,4 +69,27 @@ public int hashCode() {
                 .append(getValues())
                 .toHashCode();
     }
+
+    public long getComputationalCost() {
+        return computationalCost;
+    }
+    
+    private void adjustComputationCost(TestType testType) {
+        switch (testType) {
+        case ONE_OF:
+            computationalCost += 100;
+            return ;
+        case NOT_ONE_OF:
+            computationalCost += 100;
+            return ;
+        case STARTS_WITH:
+            computationalCost += 1000;
+            return ;
+        case SPARQL_SELECT_QUERY_CONTAINS:
+            computationalCost += 10000;
+            return ;
+        default :
+            return ;
+        }
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
index 4f0e08db3d..cc78fbc29b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
@@ -21,4 +21,7 @@ public interface Attribute {
     public void addValue(String value);
 
     public void setTestType(TestType valueOf);
+
+    public long getComputationalCost();
+
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
index 7702ef0086..bef2490a30 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
@@ -71,7 +71,7 @@ public int compare(Policy lps, Policy rps) {
                 if ( lps.getPriority() > rps.getPriority() ) {
                     return -1;
                 } else 
-                if (lps.getPriority() > rps.getPriority()) {
+                if (lps.getPriority() < rps.getPriority()) {
                     return 1;
                 }
                 return lps.getUri().compareTo(lps.getUri()); 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
index 3d323da109..cbe01992fd 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
@@ -2,7 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.rules;
 
-import java.util.Map;
+import java.util.List;
 import java.util.Set;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
@@ -19,7 +19,7 @@ public interface AccessRule {
 
     public void setRuleUri(String ruleUri);
     
-	public Map<String, Attribute> getAttributes();
+	public List<Attribute> getAttributes();
 	
 	public boolean match(AuthorizationRequest ar);
 	
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
index ad5bd98dee..c81115473e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
@@ -2,7 +2,11 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.rules;
 
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
@@ -16,12 +20,13 @@
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeType;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
-/**
- * A class of simple access rules.
- */
 public class AccessRuleImpl implements AccessRule {
     private static final Log log = LogFactory.getLog(AccessRuleImpl.class);
-    protected Map<String,Attribute> attributes = new HashMap<>();
+    protected Map<String,Attribute> attributeMap = new HashMap<>();
+    protected List<Attribute> attributes = new ArrayList<Attribute>();
+    private static final Comparator<Attribute> comparator = getAttributeComparator();
+
+
     private boolean allowMatched = true;
     private String ruleUri;
 
@@ -41,13 +46,13 @@ public void setRuleUri(String ruleUri) {
         this.ruleUri = ruleUri;
     }
     
-    public Map<String, Attribute> getAttributes() {
+    public List<Attribute> getAttributes() {
         return attributes;
     }
     
     public boolean match(AuthorizationRequest ar) {
-       for (Attribute a : attributes.values()) {
-           if (!a.match(ar)) {
+       for (Attribute attribute : attributes) {
+           if (!attribute.match(ar)) {
                return false;
            }
        }
@@ -55,10 +60,12 @@ public boolean match(AuthorizationRequest ar) {
     }
 
     public void addAttribute(Attribute attr) {
-        if (attributes.containsKey(attr.getUri())) {
+        if (attributeMap.containsKey(attr.getUri())) {
             log.error(String.format("attribute %s already exists in the rule",attr.getUri()));
         }
-        attributes.put(attr.getUri(), attr);
+        attributes.add(attr);
+        Collections.sort(attributes, comparator);
+        attributeMap.put(attr.getUri(), attr);
     }
 
     @Override
@@ -86,15 +93,15 @@ public int hashCode() {
     }
 
     public Set<String> getAttributeUris() {
-        return attributes.keySet();
+        return attributeMap.keySet();
     }
     
     public boolean containsAttributeUri(String uri) {
-        return attributes.containsKey(uri);
+        return attributeMap.containsKey(uri);
     }
 
     public Set<Attribute> getAttributesByType(AttributeType type){
-        return getAttributes().values().stream().filter(a -> a.getAttributeType().equals(type)).collect(Collectors.toSet());
+        return getAttributes().stream().filter(a -> a.getAttributeType().equals(type)).collect(Collectors.toSet());
     }
     
     public long getAttributesCount() {
@@ -102,7 +109,23 @@ public long getAttributesCount() {
     }
     
     public Attribute getAttribute(String uri) {
-        return attributes.get(uri);
+        return attributeMap.get(uri);
     }
     
+    private static Comparator<Attribute> getAttributeComparator() {
+        return new Comparator<Attribute>() {
+            @Override
+            public int compare(Attribute latt, Attribute ratt) {
+                if ( latt.getComputationalCost() > ratt.getComputationalCost() ) {
+                    return -1;
+                } else 
+                if (latt.getComputationalCost() < ratt.getComputationalCost()) {
+                    return 1;
+                }
+                return latt.getUri().compareTo(latt.getUri()); 
+            }
+        };
+    }
+
+    
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 8b599b1119..c511d0e78e 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -280,7 +280,7 @@ protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<
                 }
             }
             assertTrue(attrCount.contains(ar.getAttributes().size()));
-            for (Attribute att : ar.getAttributes().values()) {
+            for (Attribute att : ar.getAttributes()) {
                 assertTrue(att.getValues().size() > 0); 
             }
         }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
new file mode 100644
index 0000000000..9d310d8a2e
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
@@ -0,0 +1,32 @@
+package edu.cornell.mannlib.vitro.webapp.auth.rules;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.List;
+
+import org.junit.Test;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectUriAttribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.TestType;
+
+public class AccessRuleTest {
+
+    @Test
+    public void testAttributeOrderByComputationalCost() {
+        AccessRule rule = new AccessRuleImpl();
+        Attribute cheapAttribute = new AccessObjectUriAttribute("test:cheapAttributeUri", "test:objectUri");
+        cheapAttribute.setTestType(TestType.EQUALS);
+        Attribute affordableAttribute = new AccessObjectUriAttribute("test:affordableAttributeUri", "test:objectUri");
+        cheapAttribute.setTestType(TestType.ONE_OF);
+        Attribute expensiveAttribute = new AccessObjectUriAttribute("test:expensiveAttributeUri", "test:objectUri");
+        cheapAttribute.setTestType(TestType.SPARQL_SELECT_QUERY_CONTAINS);
+        rule.addAttribute(affordableAttribute);
+        rule.addAttribute(expensiveAttribute);
+        rule.addAttribute(cheapAttribute);
+        List<Attribute> list = rule.getAttributes();
+        assertEquals(cheapAttribute.getUri(), list.get(0).getUri());
+        assertEquals(affordableAttribute.getUri(), list.get(1).getUri());
+        assertEquals(expensiveAttribute.getUri(), list.get(2).getUri());
+    }
+}

From e1a8949e5450bfcc17d4b7c57002431498e73974 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Tue, 13 Jun 2023 09:06:09 +0200
Subject: [PATCH 030/148] fix faux object property/data property policies

---
 .../auth/objects/AccessObjectStatement.java   | 13 +++++++++---
 ...FauxDataPropertyStatementAccessObject.java | 21 +++++++------------
 ...uxObjectPropertyStatementAccessObject.java | 21 +++++++------------
 .../webapp/auth/policy/PolicyHelper.java      |  1 -
 .../webapp/auth/rules/AccessRuleImpl.java     |  3 +++
 .../BaseIndividualTemplateModel.java          |  3 ---
 .../individual/DataPropertyTemplateModel.java | 17 +++++++--------
 .../ObjectPropertyTemplateModel.java          | 20 +++++++++++-------
 .../PropertyGroupTemplateModel.java           |  9 ++++----
 .../individual/PropertyTemplateModel.java     |  6 ++++--
 .../firsttime/policy_admin_update_class.n3    |  2 +-
 .../policy_admin_update_data_property.n3      |  2 +-
 .../policy_admin_update_faux_data_property.n3 |  2 +-
 ...olicy_admin_update_faux_object_property.n3 |  2 +-
 .../policy_admin_update_object_property.n3    |  2 +-
 .../firsttime/policy_curator_update_class.n3  |  2 +-
 .../policy_curator_update_data_property.n3    |  4 ++--
 ...olicy_curator_update_faux_data_property.n3 |  4 ++--
 ...icy_curator_update_faux_object_property.n3 |  4 ++--
 .../policy_curator_update_object_property.n3  |  4 ++--
 .../firsttime/policy_editor_update_class.n3   |  2 +-
 .../policy_editor_update_data_property.n3     |  4 ++--
 ...policy_editor_update_faux_data_property.n3 |  4 ++--
 ...licy_editor_update_faux_object_property.n3 |  4 ++--
 .../policy_editor_update_object_property.n3   |  4 ++--
 .../firsttime/policy_public_update_class.n3   |  2 +-
 .../policy_public_update_data_property.n3     |  4 ++--
 .../policy_public_update_object_property.n3   |  4 ++--
 .../policy_self_editor_update_class.n3        |  2 +-
 ...policy_self_editor_update_data_property.n3 |  4 ++--
 ...y_self_editor_update_faux_data_property.n3 |  4 ++--
 ...self_editor_update_faux_object_property.n3 |  4 ++--
 ...licy_self_editor_update_object_property.n3 |  4 ++--
 33 files changed, 94 insertions(+), 94 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java
index f9c15a5bb3..962eec7634 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java
@@ -1,5 +1,6 @@
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
+
 import org.apache.jena.rdf.model.Model;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
@@ -46,11 +47,17 @@ public void setObject(String object) {
 
 
     public String[] getResourceUris(AccessObjectType type) {
-        if (AccessObjectType.DATA_PROPERTY_STATEMENT.equals(type)) {
+        switch (type) {
+        case DATA_PROPERTY_STATEMENT:
             return new String[] { getSubject() };
-        } else if (AccessObjectType.OBJECT_PROPERTY_STATEMENT.equals(type)) {
+        case OBJECT_PROPERTY_STATEMENT:
+            return new String[] { getSubject(), getObject() };
+        case FAUX_DATA_PROPERTY_STATEMENT:
+            return new String[] { getSubject(), getObject() };
+        case FAUX_OBJECT_PROPERTY_STATEMENT:
             return new String[] { getSubject(), getObject() };
+        default: 
+            return new String[0];
         }
-        return new String[0];
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java
index 7a5d644c2d..972439153c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java
@@ -5,15 +5,16 @@
 import org.apache.jena.ontology.OntModel;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxDataPropertyWrapper;
+import edu.cornell.mannlib.vitro.webapp.beans.FauxProperty;
 
 public class FauxDataPropertyStatementAccessObject extends AccessObject {
 
-    public FauxDataPropertyStatementAccessObject(OntModel ontModel, String subjectUri, FauxDataPropertyWrapper predicate, String dataValue) {
+    private FauxProperty predicate;
+
+    public FauxDataPropertyStatementAccessObject(OntModel ontModel, String subjectUri, FauxProperty predicate, String dataValue) {
         setStatementOntModel(ontModel);
         setStatementSubject(subjectUri);
-        setStatementPredicate(predicate);
+        this.predicate = predicate;
         setStatementObject(dataValue);
     }
 
@@ -24,19 +25,11 @@ public AccessObjectType getType() {
     
     @Override
     public String getStatementPredicateUri() {
-        if (statement == null || statement.getPredicate() == null) {
-            return null;
-        }
-        Property predicate = getPredicate();
-        if (predicate instanceof FauxDataPropertyWrapper) {
-            return ((FauxDataPropertyWrapper) predicate).getConfigUri();
-        }
-        return predicate.getURI();
+        return predicate.getConfigUri();
     }
     
     @Override
     public String toString() {
-        Property predicate = getPredicate();
-        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + ((FauxDataPropertyWrapper) predicate).getConfigUri() + "> <"+ getStatementObject() + ">";
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + predicate.getConfigUri() + "> <"+ getStatementObject() + ">";
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
index 4fbabee3ac..ae5fc123a7 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
@@ -5,15 +5,16 @@
 import org.apache.jena.rdf.model.Model;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.beans.Property;
-import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxObjectPropertyWrapper;
+import edu.cornell.mannlib.vitro.webapp.beans.FauxProperty;
 
 public class FauxObjectPropertyStatementAccessObject extends AccessObject {
 
-	public FauxObjectPropertyStatementAccessObject(Model ontModel, String subjectUri, FauxObjectPropertyWrapper predicate, String objectUri) {
+	private FauxProperty predicate;
+
+    public FauxObjectPropertyStatementAccessObject(Model ontModel, String subjectUri, FauxProperty fauxProperty, String objectUri) {
 	    setStatementOntModel(ontModel);
         setStatementSubject(subjectUri);
-        setStatementPredicate(predicate);
+        predicate = fauxProperty;
         setStatementObject(objectUri);
 	}
 
@@ -24,19 +25,11 @@ public AccessObjectType getType() {
     
     @Override
     public String getStatementPredicateUri() {
-        if (statement == null || statement.getPredicate() == null) {
-            return null;
-        }
-        Property predicate = getPredicate();
-        if (predicate instanceof FauxObjectPropertyWrapper) {
-            return ((FauxObjectPropertyWrapper) predicate).getConfigUri();
-        }
-        return predicate.getURI();
+        return predicate.getConfigUri();
     }
 
     @Override
     public String toString() {
-        Property predicate = getPredicate();
-        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + ((FauxObjectPropertyWrapper) predicate).getConfigUri() + "> <"+ getStatementObject() + ">";
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + predicate.getConfigUri() + "> <"+ getStatementObject() + ">";
     }
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
index a3ee21abbd..02291eae74 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
@@ -10,7 +10,6 @@
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
index c81115473e..008c695183 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
@@ -53,6 +53,9 @@ public List<Attribute> getAttributes() {
     public boolean match(AuthorizationRequest ar) {
        for (Attribute attribute : attributes) {
            if (!attribute.match(ar)) {
+               if (log.isDebugEnabled()) {
+                   log.debug(String.format("Attribute %s didn't match", attribute.getUri()));    
+               }
                return false;
            }
        }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
index be4a39a94a..47b9aa6bf1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
@@ -2,7 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_LITERAL;
 import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_PREDICATE;
 import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
 
@@ -19,11 +18,9 @@
 
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
-import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java
index e80a4a25fd..59354e7179 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java
@@ -17,6 +17,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.FauxDataPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
@@ -102,11 +103,11 @@ public String toString() {
         }
 
         if ( editing ) {
-        	setAddUrl(dp);
+        	setAddUrl();
         }
     }
 
-    protected void setAddUrl(Property property) {
+    protected void setAddUrl() {
 
         DataProperty dp = (DataProperty) property;
         // NIHVIVO-2790 vitro:moniker now included in the display, but don't allow new statements
@@ -134,14 +135,12 @@ protected void setAddUrl(Property property) {
         // Determine whether a new statement can be added
 		String fauxContextUri = null;
 		AccessObject action;
-		if (isFauxProperty(property)){
-			FauxPropertyWrapper fauxPropertywrapper = ((FauxPropertyWrapper) property);
-			fauxContextUri = fauxPropertywrapper.getContextUri();
-			action = new DataPropertyStatementAccessObject(
-					vreq.getJenaOntModel(), subjectUri, fauxPropertywrapper.getConfigUri(), SOME_LITERAL);
+		if (fauxProperty != null){
+			fauxContextUri = fauxProperty.getContextUri();
+			action = new FauxDataPropertyStatementAccessObject(
+					vreq.getJenaOntModel(), subjectUri, fauxProperty, SOME_LITERAL);
 		} else {
-			action = new DataPropertyStatementAccessObject(
-					vreq.getJenaOntModel(), subjectUri, propertyUri, SOME_LITERAL);
+			action = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, dp, SOME_LITERAL);
 		}
         if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.ADD) ) {
             return;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java
index 3a6e8494c9..7b1cb1d669 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java
@@ -18,6 +18,7 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.FauxObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
@@ -110,20 +111,25 @@ public String toString() {
         objectKey = getQueryObjectVariableName();
 
         if (editing) {
-        	setAddUrl(op);
+        	setAddUrl();
         }
     }
 
-    protected void setAddUrl(Property property) {
+    protected void setAddUrl() {
     	// Is the add link suppressed for this property?
     	if (property.isAddLinkSuppressed()) {
     		return;
     	}
 
         // Determine whether a new statement can be added
-		AccessObject action = new ObjectPropertyStatementAccessObject(
-				vreq.getJenaOntModel(), subjectUri, property, SOME_URI);
-        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.ADD) ) {
+		AccessObject ao; 
+		if (fauxProperty != null) {
+		    ao = new FauxObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, fauxProperty, SOME_URI);
+		} else {
+	        ao = new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, property, SOME_URI);
+		}
+		
+        if ( ! PolicyHelper.isAuthorizedForActions(vreq, ao, AccessOperation.ADD) ) {
             return;
         }
 
@@ -140,8 +146,8 @@ protected void setAddUrl(Property property) {
                     "subjectUri", subjectUri,
                     "predicateUri", propertyUri);
     		
-            if (isFauxProperty(property)){
-                String fauxPropertyContextUri = ((FauxPropertyWrapper)property).getContextUri();
+            if (fauxProperty != null){
+                String fauxPropertyContextUri = fauxProperty.getContextUri();
                 params.put("fauxContextUri", fauxPropertyContextUri);
             } 
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java
index 462c68b0bf..44b73d5b70 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java
@@ -23,6 +23,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
+import edu.cornell.mannlib.vitro.webapp.beans.FauxProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
@@ -37,8 +38,6 @@ public class PropertyGroupTemplateModel extends BaseTemplateModel {
     private final String name;
     private final List<PropertyTemplateModel> properties;
 
-
-
     PropertyGroupTemplateModel(VitroRequest vreq, PropertyGroup group,
             Individual subject, boolean editing,
             List<DataProperty> populatedDataPropertyList,
@@ -89,7 +88,8 @@ private boolean allowedToDisplay(VitroRequest vreq, ObjectProperty op, Individua
 		}
         //TODO: Model should be here to correctly check authorization
 		if (op instanceof FauxObjectPropertyWrapper) {
-			ao = new FauxObjectPropertyStatementAccessObject(null, subject.getURI(), (FauxObjectPropertyWrapper) op, SOME_URI);
+			final FauxProperty fauxProperty = ((FauxObjectPropertyWrapper) op).getFauxProperty();
+            ao = new FauxObjectPropertyStatementAccessObject(null, subject.getURI(), fauxProperty, SOME_URI);
 		} else {
 			ao = new ObjectPropertyStatementAccessObject(null, subject.getURI(), op, SOME_URI);
 		}
@@ -112,7 +112,8 @@ private boolean allowedToDisplay(VitroRequest vreq, DataProperty dp, Individual
 		}
         //TODO: Model should be here to correctly check authorization
 		if (dp instanceof FauxDataPropertyWrapper) {
-			ao = new FauxDataPropertyStatementAccessObject(null, subject.getURI(), (FauxDataPropertyWrapper) dp, SOME_LITERAL);
+		    final FauxProperty fauxProperty = ((FauxDataPropertyWrapper) dp).getFauxProperty();
+			ao = new FauxDataPropertyStatementAccessObject(null, subject.getURI(), fauxProperty, SOME_LITERAL);
 		} else {
 			ao = new DataPropertyStatementAccessObject(null, subject.getURI(), dp, SOME_LITERAL);
 		}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java
index 1e8e8afa13..e9af25f9a1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java
@@ -40,12 +40,14 @@ public abstract class PropertyTemplateModel extends BaseTemplateModel {
     private String name;
     private int displayLimit;
 
+    protected FauxProperty fauxProperty;
+
     PropertyTemplateModel(Property property, Individual subject, VitroRequest vreq, String name) {
         this.vreq = vreq;
         subjectUri = subject.getURI();
         this.property = property;
         if (isFauxProperty(property)) {
-            FauxProperty fauxProperty = getFauxProperty(property);
+            fauxProperty = getFauxProperty(property);
             this.name = fauxProperty.getDisplayName();
             this.displayLimit = fauxProperty.getDisplayLimit();
             propertyUri = fauxProperty.getBaseURI();
@@ -58,7 +60,7 @@ public abstract class PropertyTemplateModel extends BaseTemplateModel {
         setVerboseDisplayValues(property);
     }
 
-    private FauxProperty getFauxProperty(Property property) {
+    protected FauxProperty getFauxProperty(Property property) {
         return ((FauxPropertyWrapper) property).getFauxProperty();
     }
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
index 64c0ca2118..baea9fbc5e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
@@ -28,7 +28,7 @@ ai:AdminUpdateClassPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowAdminUpdateClassRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ClassTypeAttribute ;
           ao:attribute ai:AdminUpdateClassAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
index 04268df135..973f0cd042 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
@@ -29,7 +29,7 @@ ai:AdminUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowAdminUpdateDataPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:DataPropertyTypeAttribute ;
           ao:attribute ai:AdminUpdateDataPropertyAttribute .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
index e94acbd2ce..3645c536e1 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
@@ -29,7 +29,7 @@ ai:AdminUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowAdminUpdateFauxDataPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxDataPropertyTypeAttribute ;
           ao:attribute ai:AdminUpdateFauxDataPropertyAttribute .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
index c9ce49dfce..8048f6aab9 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
@@ -29,7 +29,7 @@ ai:AdminUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowAdminUpdateFauxObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxObjectPropertyTypeAttribute ;
           ao:attribute ai:AdminUpdateFauxObjectPropertyAttribute .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
index 1e9fbd470b..c681e9d468 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
@@ -29,7 +29,7 @@ ai:AdminUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowAdminUpdateObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ObjectPropertyTypeAttribute ;
           ao:attribute ai:AdminUpdateObjectPropertyAttribute .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
index 16d6bda2fe..5fe3d578c9 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
@@ -28,7 +28,7 @@ ai:CuratorUpdateClassPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowCuratorUpdateClassRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ClassTypeAttribute ;
           ao:attribute ai:CuratorUpdateClassAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
index ed93e04158..0c774c9664 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
@@ -29,13 +29,13 @@ ai:CuratorUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowCuratorUpdateDataPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:DataPropertyTypeAttribute ;
           ao:attribute ai:CuratorUpdateDataPropertyAttribute .
           
 ai:AllowCuratorUpdateDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:DataPropertyStatementTypeAttribute ;
           ao:attribute ai:CuratorUpdateDataPropertyStatementAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
index a48477ea5a..0cb295a7e2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
@@ -29,13 +29,13 @@ ai:CuratorUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowCuratorUpdateFauxDataPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxDataPropertyTypeAttribute ;
           ao:attribute ai:CuratorUpdateFauxDataPropertyAttribute .
 
 ai:AllowCuratorUpdateFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
           ao:attribute ai:CuratorUpdateFauxDataPropertyStatementAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
index 3071c393eb..c27a070dd2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
@@ -29,13 +29,13 @@ ai:CuratorUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowCuratorUpdateFauxObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxObjectPropertyTypeAttribute ;
           ao:attribute ai:CuratorUpdateFauxObjectPropertyAttribute .
 
 ai:AllowCuratorUpdateFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
           ao:attribute ai:CuratorUpdateFauxObjectPropertyStatementAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
index 8299b7333c..c69d0b9845 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
@@ -29,13 +29,13 @@ ai:CuratorUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowCuratorUpdateObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ObjectPropertyTypeAttribute ;
           ao:attribute ai:CuratorUpdateObjectPropertyAttribute .
 
 ai:AllowCuratorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
           ao:attribute ai:CuratorUpdateObjectPropertyStatementAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
index 298cf648c2..fd0720427c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
@@ -28,7 +28,7 @@ ai:EditorUpdateClassPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowEditorUpdateClassRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ClassTypeAttribute ;
           ao:attribute ai:EditorUpdateClassAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
index 1846f5438d..2608eee0a0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
@@ -29,13 +29,13 @@ ai:EditorUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowEditorUpdateDataPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:DataPropertyTypeAttribute ;
           ao:attribute ai:EditorUpdateDataPropertyAttribute .
 
 ai:AllowEditorUpdateDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:DataPropertyStatementTypeAttribute ;
           ao:attribute ai:EditorUpdateDataPropertyStatementAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
index ae7c4fba83..57304880c7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
@@ -29,13 +29,13 @@ ai:EditorUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowEditorUpdateFauxDataPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxDataPropertyTypeAttribute ;
           ao:attribute ai:EditorUpdateFauxDataPropertyAttribute .
 
 ai:AllowEditorUpdateFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
           ao:attribute ai:EditorUpdateFauxDataPropertyStatementAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
index 1ce14349cd..6656efd779 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
@@ -29,13 +29,13 @@ ai:EditorUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowEditorUpdateFauxObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxObjectPropertyTypeAttribute ;
           ao:attribute ai:EditorUpdateFauxObjectPropertyAttribute .
 
 ai:AllowEditorUpdateFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
           ao:attribute ai:EditorUpdateFauxObjectPropertyStatementAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
index bc2be24d48..ca3faecb26 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
@@ -29,13 +29,13 @@ ai:EditorUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowEditorUpdateObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ObjectPropertyTypeAttribute ;
           ao:attribute ai:EditorUpdateObjectPropertyAttribute .
 
 ai:AllowEditorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
           ao:attribute ai:EditorUpdateObjectPropertyStatementAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
index 2838c7f5bb..30ea1c9269 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
@@ -28,7 +28,7 @@ ai:PublicUpdateClassPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowPublicUpdateClassRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ClassTypeAttribute ;
           ao:attribute ai:PublicUpdateClassAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
index f3d62a2930..9506b53930 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
@@ -29,13 +29,13 @@ ai:PublicUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowPublicUpdateDataPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:DataPropertyTypeAttribute ;
           ao:attribute ai:PublicUpdateDataPropertyAttribute .
 
 ai:AllowPublicUpdateDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:DataPropertyStatementTypeAttribute ;
           ao:attribute ai:PublicUpdateDataPropertyStatementAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
index 525515eac7..0d916a7464 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
@@ -29,13 +29,13 @@ ai:PublicUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowPublicUpdateObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ObjectPropertyTypeAttribute ;
           ao:attribute ai:PublicUpdateObjectPropertyAttribute .
 
 ai:AllowPublicUpdateObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
           ao:attribute ai:PublicUpdateObjectPropertyStatementAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
index 2b13da6d64..57865bb5ea 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
@@ -28,7 +28,7 @@ ai:SelfEditorUpdateClassPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowSelfEditorUpdateClassRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ClassTypeAttribute ;
           ao:attribute ai:SelfEditorUpdateClassAttribute .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
index 47ceb970b4..a619550b99 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
@@ -29,13 +29,13 @@ ai:SelfEditorUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowSelfEditorUpdateDataPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:DataPropertyTypeAttribute ;
           ao:attribute ai:SelfEditorUpdateDataPropertyAttribute .
 
 ai:AllowSelfEditorUpdateDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:DataPropertyStatementTypeAttribute ;
           ao:attribute ai:SelfEditorRelatedResourcesAttribute ;
           ao:attribute ai:SelfEditorUpdateDataPropertyStatementAttribute .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
index 888cfb98cf..441a0fb5be 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
@@ -29,13 +29,13 @@ ai:SelfEditorUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowSelfEditorUpdateFauxDataPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxDataPropertyTypeAttribute ;
           ao:attribute ai:SelfEditorUpdateFauxDataPropertyAttribute .
 
 ai:AllowSelfEditorUpdateFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
           ao:attribute ai:SelfEditorRelatedResourcesAttribute ;
           ao:attribute ai:SelfEditorUpdateFauxDataPropertyStatementAttribute .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
index 65ac56c489..21f37ab863 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
@@ -29,13 +29,13 @@ ai:SelfEditorUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowSelfEditorUpdateFauxObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxObjectPropertyTypeAttribute ;
           ao:attribute ai:SelfEditorUpdateFauxObjectPropertyAttribute .
 
 ai:AllowSelfEditorUpdateFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
           ao:attribute ai:SelfEditorRelatedResourcesAttribute ;
           ao:attribute ai:SelfEditorUpdateFauxObjectPropertyStatementAttribute .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
index 951e61050c..c80d8386ab 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
@@ -29,13 +29,13 @@ ai:SelfEditorUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
 
 ai:AllowSelfEditorUpdateObjectPropertyRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ObjectPropertyTypeAttribute ;
           ao:attribute ai:SelfEditorUpdateObjectPropertyAttribute .
 
 ai:AllowSelfEditorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateOperationAttribute ;
+          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
           ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
           ao:attribute ai:SelfEditorRelatedResourcesAttribute ;
           ao:attribute ai:SelfEditorUpdateObjectPropertyStatementAttribute .

From 2293b8c1a78b9a5fd769c98ac732c71c86df0cba Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Tue, 13 Jun 2023 09:08:19 +0200
Subject: [PATCH 031/148] Workaround for ARM conversion: all faux properties to
 policy datasets when base property is in dataset.

---
 .../webapp/migration/auth/ArmMigrator.java    | 71 +++++++++++++++----
 .../migration/auth/ArmMigratorTest.java       |  9 +--
 2 files changed, 61 insertions(+), 19 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
index bba9e5d577..87ddfe5dbf 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
@@ -109,26 +109,67 @@ protected StringBuilder getStatementsToRemove() {
         }
         return removals;
     }
+    
+    private Set<String> getFauxByBase(String baseUri) {
+        Set<String> entities = new HashSet<>();
+        String queryText = getQueryText(AccessObjectType.FAUX_OBJECT_PROPERTY);
+        RDFService service = getRdfService(AccessObjectType.FAUX_OBJECT_PROPERTY);
+        try {
+            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, service);
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                String entity = qs.getResource("uri").getURI();
+                String base = qs.getResource("base").getURI();
+                if (baseUri.equals(base)) {
+                    entities.add(entity);
+                }
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        }
+        return entities;
+    }
 
     protected void collectAdditions(Map<AccessObjectType, Set<String>> entityTypeMap, StringBuilder additions) {
+        
         for (String role : armRoles) {
             String newRole = roleMap.get(role);
             for (String operation : armOperations) {
                 String permissionUri = getArmPermissionSubject(operation, role);
-                Set<String> entities = getArmEntites(permissionUri);
+                Set<String> armEntities = getArmEntites(permissionUri);
                 OperationGroup og = operationMap.get(operation);
-                for (AccessObjectType aot : entityTypes) {
-                    if (entities.isEmpty()) {
-                        continue;
+                Set<String> addFauxOP = new HashSet<>();
+                Set<String> addFauxDP = new HashSet<>();
+                for (AccessObjectType type : entityTypes) {
+                    Set<String> allTypeEntitities = entityTypeMap.get(type);
+                    HashSet<String> intersectionEntities = new HashSet<>(armEntities);
+                    intersectionEntities.retainAll(allTypeEntitities);
+                    
+                    //Workaround for ARM behavior 
+                    if (AccessObjectType.OBJECT_PROPERTY.equals(type)) {
+                        //find all faux object properties for each of base property from entityUri set
+                        //and add to the list of additional faux object properties
+                        for (String entity: intersectionEntities) {
+                            Set<String> faux = getFauxByBase(entity);
+                            addFauxOP.addAll(faux);
+                        }
                     }
-                    Set<String> retainEntitities = entityTypeMap.get(aot);
-                    if (retainEntitities.isEmpty()) {
-                        continue;
+                    if (AccessObjectType.DATA_PROPERTY.equals(type)) {
+                        //find all faux data properties for each of base property from entityUri set
+                        //and add to the list of additional faux data properties
+                        for (String entity: intersectionEntities) {
+                            Set<String> faux = getFauxByBase(entity);
+                            addFauxDP.addAll(faux);
+                        }
+                    }
+                    if (AccessObjectType.FAUX_OBJECT_PROPERTY.equals(type)) {
+                        intersectionEntities.addAll(addFauxOP);
+                    }
+                    if (AccessObjectType.FAUX_DATA_PROPERTY.equals(type)) {
+                        intersectionEntities.addAll(addFauxDP);
                     }
-                    HashSet<String> typeEntities = new HashSet<>(entities);
-                    typeEntities.retainAll(retainEntitities);
-                    for (String entityUri : typeEntities) {
-                        EntityPolicyController.getDataValueStatements(entityUri, aot, og, Collections.singleton(newRole), additions);    
+                    for (String entityUri : intersectionEntities) {
+                        EntityPolicyController.getDataValueStatements(entityUri, type, og, Collections.singleton(newRole), additions);    
                     }
                 }
             }
@@ -154,15 +195,15 @@ private void addEntitiesForType(AccessObjectType type, Map<AccessObjectType, Set
                 String entity = qs.getResource("uri").getURI();
                 if (AccessObjectType.FAUX_DATA_PROPERTY.equals(type)){
                     String baseUri = qs.getResource("base").getURI();
-                    Set<String> set = map.get(AccessObjectType.DATA_PROPERTY);
-                    if (!set.contains(baseUri)) {
+                    Set<String> dataPropSet = map.get(AccessObjectType.DATA_PROPERTY);
+                    if (!dataPropSet.contains(baseUri)) {
                         continue;
                     }
                 }
                 if (AccessObjectType.FAUX_OBJECT_PROPERTY.equals(type)){
                     String baseUri = qs.getResource("base").getURI();
-                    Set<String> set = map.get(AccessObjectType.OBJECT_PROPERTY);
-                    if (!set.contains(baseUri)) {
+                    Set<String> objectPropSet = map.get(AccessObjectType.OBJECT_PROPERTY);
+                    if (!objectPropSet.contains(baseUri)) {
                         continue;
                     }
                 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index d389e332a5..0e07545973 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -100,14 +100,15 @@ public void migrateConfigurationTest() {
         StringBuilder additions = new StringBuilder();
         armMigrator.collectAdditions(entityTypeMap, additions);
         String stringResult = additions.toString();
+        System.out.println(stringResult);
         assertFalse(stringResult.isEmpty());
-        assertEquals(15, getCount("\n", stringResult));
-        assertEquals(15, getCount(dataValue, stringResult));
+        assertEquals(18, getCount("\n", stringResult));
+        assertEquals(18, getCount(dataValue, stringResult));
         assertEquals(3, getCount(OBJECT_PROPERTY_URI, stringResult));
         assertEquals(3, getCount(CLASS_URI, stringResult));
         assertEquals(3, getCount(DATA_PROPERTY_URI, stringResult));
-        assertEquals(3, getCount(FAUX_DATA_PROPERTY_URI, stringResult));
-        assertEquals(3, getCount(FAUX_OBJECT_PROPERTY_URI, stringResult));
+        assertEquals(5, getCount(FAUX_DATA_PROPERTY_URI, stringResult));
+        assertEquals(4, getCount(FAUX_OBJECT_PROPERTY_URI, stringResult));
     }
     
     private static long getCount(String pattern, String lines) {

From 0a0c5156a680a74f59381e6fc795e5b1cce58d15 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Tue, 13 Jun 2023 10:40:02 +0200
Subject: [PATCH 032/148] more fixes for faux propery access objects

---
 .../webapp/auth/policy/DynamicPolicy.java     |  3 --
 .../webapp/auth/policy/PolicyHelper.java      |  8 +--
 .../webapp/auth/policy/PolicyLoader.java      |  2 +-
 .../EditRequestDispatchController.java        | 50 +++++++++++--------
 .../DataPropertyStatementTemplateModel.java   | 34 +++++--------
 .../individual/DataPropertyTemplateModel.java |  2 +-
 .../ObjectPropertyStatementTemplateModel.java |  8 +--
 .../ObjectPropertyTemplateModel.java          |  4 +-
 .../PropertyStatementTemplateModel.java       | 10 ++++
 .../individual/PropertyTemplateModel.java     |  5 ++
 10 files changed, 66 insertions(+), 60 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
index 0dce08b502..25fe248dae 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
@@ -46,9 +46,6 @@ public DynamicPolicy(String uri, long priority) {
     @Override
     public PolicyDecision decide(AuthorizationRequest ar) {
         AccessObject whatToAuth = ar.getAccessObject();
-        //if (ac_subject == null) {
-        //    return defaultDecision("whomToAuth was null");
-        //}
         if (whatToAuth == null) {
             return defaultDecision("whatToAuth was null");
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
index 02291eae74..b515a4863e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
@@ -126,13 +126,9 @@ private static boolean actionRequestIsAuthorized(IdentifierBundle ids, AccessObj
 	}
 
 	private static void debug(AuthorizationRequest ar, PolicyDecision decision) {
-	    if (true) {//log.isDebugEnabled()
+	    if (log.isDebugEnabled()) {
 	        AccessObject ao = ar.getAccessObject();
-            log.error(String.format("Request for %s on object %s resulted in decision %s", ar.getAccessOperation(), ao, decision.getDecisionResult()));
-	        if (ao == null) {
-	            Throwable t = new Throwable();
-                log.error(t, t);
-	        }
+            log.debug(String.format("Request for %s on object %s resulted in decision %s", ar.getAccessOperation(), ao, decision.getDecisionResult()));
 	    }
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 2ec93f40fd..f4506555d8 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -642,7 +642,7 @@ private static boolean isInvalidPolicySolution(String uri, QuerySolution qs) {
 
     private static void debug(String template, Object... objects) {
         if (log.isDebugEnabled()) {
-            log.error(String.format(template, objects));
+            log.debug(String.format(template, objects));
         }
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
index 93f093937a..30357232e5 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
@@ -2,8 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.edit.n3editing.controller;
 
-import static edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUtils.getPredicateUri;
-
 import java.util.HashMap;
 import java.util.Map;
 
@@ -20,6 +18,8 @@
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.FauxDataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.FauxObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
@@ -82,33 +82,43 @@ protected AuthorizationRequest requiredActions(VitroRequest vreq) {
 		String objectUri = EditConfigurationUtils.getObjectUri(vreq);
 		String domainUri = EditConfigurationUtils.getDomainUri(vreq);
 		String rangeUri = EditConfigurationUtils.getRangeUri(vreq);
-		String fauxContextUri = getFauxConfigUri(vreq);
-		if(!StringUtils.isBlank(fauxContextUri)) {
-			predicateUri = fauxContextUri;
-		}
+		FauxProperty fauxProperty = getFauxConfigUri(vreq);
 		Property predicateProp = new Property();
 		predicateProp.setURI(predicateUri);
 		predicateProp.setDomainVClassURI(domainUri);
 		predicateProp.setRangeVClassURI(rangeUri);
 		OntModel ontModel = ModelAccess.on(vreq).getOntModel();
-		ObjectPropertyStatementAccessObject objectPropertyAction;
-		AccessOperation ao;
+		AccessObject objectPropertyAccessObject;
+		AccessObject dataPropertyAccessObject;
+		AccessOperation accessOperation;
 		if (StringUtils.isBlank(objectUri)) {
-			objectPropertyAction = new ObjectPropertyStatementAccessObject(ontModel, subjectUri, predicateProp, AccessObject.SOME_URI);
-			ao = AccessOperation.ADD;
+		    if (fauxProperty == null) {
+		        objectPropertyAccessObject = new ObjectPropertyStatementAccessObject(ontModel, subjectUri, predicateProp, AccessObject.SOME_URI);    
+		    } else {
+		        objectPropertyAccessObject = new FauxObjectPropertyStatementAccessObject(ontModel, subjectUri, fauxProperty, AccessObject.SOME_URI);
+		    }
+			accessOperation = AccessOperation.ADD;
 		} else {
-            objectPropertyAction = new ObjectPropertyStatementAccessObject(ontModel, subjectUri, predicateProp, objectUri);
+		    if (fauxProperty == null) {
+		        objectPropertyAccessObject = new ObjectPropertyStatementAccessObject(ontModel, subjectUri, predicateProp, objectUri);
+		    } else {
+	            objectPropertyAccessObject = new FauxObjectPropertyStatementAccessObject(ontModel, subjectUri, fauxProperty, objectUri);
+		    }
 			if (isDeleteForm(vreq)) {
-				ao = AccessOperation.DROP;
+				accessOperation = AccessOperation.DROP;
 			} else {
-				ao = AccessOperation.EDIT;
+				accessOperation = AccessOperation.EDIT;
 			}
 		}
-		final DataPropertyStatementAccessObject editDataPropertyStatement = new DataPropertyStatementAccessObject(ontModel, subjectUri, predicateUri, objectUri);
+		if (fauxProperty == null) {
+		    dataPropertyAccessObject = new DataPropertyStatementAccessObject(ontModel, subjectUri, predicateUri, objectUri);    
+		} else {
+		    dataPropertyAccessObject = new FauxDataPropertyStatementAccessObject(ontModel, subjectUri, fauxProperty, objectUri);
+		}
         boolean isAuthorized = PolicyHelper.isAuthorizedForActions(vreq, 
 		        AuthorizationRequest.or(
-		                new SimpleAuthorizationRequest(editDataPropertyStatement, AccessOperation.EDIT), 
-		                new SimpleAuthorizationRequest(objectPropertyAction, ao)));
+		                new SimpleAuthorizationRequest(dataPropertyAccessObject, AccessOperation.EDIT), 
+		                new SimpleAuthorizationRequest(objectPropertyAccessObject, accessOperation)));
 		if (!isAuthorized) {
 			// If request is for new individual, return simple do back end editing action permission
 			if (StringUtils.isNotEmpty(EditConfigurationUtils.getTypeOfNew(vreq))) {
@@ -120,16 +130,14 @@ protected AuthorizationRequest requiredActions(VitroRequest vreq) {
 		return isAuthorized? SimplePermission.DO_FRONT_END_EDITING.ACTION: AuthorizationRequest.UNAUTHORIZED;
 	}
 	
-    public static String getFauxConfigUri(VitroRequest vreq) {
+    public static FauxProperty getFauxConfigUri(VitroRequest vreq) {
     	String fauxContextUri = vreq.getParameter("fauxContextUri");
     	if (fauxContextUri != null) {
         	WebappDaoFactory wdf = vreq.getWebappDaoFactory();
         	FauxProperty fp = wdf.getFauxPropertyDao().getFauxPropertyFromContextUri(fauxContextUri);
-        	if (fp != null) {
-        		return fp.getConfigUri();	
-        	}
+        	return fp;
     	} 
-    	return "";
+    	return null;
     }
     
     	private boolean isIndividualDeletion(VitroRequest vreq) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java
index 191740093e..2e49c7c671 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java
@@ -10,6 +10,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.FauxDataPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
@@ -47,9 +48,8 @@ private String makeDeleteUrl() {
         // Determine whether the statement can be deleted
 		DataPropertyStatement dps = makeStatement();
         AccessObject action;
-        if (property instanceof FauxPropertyWrapper) {
-            DataPropertyStatement dpfs = makeFauxStatement();
-            action = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), dpfs);
+        if (isFaux()) {
+            action = new FauxDataPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, fauxProperty, literalValue.getLexicalForm());
         } else {
             action = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), dps);
         }
@@ -64,8 +64,8 @@ private String makeDeleteUrl() {
                 "datapropKey", makeHash(dps),
                 "cmd", "delete");
 
-        if (property instanceof FauxPropertyWrapper) {
-            params.put("fauxContextUri",((FauxPropertyWrapper)property).getContextUri());
+        if (isFaux()) {
+            params.put("fauxContextUri",fauxProperty.getContextUri());
         }
         
         params.put("templateName", templateName);
@@ -83,15 +83,14 @@ private String makeEditUrl() {
 
         // Determine whether the statement can be edited
 		DataPropertyStatement dps = makeStatement();
-        AccessObject action;
-        if (property instanceof FauxPropertyWrapper) {
-            DataPropertyStatement dpfs = makeFauxStatement();
-            action = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), dpfs);
+        AccessObject ao;
+        if (isFaux()) {
+            ao = new FauxDataPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, fauxProperty, literalValue.getLexicalForm());
         } else {
-            action = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), dps);
+            ao = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), dps);
         }
 		
-        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.EDIT) ) {
+        if ( ! PolicyHelper.isAuthorizedForActions(vreq, ao, AccessOperation.EDIT) ) {
             return "";
         }
 
@@ -100,8 +99,8 @@ private String makeEditUrl() {
                 "predicateUri", property.getURI(),
                 "datapropKey", makeHash(dps));
 
-        if (property instanceof FauxPropertyWrapper) {
-            params.put("fauxContextUri",((FauxPropertyWrapper)property).getContextUri());
+        if (isFaux()) {
+            params.put("fauxContextUri",fauxProperty.getContextUri());
         }
         
         if ( deleteUrl.isEmpty() ) {
@@ -121,15 +120,6 @@ private DataPropertyStatement makeStatement() {
 		dps.setDatatypeURI(literalValue.getDatatypeURI());
 		return dps;
 	}
-	
-	private DataPropertyStatement makeFauxStatement() {
-		DataPropertyStatement dps;
-		dps = new DataPropertyStatementImpl(subjectUri, ((FauxPropertyWrapper)property).getConfigUri(), literalValue.getLexicalForm());	
-		// Language and datatype are needed to get the correct hash value
-		dps.setLanguage(literalValue.getLanguage());
-		dps.setDatatypeURI(literalValue.getDatatypeURI());
-		return dps;
-	}
 
 	private String makeHash(DataPropertyStatement dps) {
         // Language and datatype are needed to get the correct hash value
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java
index 59354e7179..0e805fb15a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java
@@ -135,7 +135,7 @@ protected void setAddUrl() {
         // Determine whether a new statement can be added
 		String fauxContextUri = null;
 		AccessObject action;
-		if (fauxProperty != null){
+		if (isFaux()){
 			fauxContextUri = fauxProperty.getContextUri();
 			action = new FauxDataPropertyStatementAccessObject(
 					vreq.getJenaOntModel(), subjectUri, fauxProperty, SOME_LITERAL);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
index 5fe2f53976..c3d800c9d2 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
@@ -73,8 +73,8 @@ private String makeDeleteUrl() {
                 "cmd", "delete",
                 "objectKey", objectKey);
 
-        if (property instanceof FauxPropertyWrapper) {
-            params.put("fauxContextUri", ((FauxPropertyWrapper) property).getContextUri());
+        if (isFaux()) {
+            params.put("fauxContextUri", fauxProperty.getContextUri());
         }
 
         for ( String key : data.keySet() ) {
@@ -127,8 +127,8 @@ private String makeEditUrl() {
                 "predicateUri", property.getURI(),
                 "objectUri", objectUri);
 
-        if (property instanceof FauxPropertyWrapper) {
-            params.put("fauxContextUri",((FauxPropertyWrapper)property).getContextUri());
+        if (isFaux()) {
+            params.put("fauxContextUri", fauxProperty.getContextUri());
         }
         
         if ( deleteUrl.isEmpty() ) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java
index 7b1cb1d669..041d4bf292 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java
@@ -123,7 +123,7 @@ protected void setAddUrl() {
 
         // Determine whether a new statement can be added
 		AccessObject ao; 
-		if (fauxProperty != null) {
+		if (isFaux()) {
 		    ao = new FauxObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, fauxProperty, SOME_URI);
 		} else {
 	        ao = new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, property, SOME_URI);
@@ -146,7 +146,7 @@ protected void setAddUrl() {
                     "subjectUri", subjectUri,
                     "predicateUri", propertyUri);
     		
-            if (fauxProperty != null){
+            if (isFaux()){
                 String fauxPropertyContextUri = fauxProperty.getContextUri();
                 params.put("fauxContextUri", fauxPropertyContextUri);
             } 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyStatementTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyStatementTemplateModel.java
index 6ca8296edb..86e3b89d7f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyStatementTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyStatementTemplateModel.java
@@ -2,6 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual;
 
+import edu.cornell.mannlib.vitro.webapp.beans.FauxProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.web.templatemodels.BaseTemplateModel;
@@ -12,11 +13,16 @@ public abstract class PropertyStatementTemplateModel extends BaseTemplateModel {
     protected final VitroRequest vreq;
     protected final String subjectUri;
     protected final Property property;
+    protected FauxProperty fauxProperty;
+
 
     PropertyStatementTemplateModel(String subjectUri, Property property, VitroRequest vreq) {
         this.vreq = vreq;
         this.subjectUri = subjectUri;
         this.property = property;
+        if (property instanceof FauxPropertyWrapper) {
+            fauxProperty = ((FauxPropertyWrapper) property).getFauxProperty();
+        }
     }
 
     /* Template properties */
@@ -26,5 +32,9 @@ public abstract class PropertyStatementTemplateModel extends BaseTemplateModel {
     public boolean isEditable() {
         return ! getEditUrl().isEmpty();
     }
+    
+    protected boolean isFaux() {
+        return fauxProperty != null;
+    }
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java
index e9af25f9a1..b19191076a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java
@@ -165,4 +165,9 @@ public String getAddUrl() {
     public Map<String, Object> getVerboseDisplay() {
         return verboseDisplay;
     }
+    
+    protected boolean isFaux() {
+        return fauxProperty != null;
+    }
+    
 }

From 9a58d9e3fcdb7c1f35514c9bffd2c13c0d806958 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <git@litvinovg.pro>
Date: Tue, 13 Jun 2023 10:48:19 +0200
Subject: [PATCH 033/148] Removed debug statements

---
 .../vitro/webapp/auth/attributes/AttributeValueTester.java      | 2 +-
 .../cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java  | 2 +-
 .../mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java    | 1 -
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
index f953178b7b..9788f5506d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
@@ -50,7 +50,7 @@ private static boolean sparqlQueryContains(Attribute attr, AuthorizationRequest
         AccessObject ao = ar.getAccessObject();
         Model m = ao.getStatementOntModel();
         if (m == null) {
-            log.error("SparqlQueryContains model is not provided");
+            log.debug("SparqlQueryContains model is not provided");
             return false;
         }
         List<String> personUris = ar.getEditorUris();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index f4506555d8..340d4de716 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -235,7 +235,7 @@ public void loadPolicies() {
             debug("Loading policy %s", uri);
             DynamicPolicy policy = loadPolicy(uri);
             if (policy != null) {
-                log.info("Loaded policy " + uri);
+                log.debug("Loaded policy " + uri);
                 // take policy priority into account
                 PolicyStore.getInstance().add(policy);
             }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index 0e07545973..44df0d14d7 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -100,7 +100,6 @@ public void migrateConfigurationTest() {
         StringBuilder additions = new StringBuilder();
         armMigrator.collectAdditions(entityTypeMap, additions);
         String stringResult = additions.toString();
-        System.out.println(stringResult);
         assertFalse(stringResult.isEmpty());
         assertEquals(18, getCount("\n", stringResult));
         assertEquals(18, getCount(dataValue, stringResult));

From b84cde191b357d585260d174fa773df94d67a2ba Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 22 Aug 2023 16:43:59 +0200
Subject: [PATCH 034/148] Fixed formatting to match maven checkstyle rules

---
 .../vitro/webapp/auth/RootUserSetup.java      | 335 +++++++-------
 .../auth/attributes/AbstractAttribute.java    |  44 +-
 .../auth/attributes/AccessObjectType.java     |  12 +-
 .../attributes/AccessObjectTypeAttribute.java |   5 +-
 .../attributes/AccessObjectUriAttribute.java  |   5 +-
 .../webapp/auth/attributes/Attribute.java     |   8 +-
 .../auth/attributes/AttributeFactory.java     |  67 ++-
 .../auth/attributes/AttributeValueTester.java |  49 +-
 .../auth/attributes/OperationAttribute.java   |   3 +-
 .../auth/attributes/ProximityChecker.java     |  20 +-
 .../auth/attributes/QueryResultsMapCache.java |  61 +--
 .../StatementObjectUriAttribute.java          |   5 +-
 .../StatementPredicateUriAttribute.java       |   5 +-
 .../StatementSubjectUriAttribute.java         |   5 +-
 .../auth/attributes/SubjectRoleAttribute.java |   5 +-
 .../auth/attributes/SubjectTypeAttribute.java |   7 +-
 .../webapp/auth/attributes/TestType.java      |   2 +-
 .../IdentifierPermissionSetProvider.java      | 111 +++--
 .../webapp/auth/objects/AccessObject.java     |  27 +-
 .../webapp/auth/objects/AccessObjectImpl.java |  70 +--
 .../auth/objects/AccessObjectStatement.java   |  25 +-
 .../objects/DataPropertyAccessObject.java     |  11 +-
 .../DataPropertyStatementAccessObject.java    |  14 +-
 .../objects/FauxDataPropertyAccessObject.java |   4 +-
 ...FauxDataPropertyStatementAccessObject.java |  13 +-
 .../FauxObjectPropertyAccessObject.java       |   2 +-
 ...uxObjectPropertyStatementAccessObject.java |  17 +-
 .../objects/ObjectPropertyAccessObject.java   |   9 +-
 .../ObjectPropertyStatementAccessObject.java  |  17 +-
 .../webapp/auth/objects/RootAccessObject.java |   2 +-
 .../webapp/auth/policy/DynamicPolicy.java     |  23 +-
 .../auth/policy/EntityPolicyController.java   |  39 +-
 .../vitro/webapp/auth/policy/Policies.java    |   4 +-
 .../auth/policy/PolicyDecisionPoint.java      |  27 +-
 .../webapp/auth/policy/PolicyLoader.java      | 163 ++++---
 .../vitro/webapp/auth/policy/PolicyStore.java |  19 +-
 .../webapp/auth/policy/ifaces/Policy.java     |   9 +-
 .../AllowedAuthorizationRequest.java          |   2 +-
 .../AndAuthorizationRequest.java              |  27 +-
 .../OrAuthorizationRequest.java               |  30 +-
 .../SimpleAuthorizationRequest.java           |   4 +-
 .../vitro/webapp/auth/rules/AccessRule.java   |  18 +-
 .../webapp/auth/rules/AccessRuleFactory.java  |   7 +-
 .../webapp/auth/rules/AccessRuleImpl.java     |  54 ++-
 .../filters/FilterByDisplayPermission.java    | 132 +++---
 .../migration/auth/AnnotationMigrator.java    |  98 ++--
 .../webapp/migration/auth/ArmMigrator.java    | 148 +++---
 .../webapp/migration/auth/AuthMigrator.java   |  87 ++--
 .../webapp/auth/policy/BasicPolicyTest.java   |  56 +--
 .../auth/policy/EditablePagesPolicyTest.java  |   6 +-
 .../policy/EntityPolicyControllerTest.java    |  24 +-
 .../webapp/auth/policy/EntityPolicyTests.java | 315 ++++++++-----
 .../HomeMenuItemsRestrictionPolicyTest.java   |  15 +-
 .../NonModifiableStatementsPolicyTest.java    |  72 +--
 .../webapp/auth/policy/PolicyStoreTest.java   |   8 +-
 .../vitro/webapp/auth/policy/PolicyTest.java  | 425 ++++++++++--------
 .../webapp/auth/policy/ProximityTest.java     |  23 +-
 .../auth/policy/RootUserPolicyTest.java       |   4 +-
 .../policy/SimplePermissionPolicyTest.java    |  33 +-
 .../webapp/auth/rules/AccessRuleTest.java     |   3 +-
 .../auth/AnnotationMigratorTest.java          |  22 +-
 .../migration/auth/ArmMigratorTest.java       |  69 +--
 .../migration/auth/AuthMigratorTest.java      |  16 +-
 63 files changed, 1530 insertions(+), 1412 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/RootUserSetup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/RootUserSetup.java
index 05005c8f56..b6dbb966f1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/RootUserSetup.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/RootUserSetup.java
@@ -8,196 +8,175 @@
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount.Status;
 import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
 import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
 import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
 import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 /**
  *
- * On setup, check to see that the specified root user exists. If not, create
- * it. If we can't create it, abort.
+ * On setup, check to see that the specified root user exists. If not, create it. If we can't create it, abort.
  *
  * If any other root users exist, warn about them.
  */
 public class RootUserSetup implements ServletContextListener {
-	private static final Log log = LogFactory.getLog(RootUserSetup.class);
-
-	private static final String PROPERTY_ROOT_USER_EMAIL = "rootUser.emailAddress";
-	/*
-	 * UQAM Add-Feature For parameterization of rootUser
-	 */
-	private static final String PROPERTY_ROOT_USER_PASSWORD = "rootUser.password";
-	private static final String PROPERTY_ROOT_USER_PASSWORD_CHANGE_REQUIRED = "rootUser.passwordChangeRequired";
-
-	private static final String ROOT_USER_INITIAL_PASSWORD = "rootPassword";
-	private static final String ROOT_USER_INITIAL_PASSWORD_CHANGE_REQUIRED = "true";
-
-	// ----------------------------------------------------------------------
-	// Setup class
-	// ----------------------------------------------------------------------
-
-	private ServletContext ctx;
-	private StartupStatus ss;
-	private UserAccountsDao uaDao;
-	private ConfigurationProperties cp;
-	private String configuredRootUser;
-	private boolean configuredRootUserExists;
-	private TreeSet<String> otherRootUsers;
-
-	@Override
-	public void contextInitialized(ServletContextEvent sce) {
-		ctx = sce.getServletContext();
-		ss = StartupStatus.getBean(ctx);
-		cp = ConfigurationProperties.getBean(ctx);
-
-		try {
-			uaDao = ModelAccess.on(ctx).getWebappDaoFactory()
-					.getUserAccountsDao();
-			configuredRootUser = getRootEmailFromConfig();
-
-			otherRootUsers = getEmailsOfAllRootUsers();
-			configuredRootUserExists = otherRootUsers
-					.remove(configuredRootUser);
-
-			if (configuredRootUserExists) {
-				if (otherRootUsers.isEmpty()) {
-					informThatRootUserExists();
-				} else {
-					complainAboutMultipleRootUsers();
-				}
-			} else {
-				createRootUser();
-				if (!otherRootUsers.isEmpty()) {
-					complainAboutWrongRootUsers();
-				}
-			}
-		} catch (Exception e) {
-			ss.fatal(this, "Failed to set up the RootUserPolicy", e);
-		}
-	}
-
-	private String getRootEmailFromConfig() {
-		String email = ConfigurationProperties.getBean(ctx).getProperty(
-				PROPERTY_ROOT_USER_EMAIL);
-		if (email == null) {
-			throw new IllegalStateException(
-					"runtime.properties must contain a value for '"
-							+ PROPERTY_ROOT_USER_EMAIL + "'");
-		} else {
-			return email;
-		}
-	}
-
-	private TreeSet<String> getEmailsOfAllRootUsers() {
-		TreeSet<String> rootUsers = new TreeSet<String>();
-		for (UserAccount ua : uaDao.getAllUserAccounts()) {
-			if (ua.isRootUser()) {
-				rootUsers.add(ua.getEmailAddress());
-			}
-		}
-		return rootUsers;
-	}
-
-	/**
-	 * TODO The first and last name should be left blank, so the user will
-	 * be forced to edit them. However, that's not in place yet.
-	 */
-	private void createRootUser() {
-		if (!Authenticator.isValidEmailAddress(configuredRootUser)) {
-			throw new IllegalStateException("Value for '"
-					+ PROPERTY_ROOT_USER_EMAIL
-					+ "' is not a valid email address: '"
-					+ configuredRootUser + "'");
-		}
-
-		if (null != uaDao.getUserAccountByEmail(configuredRootUser)) {
-			throw new IllegalStateException("Can't create root user - "
-					+ "an account already exists with email address '"
-					+ configuredRootUser + "'");
-		}
-
-		UserAccount ua = new UserAccount();
-		ua.setEmailAddress(configuredRootUser);
-		ua.setFirstName("root");
-		ua.setLastName("user");
-		// UQAM Add-Feature using getRootPasswordFromConfig()
-		ua.setArgon2Password(Authenticator.applyArgon2iEncoding(
-				getRootPasswordFromConfig()));
-		ua.setMd5Password("");
-		// UQAM Add-Feature using getRootPasswdChangeRequiredFromConfig()
-		ua.setPasswordChangeRequired(getRootPasswdChangeRequiredFromConfig().booleanValue());
-		ua.setStatus(Status.ACTIVE);
-		ua.setRootUser(true);
-
-		uaDao.insertUserAccount(ua);
-
-		StartupStatus.getBean(ctx).info(this,
-				"Created root user '" + configuredRootUser + "'");
-	}
-
-	private void informThatRootUserExists() {
-		ss.info(this, "Root user is " + configuredRootUser);
-	}
-
-	private void complainAboutMultipleRootUsers() {
-		for (String other : otherRootUsers) {
-			ss.warning(this, "runtime.properties specifies '"
-					+ configuredRootUser + "' as the value for '"
-					+ PROPERTY_ROOT_USER_EMAIL
-					+ "', but the system also contains this root user: "
-					+ other);
-		}
-		ss.warning(this, "For security, "
-				+ "it is best to delete unneeded root user accounts.");
-	}
-
-	private void complainAboutWrongRootUsers() {
-		for (String other : otherRootUsers) {
-			ss.warning(this, "runtime.properties specifies '"
-					+ configuredRootUser + "' as the value for '"
-					+ PROPERTY_ROOT_USER_EMAIL
-					+ "', but the system contains this root user instead: "
-					+ other);
-		}
-		ss.warning(this, "Creating root user '" + configuredRootUser + "'");
-		ss.warning(this, "For security, "
-				+ "it is best to delete unneeded root user accounts.");
-	}
-	/*
-	 * UQAM Add-Feature
-	 * Add for getting rootUser.password property value from runtime.properties
-	 */
-	private String getRootPasswordFromConfig() {
-		String passwd = ConfigurationProperties.getBean(ctx).getProperty(
-				PROPERTY_ROOT_USER_PASSWORD);
-		if (passwd == null) {
-			passwd = ROOT_USER_INITIAL_PASSWORD;
-		}
-		return passwd;
-	}
-
-	/*
-	 * UQAM Add-Feature
-	 * Add for getting rootUser.passwordChangeRequired  property value  from runtime.properties
-	 */
-	private Boolean getRootPasswdChangeRequiredFromConfig() {
-		String passwdCR = ConfigurationProperties.getBean(ctx).getProperty(
-				PROPERTY_ROOT_USER_PASSWORD_CHANGE_REQUIRED);
-		if (passwdCR == null) {
-			passwdCR = ROOT_USER_INITIAL_PASSWORD_CHANGE_REQUIRED;
-		}
-		return new Boolean(passwdCR);
-	}
-	@Override
-	public void contextDestroyed(ServletContextEvent sce) {
-		// Nothing to destroy
-	}
+    private static final Log log = LogFactory.getLog(RootUserSetup.class);
+
+    private static final String PROPERTY_ROOT_USER_EMAIL = "rootUser.emailAddress";
+    /*
+     * UQAM Add-Feature For parameterization of rootUser
+     */
+    private static final String PROPERTY_ROOT_USER_PASSWORD = "rootUser.password";
+    private static final String PROPERTY_ROOT_USER_PASSWORD_CHANGE_REQUIRED = "rootUser.passwordChangeRequired";
+
+    private static final String ROOT_USER_INITIAL_PASSWORD = "rootPassword";
+    private static final String ROOT_USER_INITIAL_PASSWORD_CHANGE_REQUIRED = "true";
+
+    // ----------------------------------------------------------------------
+    // Setup class
+    // ----------------------------------------------------------------------
+
+    private ServletContext ctx;
+    private StartupStatus ss;
+    private UserAccountsDao uaDao;
+    private ConfigurationProperties cp;
+    private String configuredRootUser;
+    private boolean configuredRootUserExists;
+    private TreeSet<String> otherRootUsers;
+
+    @Override
+    public void contextInitialized(ServletContextEvent sce) {
+        ctx = sce.getServletContext();
+        ss = StartupStatus.getBean(ctx);
+        cp = ConfigurationProperties.getBean(ctx);
+
+        try {
+            uaDao = ModelAccess.on(ctx).getWebappDaoFactory().getUserAccountsDao();
+            configuredRootUser = getRootEmailFromConfig();
+
+            otherRootUsers = getEmailsOfAllRootUsers();
+            configuredRootUserExists = otherRootUsers.remove(configuredRootUser);
+
+            if (configuredRootUserExists) {
+                if (otherRootUsers.isEmpty()) {
+                    informThatRootUserExists();
+                } else {
+                    complainAboutMultipleRootUsers();
+                }
+            } else {
+                createRootUser();
+                if (!otherRootUsers.isEmpty()) {
+                    complainAboutWrongRootUsers();
+                }
+            }
+        } catch (Exception e) {
+            ss.fatal(this, "Failed to set up the RootUserPolicy", e);
+        }
+    }
+
+    private String getRootEmailFromConfig() {
+        String email = ConfigurationProperties.getBean(ctx).getProperty(PROPERTY_ROOT_USER_EMAIL);
+        if (email == null) {
+            throw new IllegalStateException(
+                    "runtime.properties must contain a value for '" + PROPERTY_ROOT_USER_EMAIL + "'");
+        } else {
+            return email;
+        }
+    }
+
+    private TreeSet<String> getEmailsOfAllRootUsers() {
+        TreeSet<String> rootUsers = new TreeSet<String>();
+        for (UserAccount ua : uaDao.getAllUserAccounts()) {
+            if (ua.isRootUser()) {
+                rootUsers.add(ua.getEmailAddress());
+            }
+        }
+        return rootUsers;
+    }
+
+    /**
+     * TODO The first and last name should be left blank, so the user will be forced to edit them. However, that's not
+     * in place yet.
+     */
+    private void createRootUser() {
+        if (!Authenticator.isValidEmailAddress(configuredRootUser)) {
+            throw new IllegalStateException("Value for '" + PROPERTY_ROOT_USER_EMAIL
+                    + "' is not a valid email address: '" + configuredRootUser + "'");
+        }
+
+        if (null != uaDao.getUserAccountByEmail(configuredRootUser)) {
+            throw new IllegalStateException("Can't create root user - "
+                    + "an account already exists with email address '" + configuredRootUser + "'");
+        }
+
+        UserAccount ua = new UserAccount();
+        ua.setEmailAddress(configuredRootUser);
+        ua.setFirstName("root");
+        ua.setLastName("user");
+        // UQAM Add-Feature using getRootPasswordFromConfig()
+        ua.setArgon2Password(Authenticator.applyArgon2iEncoding(getRootPasswordFromConfig()));
+        ua.setMd5Password("");
+        // UQAM Add-Feature using getRootPasswdChangeRequiredFromConfig()
+        ua.setPasswordChangeRequired(getRootPasswdChangeRequiredFromConfig().booleanValue());
+        ua.setStatus(Status.ACTIVE);
+        ua.setRootUser(true);
+
+        uaDao.insertUserAccount(ua);
+
+        StartupStatus.getBean(ctx).info(this, "Created root user '" + configuredRootUser + "'");
+    }
+
+    private void informThatRootUserExists() {
+        ss.info(this, "Root user is " + configuredRootUser);
+    }
+
+    private void complainAboutMultipleRootUsers() {
+        for (String other : otherRootUsers) {
+            ss.warning(this, "runtime.properties specifies '" + configuredRootUser + "' as the value for '"
+                    + PROPERTY_ROOT_USER_EMAIL + "', but the system also contains this root user: " + other);
+        }
+        ss.warning(this, "For security, " + "it is best to delete unneeded root user accounts.");
+    }
+
+    private void complainAboutWrongRootUsers() {
+        for (String other : otherRootUsers) {
+            ss.warning(this, "runtime.properties specifies '" + configuredRootUser + "' as the value for '"
+                    + PROPERTY_ROOT_USER_EMAIL + "', but the system contains this root user instead: " + other);
+        }
+        ss.warning(this, "Creating root user '" + configuredRootUser + "'");
+        ss.warning(this, "For security, " + "it is best to delete unneeded root user accounts.");
+    }
+
+    /*
+     * UQAM Add-Feature Add for getting rootUser.password property value from runtime.properties
+     */
+    private String getRootPasswordFromConfig() {
+        String passwd = ConfigurationProperties.getBean(ctx).getProperty(PROPERTY_ROOT_USER_PASSWORD);
+        if (passwd == null) {
+            passwd = ROOT_USER_INITIAL_PASSWORD;
+        }
+        return passwd;
+    }
+
+    /*
+     * UQAM Add-Feature Add for getting rootUser.passwordChangeRequired property value from runtime.properties
+     */
+    private Boolean getRootPasswdChangeRequiredFromConfig() {
+        String passwdCR = ConfigurationProperties.getBean(ctx).getProperty(PROPERTY_ROOT_USER_PASSWORD_CHANGE_REQUIRED);
+        if (passwdCR == null) {
+            passwdCR = ROOT_USER_INITIAL_PASSWORD_CHANGE_REQUIRED;
+        }
+        return new Boolean(passwdCR);
+    }
+
+    @Override
+    public void contextDestroyed(ServletContextEvent sce) {
+        // Nothing to destroy
+    }
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
index 1b6a98f862..acdec8897e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
@@ -7,7 +7,7 @@
 import org.apache.commons.lang3.builder.HashCodeBuilder;
 
 public abstract class AbstractAttribute implements Attribute {
-    
+
     private Set<String> values = new HashSet<>();
     private String uri;
     private long computationalCost;
@@ -18,7 +18,7 @@ public AbstractAttribute(String uri, String value) {
         this.uri = uri;
         values.add(value);
     }
-    
+
     public String getUri() {
         return uri;
     }
@@ -26,21 +26,21 @@ public String getUri() {
     public void setUri(String uri) {
         this.uri = uri;
     }
-    
+
     public TestType getTestType() {
         return testType;
     }
-    
+
     public void setTestType(TestType testType) {
         this.testType = testType;
         adjustComputationCost(testType);
     }
-    
+
     @Override
     public void addValue(String value) {
         values.add(value);
     }
-    
+
     @Override
     public Set<String> getValues() {
         return values;
@@ -55,7 +55,7 @@ public boolean equals(Object object) {
             return true;
         }
         AbstractAttribute compared = (AbstractAttribute) object;
-    
+
         return new EqualsBuilder()
                 .append(getUri(), compared.getUri())
                 .append(getValues(), compared.getValues())
@@ -73,23 +73,23 @@ public int hashCode() {
     public long getComputationalCost() {
         return computationalCost;
     }
-    
+
     private void adjustComputationCost(TestType testType) {
         switch (testType) {
-        case ONE_OF:
-            computationalCost += 100;
-            return ;
-        case NOT_ONE_OF:
-            computationalCost += 100;
-            return ;
-        case STARTS_WITH:
-            computationalCost += 1000;
-            return ;
-        case SPARQL_SELECT_QUERY_CONTAINS:
-            computationalCost += 10000;
-            return ;
-        default :
-            return ;
+            case ONE_OF:
+                computationalCost += 100;
+                return;
+            case NOT_ONE_OF:
+                computationalCost += 100;
+                return;
+            case STARTS_WITH:
+                computationalCost += 1000;
+                return;
+            case SPARQL_SELECT_QUERY_CONTAINS:
+                computationalCost += 10000;
+                return;
+            default:
+                return;
         }
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
index b0e915a097..ea961d9805 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
@@ -8,10 +8,10 @@ public enum AccessObjectType {
     OBJECT_PROPERTY,
     DATA_PROPERTY_STATEMENT,
     OBJECT_PROPERTY_STATEMENT,
-    ENTITY_URI, 
-    ROOT_USER, 
-    FAUX_OBJECT_PROPERTY, 
-    FAUX_DATA_PROPERTY, 
-    FAUX_DATA_PROPERTY_STATEMENT, 
-    FAUX_OBJECT_PROPERTY_STATEMENT, 
+    ENTITY_URI,
+    ROOT_USER,
+    FAUX_OBJECT_PROPERTY,
+    FAUX_DATA_PROPERTY,
+    FAUX_DATA_PROPERTY_STATEMENT,
+    FAUX_OBJECT_PROPERTY_STATEMENT,
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java
index 1542c668ea..7ae3f72fb7 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java
@@ -1,10 +1,9 @@
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 public class AccessObjectTypeAttribute extends AbstractAttribute {
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java
index 8ce70e3945..c941edd4a0 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java
@@ -1,10 +1,9 @@
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 public class AccessObjectUriAttribute extends AbstractAttribute {
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
index cc78fbc29b..7494eeac00 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
@@ -7,15 +7,15 @@
 public interface Attribute {
 
     public void setUri(String uri);
-    
+
     public String getUri();
 
     public boolean match(AuthorizationRequest ar);
-    
+
     public AttributeType getAttributeType();
-    
+
     public TestType getTestType();
-    
+
     Set<String> getValues();
 
     public void addValue(String value);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
index ec17e8532f..e603a5092f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
@@ -1,8 +1,7 @@
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
-import org.apache.jena.query.QuerySolution;
-
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
+import org.apache.jena.query.QuerySolution;
 
 public class AttributeFactory {
 
@@ -15,52 +14,50 @@ public static Attribute createAttribute(QuerySolution qs) {
 
         Attribute at = null;
         switch (type) {
-        case SUBJECT_ROLE_URI:
-            at = new SubjectRoleAttribute(attributeUri, value);
-            break;
-        case OPERATION:
-            at = new OperationAttribute(attributeUri, value);
-            break;
-        case ACCESS_OBJECT_URI:
-            at = new AccessObjectUriAttribute(attributeUri, value);
-            break;
-        case ACCESS_OBJECT_TYPE:
-            at = new AccessObjectTypeAttribute(attributeUri, value);
-            break;
-        case SUBJECT_TYPE:
-            at = new SubjectTypeAttribute(attributeUri, value);
-            break;
-        case STATEMENT_PREDICATE_URI:
-            at = new StatementPredicateUriAttribute(attributeUri, value);
-            break;
-        case STATEMENT_SUBJECT_URI:
-            at = new StatementSubjectUriAttribute(attributeUri, value);
-            break;
-        case STATEMENT_OBJECT_URI:
-            at = new StatementObjectUriAttribute(attributeUri, value);
-            break;
-        default :
-            at = null;
-        }    
+            case SUBJECT_ROLE_URI:
+                at = new SubjectRoleAttribute(attributeUri, value);
+                break;
+            case OPERATION:
+                at = new OperationAttribute(attributeUri, value);
+                break;
+            case ACCESS_OBJECT_URI:
+                at = new AccessObjectUriAttribute(attributeUri, value);
+                break;
+            case ACCESS_OBJECT_TYPE:
+                at = new AccessObjectTypeAttribute(attributeUri, value);
+                break;
+            case SUBJECT_TYPE:
+                at = new SubjectTypeAttribute(attributeUri, value);
+                break;
+            case STATEMENT_PREDICATE_URI:
+                at = new StatementPredicateUriAttribute(attributeUri, value);
+                break;
+            case STATEMENT_SUBJECT_URI:
+                at = new StatementSubjectUriAttribute(attributeUri, value);
+                break;
+            case STATEMENT_OBJECT_URI:
+                at = new StatementObjectUriAttribute(attributeUri, value);
+                break;
+            default:
+                at = null;
+        }
         at.setTestType(TestType.valueOf(testId));
         return at;
     }
 
     private static String getValue(QuerySolution qs) {
-        if (!qs.contains(PolicyLoader.LITERAL_VALUE) ||
-            !qs.get(PolicyLoader.LITERAL_VALUE).isLiteral()) {
+        if (!qs.contains(PolicyLoader.LITERAL_VALUE) || !qs.get(PolicyLoader.LITERAL_VALUE).isLiteral()) {
             String value = qs.getResource(PolicyLoader.ATTR_VALUE).getURI();
             return value;
         } else {
             String value = qs.getLiteral(PolicyLoader.LITERAL_VALUE).toString();
-            return value;    
+            return value;
         }
     }
- 
+
     public static void extendAttribute(Attribute attribute, QuerySolution qs) throws Exception {
         String testId = qs.getLiteral("testId").getString();
-        if (TestType.ONE_OF.toString().equals(testId) ||
-            TestType.NOT_ONE_OF.toString().equals(testId)) {
+        if (TestType.ONE_OF.toString().equals(testId) || TestType.NOT_ONE_OF.toString().equals(testId)) {
             attribute.addValue(getValue(qs));
             return;
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
index 9788f5506d..84b43fad83 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
@@ -4,41 +4,40 @@
 import java.util.List;
 import java.util.Set;
 
+import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jena.rdf.model.Model;
 
-import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-
 public class AttributeValueTester {
     private static final Log log = LogFactory.getLog(AttributeValueTester.class);
 
     static boolean test(Attribute attr, AuthorizationRequest ar, String... values) {
         TestType testType = attr.getTestType();
         switch (testType) {
-        case EQUALS:
-            return equals(attr, values);
-        case NOT_EQUALS:
-            return !equals(attr, values);
-        case ONE_OF:
-            return contains(attr, values);
-        case NOT_ONE_OF:
-            return !contains(attr, values);
-        case STARTS_WITH:
-            return startsWith(attr, values);
-        case SPARQL_SELECT_QUERY_CONTAINS:
-            return sparqlQueryContains(attr, ar, values);
-        default: 
-            return false;
+            case EQUALS:
+                return equals(attr, values);
+            case NOT_EQUALS:
+                return !equals(attr, values);
+            case ONE_OF:
+                return contains(attr, values);
+            case NOT_ONE_OF:
+                return !contains(attr, values);
+            case STARTS_WITH:
+                return startsWith(attr, values);
+            case SPARQL_SELECT_QUERY_CONTAINS:
+                return sparqlQueryContains(attr, ar, values);
+            default:
+                return false;
         }
     }
 
     private static boolean sparqlQueryContains(Attribute attr, AuthorizationRequest ar, String[] inputValues) {
         Set<String> values = attr.getValues();
         final int valuesSize = values.size();
-        if(valuesSize != 1) {
+        if (valuesSize != 1) {
             log.error("SparqlQueryContins value != 1");
             return false;
         }
@@ -57,7 +56,7 @@ private static boolean sparqlQueryContains(Attribute attr, AuthorizationRequest
         if (personUris.isEmpty()) {
             if (queryTemplate.contains("?personUri")) {
                 log.debug("Subject has no person URIs");
-                return false;    
+                return false;
             } else {
                 personUris.add("");
             }
@@ -69,7 +68,7 @@ private static boolean sparqlQueryContains(Attribute attr, AuthorizationRequest
     private static boolean contains(Attribute attr, String... inputValues) {
         final Set<String> values = attr.getValues();
         for (String inputValue : inputValues) {
-            if(values.contains(inputValue)){
+            if (values.contains(inputValue)) {
                 return true;
             }
         }
@@ -79,27 +78,27 @@ private static boolean contains(Attribute attr, String... inputValues) {
     private static boolean equals(Attribute attr, String... inputValues) {
         Set<String> values = attr.getValues();
         final int valuesSize = values.size();
-        if(valuesSize != 1) {
+        if (valuesSize != 1) {
             return false;
         }
         String value = values.iterator().next();
         for (String inputValue : inputValues) {
-            if(value.equals(inputValue)){
+            if (value.equals(inputValue)) {
                 return true;
             }
         }
         return false;
     }
-    
+
     private static boolean startsWith(Attribute attr, String... inputValues) {
         Set<String> values = attr.getValues();
         final int valuesSize = values.size();
-        if(valuesSize != 1) {
+        if (valuesSize != 1) {
             return false;
         }
         String value = values.iterator().next();
         for (String inputValue : inputValues) {
-            if(inputValue != null && inputValue.startsWith(value)){
+            if (inputValue != null && inputValue.startsWith(value)) {
                 return true;
             }
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
index 6396ae2ca9..ee287ee155 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
@@ -1,10 +1,9 @@
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-
 public class OperationAttribute extends AbstractAttribute {
 
     private static final Log log = LogFactory.getLog(OperationAttribute.class);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
index be08e6ea4d..364c7d4f13 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
@@ -2,6 +2,10 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jena.query.ParameterizedSparqlString;
@@ -13,14 +17,11 @@
 import org.apache.jena.query.ResultSet;
 import org.apache.jena.rdf.model.Model;
 
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
 public class ProximityChecker {
-	private static final Log log = LogFactory.getLog(ProximityChecker.class);
+    private static final Log log = LogFactory.getLog(ProximityChecker.class);
 
-    public static boolean isAanyRelated(Model ontModel, List<String> resourceUris, List<String> personUris, String query) {
+    public static boolean isAanyRelated(Model ontModel, List<String> resourceUris, List<String> personUris,
+            String query) {
         for (String personUri : personUris) {
             List<String> connectedResourceUris = getRelatedUris(ontModel, personUri, query);
             for (String connectedResourceUri : connectedResourceUris) {
@@ -31,8 +32,9 @@ public static boolean isAanyRelated(Model ontModel, List<String> resourceUris, L
         }
         return false;
     }
+
     private static List<String> getRelatedUris(Model model, String personUri, String queryTemplate) {
-    	HashMap<String, List<String>> queryMap = QueryResultsMapCache.get();
+        HashMap<String, List<String>> queryMap = QueryResultsMapCache.get();
         String queryMapKey = createQueryMapKey(personUri, queryTemplate);
         if (queryMap.containsKey(queryMapKey)) {
             return queryMap.get(queryMapKey);
@@ -60,11 +62,13 @@ private static List<String> getRelatedUris(Model model, String personUri, String
         QueryResultsMapCache.update(queryMap);
         return resourceUris;
     }
+
     private static void debug(String queryText) {
-        if(log.isDebugEnabled()) {
+        if (log.isDebugEnabled()) {
             log.debug(queryText);
         }
     }
+
     private static String createQueryMapKey(String personUri, String queryTemplate) {
         return queryTemplate + "." + personUri;
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java
index 0bc9515780..c294a2a56e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java
@@ -8,38 +8,39 @@
 import org.apache.commons.logging.LogFactory;
 
 public class QueryResultsMapCache implements AutoCloseable {
-	private static final Log log = LogFactory.getLog(QueryResultsMapCache.class);
+    private static final Log log = LogFactory.getLog(QueryResultsMapCache.class);
 
-    private static ThreadLocal<HashMap<String, List<String>>> threadLocal = new ThreadLocal<HashMap<String, List<String>>>();
+    private static ThreadLocal<HashMap<String, List<String>>> threadLocal =
+            new ThreadLocal<HashMap<String, List<String>>>();
 
     public QueryResultsMapCache() {
-		threadLocal.set(new HashMap<String, List<String>>());
-		log.debug("Query results map cache initialized");
-	}
-    
+        threadLocal.set(new HashMap<String, List<String>>());
+        log.debug("Query results map cache initialized");
+    }
+
     @Override
-	public void close() throws IOException {
-		threadLocal.remove();
-		log.debug("QueryResultsMapCache is closed");
-	}
-
-	public static HashMap<String, List<String>> get() {
-		HashMap<String, List<String>> queryResultsMap = threadLocal.get();
-    	if (queryResultsMap == null) {
-    		queryResultsMap = new HashMap<String, List<String>>();
-    		log.debug("Use a non-cached query results map");
-    	} else {
-    		log.debug("Use cached query results map");
-    	}
-		return queryResultsMap;
-	}
-
-	public static void update(HashMap<String, List<String>> queryResultsMap) {
-		if (threadLocal.get() != null ) {
-			threadLocal.set(queryResultsMap);
-    		log.debug("Query results map cache has been updated");
-		} else {
-			log.debug("Query results map cache has not been updated as it wasn't initialized");	
-		}
-	}
+    public void close() throws IOException {
+        threadLocal.remove();
+        log.debug("QueryResultsMapCache is closed");
+    }
+
+    public static HashMap<String, List<String>> get() {
+        HashMap<String, List<String>> queryResultsMap = threadLocal.get();
+        if (queryResultsMap == null) {
+            queryResultsMap = new HashMap<String, List<String>>();
+            log.debug("Use a non-cached query results map");
+        } else {
+            log.debug("Use cached query results map");
+        }
+        return queryResultsMap;
+    }
+
+    public static void update(HashMap<String, List<String>> queryResultsMap) {
+        if (threadLocal.get() != null) {
+            threadLocal.set(queryResultsMap);
+            log.debug("Query results map cache has been updated");
+        } else {
+            log.debug("Query results map cache has not been updated as it wasn't initialized");
+        }
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
index a85f96fb67..f99d074b6c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
@@ -1,10 +1,9 @@
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 public class StatementObjectUriAttribute extends AbstractAttribute {
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
index 4b5807d6ff..698577ca8b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
@@ -1,10 +1,9 @@
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 public class StatementPredicateUriAttribute extends AbstractAttribute {
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
index 90bbc87cf7..f32cd64b71 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
@@ -1,10 +1,9 @@
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 public class StatementSubjectUriAttribute extends AbstractAttribute {
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java
index c1ec86332a..f2e3890506 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java
@@ -2,11 +2,10 @@
 
 import java.util.List;
 
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-
 public class SubjectRoleAttribute extends AbstractAttribute {
 
     private static final Log log = LogFactory.getLog(SubjectRoleAttribute.class);
@@ -18,7 +17,7 @@ public SubjectRoleAttribute(String uri, String roleValue) {
     @Override
     public boolean match(AuthorizationRequest ar) {
         final List<String> inputValues = ar.getRoleUris();
-        if (AttributeValueTester.test(this,  ar, inputValues.toArray(new String[0]))) {
+        if (AttributeValueTester.test(this, ar, inputValues.toArray(new String[0]))) {
             log.debug("Attribute match requested '" + inputValues + "'");
             return true;
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
index 6f5194fd91..bcccbdcd86 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
@@ -1,11 +1,10 @@
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsRootUser;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 public class SubjectTypeAttribute extends AbstractAttribute {
 
@@ -25,7 +24,7 @@ public boolean match(AuthorizationRequest ar) {
         } else {
             log.debug("Attribute subject type don't match requested object type '");
             return false;
-        }    
+        }
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java
index 4f8dcae11f..45b3f5716c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java
@@ -5,6 +5,6 @@ public enum TestType {
     NOT_EQUALS,
     ONE_OF,
     NOT_ONE_OF,
-    STARTS_WITH, 
+    STARTS_WITH,
     SPARQL_SELECT_QUERY_CONTAINS
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IdentifierPermissionSetProvider.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IdentifierPermissionSetProvider.java
index c537ece27e..1e26536c8e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IdentifierPermissionSetProvider.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IdentifierPermissionSetProvider.java
@@ -13,69 +13,68 @@
 /**
  * The current user has this Permission, through one or more PermissionSets.
  */
-public class IdentifierPermissionSetProvider extends AbstractCommonIdentifier implements
-		Identifier, Comparable<IdentifierPermissionSetProvider> {
-	public static Collection<IdentifierPermissionSetProvider> getIdentifiers(IdentifierBundle ids) {
-		return getIdentifiersForClass(ids, IdentifierPermissionSetProvider.class);
-	}
+public class IdentifierPermissionSetProvider extends AbstractCommonIdentifier
+        implements Identifier, Comparable<IdentifierPermissionSetProvider> {
+    public static Collection<IdentifierPermissionSetProvider> getIdentifiers(IdentifierBundle ids) {
+        return getIdentifiersForClass(ids, IdentifierPermissionSetProvider.class);
+    }
 
-	public static Collection<PermissionSet> getPermissionSets(IdentifierBundle ids) {
-		Set<PermissionSet> set = new HashSet<>();
-		for (IdentifierPermissionSetProvider id : getIdentifiers(ids)) {
-			set.add(id.getPermissionSet());
-		}
-		return set;
-	}
+    public static Collection<PermissionSet> getPermissionSets(IdentifierBundle ids) {
+        Set<PermissionSet> set = new HashSet<>();
+        for (IdentifierPermissionSetProvider id : getIdentifiers(ids)) {
+            set.add(id.getPermissionSet());
+        }
+        return set;
+    }
 
-	public static Collection<String> getPermissionSetUris(IdentifierBundle ids) {
-		Set<String> set = new HashSet<>();
-		for (IdentifierPermissionSetProvider id : getIdentifiers(ids)) {
-			set.add(id.getPermissionSet().getUri());
-		}
-		return set;
-	}
+    public static Collection<String> getPermissionSetUris(IdentifierBundle ids) {
+        Set<String> set = new HashSet<>();
+        for (IdentifierPermissionSetProvider id : getIdentifiers(ids)) {
+            set.add(id.getPermissionSet().getUri());
+        }
+        return set;
+    }
 
-	private final PermissionSet permissionSet; // never null
+    private final PermissionSet permissionSet; // never null
 
-	public IdentifierPermissionSetProvider(PermissionSet permissionSet) {
-		if (permissionSet == null) {
-			throw new NullPointerException("permissionSet may not be null.");
-		}
-		this.permissionSet = permissionSet;
-	}
+    public IdentifierPermissionSetProvider(PermissionSet permissionSet) {
+        if (permissionSet == null) {
+            throw new NullPointerException("permissionSet may not be null.");
+        }
+        this.permissionSet = permissionSet;
+    }
 
-	public PermissionSet getPermissionSet() {
-		return permissionSet;
-	}
+    public PermissionSet getPermissionSet() {
+        return permissionSet;
+    }
 
-	@Override
-	public String toString() {
-		return "HasPermissionSet[" + permissionSet.getLabel() + "]";
-	}
+    @Override
+    public String toString() {
+        return "HasPermissionSet[" + permissionSet.getLabel() + "]";
+    }
 
-	@Override
-	public int hashCode() {
-		return permissionSet.getUri().hashCode();
-	}
+    @Override
+    public int hashCode() {
+        return permissionSet.getUri().hashCode();
+    }
 
-	@Override
-	public boolean equals(Object obj) {
-		if (obj == this) {
-			return true;
-		}
-		if (obj == null) {
-			return false;
-		}
-		if (!(obj instanceof IdentifierPermissionSetProvider)) {
-			return false;
-		}
-		IdentifierPermissionSetProvider that = (IdentifierPermissionSetProvider) obj;
-		return this.permissionSet.getUri().equals(that.permissionSet.getUri());
-	}
+    @Override
+    public boolean equals(Object obj) {
+        if (obj == this) {
+            return true;
+        }
+        if (obj == null) {
+            return false;
+        }
+        if (!(obj instanceof IdentifierPermissionSetProvider)) {
+            return false;
+        }
+        IdentifierPermissionSetProvider that = (IdentifierPermissionSetProvider) obj;
+        return this.permissionSet.getUri().equals(that.permissionSet.getUri());
+    }
 
-	@Override
-	public int compareTo(IdentifierPermissionSetProvider that) {
-		return this.permissionSet.getUri().compareTo(
-				that.permissionSet.getUri());
-	}
+    @Override
+    public int compareTo(IdentifierPermissionSetProvider that) {
+        return this.permissionSet.getUri().compareTo(that.permissionSet.getUri());
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
index ca97871241..5255a16a3c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
@@ -2,23 +2,22 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
-import org.apache.jena.rdf.model.Model;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
+import org.apache.jena.rdf.model.Model;
 
 public abstract class AccessObject {
 
     public static String SOME_URI = "?SOME_URI";
     public static Property SOME_PREDICATE = new Property(SOME_URI);
     public static String SOME_LITERAL = "?SOME_LITERAL";
-    
+
     protected AccessObjectStatement statement;
     private DataProperty dataProperty;
     private ObjectProperty objectProperty;
-    
+
     public ObjectProperty getObjectProperty() {
         return objectProperty;
     }
@@ -30,15 +29,15 @@ public void setObjectProperty(ObjectProperty objectProperty) {
     public String getUri() {
         return null;
     }
-    
+
     public AccessObjectType getType() {
         return AccessObjectType.ANY;
     };
-    
+
     public AccessObjectStatement getStatement() {
         return statement;
     };
-    
+
     protected void initializeStatement() {
         if (statement == null) {
             statement = new AccessObjectStatement();
@@ -54,7 +53,7 @@ public Model getStatementOntModel() {
         initializeStatement();
         return getStatement().getModel();
     }
-    
+
     public void setStatementSubject(String subject) {
         initializeStatement();
         getStatement().setSubject(subject);
@@ -64,12 +63,12 @@ public String getStatementSubject() {
         initializeStatement();
         return getStatement().getSubject();
     }
-    
+
     public void setStatementPredicate(Property predicate) {
         initializeStatement();
         getStatement().setPredicate(predicate);
     }
-    
+
     protected Property getPredicate() {
         initializeStatement();
         return getStatement().getPredicate();
@@ -82,7 +81,7 @@ public String getStatementPredicateUri() {
         Property predicate = getPredicate();
         return predicate.getURI();
     }
-    
+
     public void setStatementObject(String objectUri) {
         initializeStatement();
         this.getStatement().setObject(objectUri);
@@ -92,7 +91,7 @@ public String getStatementObject() {
         initializeStatement();
         return getStatement().getObject();
     }
-    
+
     public DataProperty getDataProperty() {
         return dataProperty;
     }
@@ -100,10 +99,10 @@ public DataProperty getDataProperty() {
     public void setDataProperty(DataProperty dataProperty) {
         this.dataProperty = dataProperty;
     }
-    
+
     public String[] getResourceUris() {
         initializeStatement();
         return getStatement().getResourceUris(getType());
     }
-    
+
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java
index a4e1bb84d8..08b7f89b8e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java
@@ -8,51 +8,51 @@
  * A RequestedAction that can be recognized by a SimplePermission.
  */
 public class AccessObjectImpl extends AccessObject {
-	private final String uri;
-	private AccessObjectType type;
+    private final String uri;
+    private AccessObjectType type;
 
     public AccessObjectImpl() {
         this.uri = "";
         this.type = AccessObjectType.NAMED_OBJECT;
     }
-	
-	public AccessObjectImpl(String uri, AccessObjectType type) {
-		this.uri = uri;
-		this.type = type;
-	}
-	
+
+    public AccessObjectImpl(String uri, AccessObjectType type) {
+        this.uri = uri;
+        this.type = type;
+    }
+
     public AccessObjectImpl(String uri) {
         this.uri = uri;
         this.type = AccessObjectType.NAMED_OBJECT;
     }
 
-	@Override
-	public String getUri() {
-		return uri;
-	}
-
-	@Override
-	public int hashCode() {
-		return uri.hashCode();
-	}
-
-	@Override
-	public boolean equals(Object o) {
-		if (o instanceof AccessObjectImpl) {
-			AccessObjectImpl that = (AccessObjectImpl) o;
-			return equivalent(this.uri, that.uri);
-		}
-		return false;
-	}
-
-	private boolean equivalent(Object o1, Object o2) {
-		return (o1 == null) ? (o2 == null) : o1.equals(o2);
-	}
-
-	@Override
-	public String toString() {
-		return "SimpleRequestedAction['" + uri + "']";
-	}
+    @Override
+    public String getUri() {
+        return uri;
+    }
+
+    @Override
+    public int hashCode() {
+        return uri.hashCode();
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (o instanceof AccessObjectImpl) {
+            AccessObjectImpl that = (AccessObjectImpl) o;
+            return equivalent(this.uri, that.uri);
+        }
+        return false;
+    }
+
+    private boolean equivalent(Object o1, Object o2) {
+        return (o1 == null) ? (o2 == null) : o1.equals(o2);
+    }
+
+    @Override
+    public String toString() {
+        return "SimpleRequestedAction['" + uri + "']";
+    }
 
     @Override
     public AccessObjectType getType() {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java
index 962eec7634..5762ab23d1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java
@@ -1,10 +1,8 @@
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
-
-import org.apache.jena.rdf.model.Model;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
+import org.apache.jena.rdf.model.Model;
 
 public class AccessObjectStatement {
 
@@ -45,19 +43,18 @@ public void setObject(String object) {
         this.object = object;
     }
 
-
     public String[] getResourceUris(AccessObjectType type) {
         switch (type) {
-        case DATA_PROPERTY_STATEMENT:
-            return new String[] { getSubject() };
-        case OBJECT_PROPERTY_STATEMENT:
-            return new String[] { getSubject(), getObject() };
-        case FAUX_DATA_PROPERTY_STATEMENT:
-            return new String[] { getSubject(), getObject() };
-        case FAUX_OBJECT_PROPERTY_STATEMENT:
-            return new String[] { getSubject(), getObject() };
-        default: 
-            return new String[0];
+            case DATA_PROPERTY_STATEMENT:
+                return new String[] { getSubject() };
+            case OBJECT_PROPERTY_STATEMENT:
+                return new String[] { getSubject(), getObject() };
+            case FAUX_DATA_PROPERTY_STATEMENT:
+                return new String[] { getSubject(), getObject() };
+            case FAUX_OBJECT_PROPERTY_STATEMENT:
+                return new String[] { getSubject(), getObject() };
+            default:
+                return new String[0];
         }
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
index 00111aa519..b20ca026ff 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
@@ -1,11 +1,10 @@
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxDataPropertyWrapper;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 public class DataPropertyAccessObject extends AccessObject {
 
@@ -15,7 +14,7 @@ public DataPropertyAccessObject(DataProperty dataProperty) {
         setDataProperty(dataProperty);
         debug(dataProperty);
     }
-    
+
     @Override
     public String getUri() {
         DataProperty dp = getDataProperty();
@@ -29,13 +28,13 @@ public String getUri() {
     public AccessObjectType getType() {
         return AccessObjectType.DATA_PROPERTY;
     }
-    
+
     @Override
     public String toString() {
         DataProperty dp = getDataProperty();
         return getClass().getSimpleName() + ": " + (dp == null ? dp : dp.getURI());
     }
-    
+
     private void debug(DataProperty dataProperty) {
         if (true) {
             if (dataProperty instanceof FauxDataPropertyWrapper) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java
index 25dc0580bc..644b71e116 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyStatementAccessObject.java
@@ -2,11 +2,10 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
-import org.apache.jena.ontology.OntModel;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
+import org.apache.jena.ontology.OntModel;
 
 /**
  * A base class for requested actions that involve adding, editing, or dropping
@@ -14,15 +13,17 @@
  */
 public class DataPropertyStatementAccessObject extends AccessObject {
 
-    public DataPropertyStatementAccessObject(OntModel ontModel, String subjectUri, String predicateUri, String dataValue) {
+    public DataPropertyStatementAccessObject(OntModel ontModel, String subjectUri, String predicateUri,
+            String dataValue) {
         setStatementOntModel(ontModel);
         setStatementSubject(subjectUri);
         setStatementPredicate(new Property(predicateUri));
         setStatementObject(dataValue);
 
     }
-    
-    public DataPropertyStatementAccessObject(OntModel ontModel, String subjectUri, Property predicate, String dataValue) {
+
+    public DataPropertyStatementAccessObject(OntModel ontModel, String subjectUri, Property predicate,
+            String dataValue) {
         setStatementOntModel(ontModel);
         setStatementSubject(subjectUri);
         setStatementPredicate(predicate);
@@ -39,7 +40,8 @@ public DataPropertyStatementAccessObject(OntModel ontModel, DataPropertyStatemen
 
     @Override
     public String toString() {
-        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + getStatementPredicateUri() + "> <"+ getStatementObject() + ">";
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + getStatementPredicateUri() + "> <"
+                + getStatementObject() + ">";
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
index e44a2327cb..ff0ffa1cc9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
@@ -14,7 +14,7 @@ public FauxDataPropertyAccessObject(DataProperty dataProperty) {
     public AccessObjectType getType() {
         return AccessObjectType.FAUX_DATA_PROPERTY;
     }
-    
+
     public String getUri() {
         DataProperty dp = getDataProperty();
         if (dp instanceof FauxDataPropertyWrapper) {
@@ -25,7 +25,7 @@ public String getUri() {
         }
         return null;
     }
-    
+
     @Override
     public String toString() {
         DataProperty dp = getDataProperty();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java
index 972439153c..61dbfcfd1e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyStatementAccessObject.java
@@ -2,16 +2,16 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
-import org.apache.jena.ontology.OntModel;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.FauxProperty;
+import org.apache.jena.ontology.OntModel;
 
 public class FauxDataPropertyStatementAccessObject extends AccessObject {
 
     private FauxProperty predicate;
 
-    public FauxDataPropertyStatementAccessObject(OntModel ontModel, String subjectUri, FauxProperty predicate, String dataValue) {
+    public FauxDataPropertyStatementAccessObject(OntModel ontModel, String subjectUri, FauxProperty predicate,
+            String dataValue) {
         setStatementOntModel(ontModel);
         setStatementSubject(subjectUri);
         this.predicate = predicate;
@@ -22,14 +22,15 @@ public FauxDataPropertyStatementAccessObject(OntModel ontModel, String subjectUr
     public AccessObjectType getType() {
         return AccessObjectType.FAUX_DATA_PROPERTY_STATEMENT;
     }
-    
+
     @Override
     public String getStatementPredicateUri() {
         return predicate.getConfigUri();
     }
-    
+
     @Override
     public String toString() {
-        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + predicate.getConfigUri() + "> <"+ getStatementObject() + ">";
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + predicate.getConfigUri() + "> <"
+                + getStatementObject() + ">";
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
index fa3e468230..0885d4a03b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
@@ -25,7 +25,7 @@ public String getUri() {
         }
         return null;
     }
-    
+
     @Override
     public String toString() {
         ObjectProperty op = getObjectProperty();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
index ae5fc123a7..2e2f22ca3f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
@@ -2,27 +2,27 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
-import org.apache.jena.rdf.model.Model;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.FauxProperty;
+import org.apache.jena.rdf.model.Model;
 
 public class FauxObjectPropertyStatementAccessObject extends AccessObject {
 
-	private FauxProperty predicate;
+    private FauxProperty predicate;
 
-    public FauxObjectPropertyStatementAccessObject(Model ontModel, String subjectUri, FauxProperty fauxProperty, String objectUri) {
-	    setStatementOntModel(ontModel);
+    public FauxObjectPropertyStatementAccessObject(Model ontModel, String subjectUri, FauxProperty fauxProperty,
+            String objectUri) {
+        setStatementOntModel(ontModel);
         setStatementSubject(subjectUri);
         predicate = fauxProperty;
         setStatementObject(objectUri);
-	}
+    }
 
     @Override
     public AccessObjectType getType() {
         return AccessObjectType.FAUX_OBJECT_PROPERTY_STATEMENT;
     }
-    
+
     @Override
     public String getStatementPredicateUri() {
         return predicate.getConfigUri();
@@ -30,6 +30,7 @@ public String getStatementPredicateUri() {
 
     @Override
     public String toString() {
-        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + predicate.getConfigUri() + "> <"+ getStatementObject() + ">";
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + predicate.getConfigUri() + "> <"
+                + getStatementObject() + ">";
     }
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
index 41b72924ce..49809ad31f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
@@ -1,11 +1,10 @@
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxObjectPropertyWrapper;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 public class ObjectPropertyAccessObject extends AccessObject {
 
@@ -15,7 +14,7 @@ public ObjectPropertyAccessObject(ObjectProperty objectProperty) {
         setObjectProperty(objectProperty);
         debug(objectProperty);
     }
-    
+
     public String getUri() {
         ObjectProperty op = getObjectProperty();
         if (op != null) {
@@ -34,7 +33,7 @@ public String toString() {
         ObjectProperty op = getObjectProperty();
         return getClass().getSimpleName() + ": " + (op == null ? op : op.getURI());
     }
-    
+
     private void debug(ObjectProperty property) {
         if (true) {
             if (property instanceof FauxObjectPropertyWrapper) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java
index 4863678e50..5dd0df5658 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java
@@ -2,23 +2,23 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
-import org.apache.jena.rdf.model.Model;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
+import org.apache.jena.rdf.model.Model;
 
 /**
- * A base class for requested access objects that involve adding, editing, or deleting
- * object property statements from a model.
+ * A base class for requested access objects that involve adding, editing, or
+ * deleting object property statements from a model.
  */
 public class ObjectPropertyStatementAccessObject extends AccessObject {
 
-	public ObjectPropertyStatementAccessObject(Model ontModel, String subjectUri, Property predicate, String objectUri) {
-	    setStatementOntModel(ontModel);
+    public ObjectPropertyStatementAccessObject(Model ontModel, String subjectUri, Property predicate,
+            String objectUri) {
+        setStatementOntModel(ontModel);
         setStatementSubject(subjectUri);
         setStatementPredicate(predicate);
         setStatementObject(objectUri);
-	}
+    }
 
     @Override
     public AccessObjectType getType() {
@@ -27,6 +27,7 @@ public AccessObjectType getType() {
 
     @Override
     public String toString() {
-        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + getStatementPredicateUri() + "> <"+ getStatementObject() + ">";
+        return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + getStatementPredicateUri() + "> <"
+                + getStatementObject() + ">";
     }
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/RootAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/RootAccessObject.java
index e45ce6a45a..222ed2f806 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/RootAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/RootAccessObject.java
@@ -8,7 +8,7 @@
  * Should we allow the user to edit or delete the root account?
  */
 public class RootAccessObject extends AccessObjectImpl {
-    
+
     @Override
     public AccessObjectType getType() {
         return AccessObjectType.ROOT_USER;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
index 25fe248dae..4adc2a770b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
@@ -4,26 +4,26 @@
 import java.util.HashSet;
 import java.util.Set;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 public class DynamicPolicy implements Policy {
     private static final Log log = LogFactory.getLog(DynamicPolicy.class);
     private String uri;
-    
+
     @Override
     public String getUri() {
         return uri;
     }
 
     private long priority;
+
     public long getPriority() {
         return priority;
     }
@@ -51,18 +51,21 @@ public PolicyDecision decide(AuthorizationRequest ar) {
         }
         for (AccessRule rule : getFilteredRules(ar)) {
             if (rule.match(ar)) {
-                if(rule.isAllowMatched()) {
+                if (rule.isAllowMatched()) {
                     log.debug("Access rule " + rule.getRuleUri() + " approves request " + whatToAuth);
-                    return new BasicPolicyDecision(DecisionResult.AUTHORIZED, "Dynamic policy '" + uri + "' rule '" + rule.getRuleUri() + "' approved " + ar);
+                    String message = "Dynamic policy '" + uri + "' rule '" + rule.getRuleUri() + "' approved " + ar;
+                    return new BasicPolicyDecision(DecisionResult.AUTHORIZED, message);
                 } else {
                     log.debug("Access rule " + rule.getRuleUri() + " rejects request " + whatToAuth);
-                    return new BasicPolicyDecision(DecisionResult.UNAUTHORIZED, "Dynamic policy '" + uri + "' rule '" + rule.getRuleUri() + "' rejected " + ar);
+                    String message = "Dynamic policy '" + uri + "' rule '" + rule.getRuleUri() + "' rejected " + ar;
+                    return new BasicPolicyDecision(DecisionResult.UNAUTHORIZED, message);
                 }
             } else {
-                log.trace("Dynamic policy '" + uri + "' rule '" + rule.getRuleUri() + "' doesn't match the request " + ar);
+                log.trace("Dynamic policy '" + uri + "' rule '" + rule.getRuleUri() + "' doesn't match the request "
+                        + ar);
             }
         }
-        
+
         return defaultDecision("no permission will approve " + whatToAuth);
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index b230887d5a..c397062982 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -8,18 +8,17 @@
 import java.util.Map;
 import java.util.Set;
 
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 public class EntityPolicyController {
-    
+
     private static final Log log = LogFactory.getLog(EntityPolicyController.class);
-    private static Map<String,String> policyKeyToDataValueMap = new HashMap<String,String>();
+    private static Map<String, String> policyKeyToDataValueMap = new HashMap<String, String>();
 
     /**
      * @param entityUri - entity uniform resource identifier
@@ -40,7 +39,8 @@ public static void updateEntityPolicy(String entityUri, AccessObjectType aot, Op
             final PolicyLoader loader = PolicyLoader.getInstance();
             final String policyUri = loader.getPolicyUriByKey(og, aot, role);
             if (policyUri == null) {
-                log.debug(String.format("Policy wasn't found by key:\n%s\n%s\n%s", og.toString(), aot.toString(), role));
+                log.debug(
+                        String.format("Policy wasn't found by key:\n%s\n%s\n%s", og.toString(), aot.toString(), role));
                 continue;
             }
             if (isSelected && !isInDataSet) {
@@ -54,8 +54,9 @@ public static void updateEntityPolicy(String entityUri, AccessObjectType aot, Op
             }
         }
     }
-    
-    public static List<String> getGrantedRoles(String entityUri, OperationGroup og, AccessObjectType aot, List<String> allRoles) {
+
+    public static List<String> getGrantedRoles(String entityUri, OperationGroup og, AccessObjectType aot,
+            List<String> allRoles) {
         if (StringUtils.isBlank(entityUri)) {
             return Collections.emptyList();
         }
@@ -67,8 +68,9 @@ public static List<String> getGrantedRoles(String entityUri, OperationGroup og,
         }
         return grantedRoles;
     }
-    
-    public static void getDataValueStatements(String entityUri, AccessObjectType aot, OperationGroup og, Set<String> selectedRoles, StringBuilder sb) {
+
+    public static void getDataValueStatements(String entityUri, AccessObjectType aot, OperationGroup og,
+            Set<String> selectedRoles, StringBuilder sb) {
         if (StringUtils.isBlank(entityUri)) {
             return;
         }
@@ -78,32 +80,33 @@ public static void getDataValueStatements(String entityUri, AccessObjectType aot
                 log.error(String.format("Policy test data wasn't found by key:\n%s\n%s\n%s", og, aot, role));
                 continue;
             }
-            sb.append("<").append(testDataUri).append("> <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue> <").append(entityUri).append("> .\n");
+            sb.append("<").append(testDataUri)
+                    .append("> <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue> <")
+                    .append(entityUri).append("> .\n");
         }
     }
 
     public static void deletedEntityEvent(Property oldObj) {
-        log.debug("Don't delete access rule if property has been deleted " + oldObj );
+        log.debug("Don't delete access rule if property has been deleted " + oldObj);
     }
 
     public static void updatedEntityEvent(Object oldObj, Object newObj) {
         if (oldObj instanceof Property || newObj instanceof Property) {
-            log.debug("update entity event old " + oldObj + " new object " + newObj );    
+            log.debug("update entity event old " + oldObj + " new object " + newObj);
         }
     }
 
     public static void insertedEntityEvent(Property newObj) {
-        log.debug("Nothing to do " + newObj );
+        log.debug("Nothing to do " + newObj);
     }
 
-    
     private static boolean isUriInTestDataset(String entityUri, OperationGroup og, AccessObjectType aot, String role) {
         Set<String> values = PolicyLoader.getInstance().getPolicyDataSetValues(og, aot, role);
         return values.contains(entityUri);
     }
-    
+
     private static String getPolicyTestDataUri(AccessObjectType aot, OperationGroup og, String role) {
-        String key = aot.toString() + "." + og.toString() + "." + role ;
+        String key = aot.toString() + "." + og.toString() + "." + role;
         if (policyKeyToDataValueMap.containsKey(key)) {
             return policyKeyToDataValueMap.get(key);
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
index 0766a98489..4f6258c9b6 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
@@ -7,12 +7,12 @@
 public interface Policies {
 
     public List<Policy> getList();
-    
+
     public boolean contains(Policy policy);
 
     public void add(Policy policy);
 
     public long size();
-    
+
     public void clear();
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
index 211d71d9eb..f258f2ff8a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
@@ -1,12 +1,11 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 public class PolicyDecisionPoint {
 
@@ -16,22 +15,26 @@ public static PolicyDecision decide(AuthorizationRequest ar) {
         PolicyDecision pd = null;
         PolicyDecisionLogger logger = new PolicyDecisionLogger(ar.getIds(), ar.getAccessObject());
         PolicyStore store = PolicyStore.getInstance();
-        for(Policy policy : store.getList()){
-            try{
+        for (Policy policy : store.getList()) {
+            try {
                 pd = policy.decide(ar);
                 logger.log(policy, pd);
-                if( pd != null ){
-                    if(  pd.getDecisionResult() == DecisionResult.AUTHORIZED )
+                if (pd != null) {
+                    if (pd.getDecisionResult() == DecisionResult.AUTHORIZED) {
                         return pd;
-                    if( pd.getDecisionResult() == DecisionResult.UNAUTHORIZED )
+                    }
+                    if (pd.getDecisionResult() == DecisionResult.UNAUTHORIZED) {
                         return pd;
-                    if( pd.getDecisionResult() == DecisionResult.INCONCLUSIVE )
+                    }
+
+                    if (pd.getDecisionResult() == DecisionResult.INCONCLUSIVE) {
                         continue;
-                } else{
+                    }
+                } else {
                     log.debug("policy " + policy.toString() + " returned a null PolicyDecision");
                 }
-            }catch(Throwable th){
-                log.error("ignoring exception in policy " + policy.getUri(), th );
+            } catch (Throwable th) {
+                log.error("ignoring exception in policy " + policy.getUri(), th);
             }
         }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 340d4de716..c00a4abc46 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -10,15 +10,6 @@
 import java.util.List;
 import java.util.Set;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.jena.query.ParameterizedSparqlString;
-import org.apache.jena.query.QuerySolution;
-import org.apache.jena.query.ResultSet;
-import org.apache.jena.query.ResultSetFormatter;
-import org.apache.jena.rdf.model.Model;
-import org.apache.jena.rdf.model.RDFNode;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
@@ -28,10 +19,18 @@
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.ChangeSet;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService.ModelSerializationFormat;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFServiceException;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.ResultSetConsumer;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.adapters.VitroModelFactory;
-import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService.ModelSerializationFormat;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.query.ParameterizedSparqlString;
+import org.apache.jena.query.QuerySolution;
+import org.apache.jena.query.ResultSet;
+import org.apache.jena.query.ResultSetFormatter;
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.RDFNode;
 
 public class PolicyLoader {
 
@@ -44,15 +43,15 @@ public class PolicyLoader {
             + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n" 
-            + "SELECT DISTINCT ?" + POLICY + " ?" + PRIORITY + " \n" 
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "SELECT DISTINCT ?" + POLICY + " ?" + PRIORITY + " \n"
             + "WHERE {\n"
-            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n" 
-            + "    ?" + POLICY + " rdf:type ao:Policy .\n" 
-            + "    OPTIONAL {?" + POLICY + " ao:priority ?set_priority" 
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "    ?" + POLICY + " rdf:type ao:Policy .\n"
+            + "    OPTIONAL {?" + POLICY + " ao:priority ?set_priority"
             + " . }\n"
-            + "    BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n" 
-            + "  }\n" 
+            + "    BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n"
+            + "  }\n"
             + "} ORDER BY ?" + PRIORITY;
 
     private static final String PRIORITY_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
@@ -61,14 +60,14 @@ public class PolicyLoader {
             + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n" 
-            + "SELECT DISTINCT ?" + PRIORITY + " \n" 
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "SELECT DISTINCT ?" + PRIORITY + " \n"
             + "WHERE {\n"
-            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n" 
-            + "    ?" + POLICY  + " rdf:type ao:Policy .\n" 
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "    ?" + POLICY  + " rdf:type ao:Policy .\n"
             + "    OPTIONAL {?" + POLICY + " ao:priority ?set_priority" + " . }\n"
-            + "    BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n" 
-            + "  }\n" 
+            + "    BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n"
+            + "  }\n"
             + "} ORDER BY ?" + PRIORITY;
 
     private static final String DATASET_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
@@ -80,10 +79,10 @@ public class PolicyLoader {
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?dataSet \n" + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "       ?policy ao:testDatasets ?dataSets .\n" 
+            + "       ?policy ao:testDatasets ?dataSets .\n"
             + "       ?policy rdf:type ao:Policy .\n"
-            + "       ?dataSets ao:testDataset ?dataSet .\n" 
-            + "  }\n" 
+            + "       ?dataSets ao:testDataset ?dataSet .\n"
+            + "  }\n"
             + "} ORDER BY ?dataSet";
 
     private static final String NO_DATASET_RULES_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
@@ -95,29 +94,29 @@ public class PolicyLoader {
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id \n" + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "?policy rdf:type ao:Policy .\n" 
-            + "?policy ao:rules ?rules . \n" 
+            + "?policy rdf:type ao:Policy .\n"
+            + "?policy ao:rules ?rules . \n"
             + "?rules ao:rule ?rule . \n"
-            + "?rule ao:attribute ?attribute .\n" 
-            + "OPTIONAL {\n" 
+            + "?rule ao:attribute ?attribute .\n"
+            + "OPTIONAL {\n"
             + "  ?attribute ao:test ?attributeTest .\n"
-            + "  OPTIONAL {\n" 
-            + "    ?attributeTest ao:id ?testId . \n" 
-            + "  }\n" 
-            + "}" 
+            + "  OPTIONAL {\n"
+            + "    ?attributeTest ao:id ?testId . \n"
+            + "  }\n"
+            + "}"
             + "OPTIONAL {\n"
-            + "  ?attribute ao:type ?attributeType . \n" 
-            + "  OPTIONAL {\n" 
+            + "  ?attribute ao:type ?attributeType . \n"
+            + "  OPTIONAL {\n"
             + "    ?attributeType ao:id ?typeId . \n"
-            + "  }\n" 
-            + "}\n" 
-            + "OPTIONAL {\n" 
+            + "  }\n"
+            + "}\n"
+            + "OPTIONAL {\n"
             + "   ?rule ao:decision ?decision . \n"
-            + "   ?decision ao:id ?decision_id . \n" 
-            + "}\n" 
+            + "   ?decision ao:id ?decision_id . \n"
+            + "}\n"
             + "?attribute ao:value ?value . \n"
-            + "OPTIONAL {?value ao:id ?lit_value . }\n" 
-            + "  }\n" 
+            + "OPTIONAL {?value ao:id ?lit_value . }\n"
+            + "  }\n"
             + "} ORDER BY ?rule ?attribute";
 
     private static final String DATASET_RULES_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
@@ -128,82 +127,82 @@ public class PolicyLoader {
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id ?dataSetUri \n"
-            + "WHERE {\n" 
+            + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "?policy rdf:type ao:Policy .\n" 
-            + "?policy ao:rules ?rules . \n" 
+            + "?policy rdf:type ao:Policy .\n"
+            + "?policy ao:rules ?rules . \n"
             + "?rules rdf:type ao:Rules . \n"
-            + "?rules ao:rule ?rule . \n" 
+            + "?rules ao:rule ?rule . \n"
             + "?rule ao:attribute ?attribute . \n"
-            + "?attribute rdf:type ao:Attribute .\n" 
-            + "OPTIONAL {\n" 
+            + "?attribute rdf:type ao:Attribute .\n"
+            + "OPTIONAL {\n"
             + "  ?attribute ao:test ?attributeTest .\n"
-            + "  OPTIONAL {\n" 
-            + "    ?attributeTest ao:id ?testId . \n" 
-            + "  }\n" 
-            + "}" 
+            + "  OPTIONAL {\n"
+            + "    ?attributeTest ao:id ?testId . \n"
+            + "  }\n"
+            + "}"
             + "OPTIONAL {\n"
-            + "  ?attribute ao:type ?attributeType . \n" 
-            + "  OPTIONAL {\n" 
+            + "  ?attribute ao:type ?attributeType . \n"
+            + "  OPTIONAL {\n"
             + "    ?attributeType ao:id ?typeId . \n"
-            + "  }\n" 
-            + "}\n" 
-            + "OPTIONAL {\n" 
+            + "  }\n"
+            + "}\n"
+            + "OPTIONAL {\n"
             + "   ?rule ao:decision ?decision . \n"
-            + "   ?decision ao:id ?decision_id . \n" 
-            + "}\n" 
+            + "   ?decision ao:id ?decision_id . \n"
+            + "}\n"
             + "OPTIONAL {\n"
-            + "   ?attribute ao:setValue ?testData . \n" 
+            + "   ?attribute ao:setValue ?testData . \n"
             + "   ?dataSet ao:testData ?testData . \n"
-            + "   ?testData ao:dataValue ?value . \n" 
-            + "   OPTIONAL {?value ao:id ?lit_value . }\n" 
+            + "   ?testData ao:dataValue ?value . \n"
+            + "   OPTIONAL {?value ao:id ?lit_value . }\n"
             + "}\n"
-            + "OPTIONAL {\n" 
-            + "   ?attribute ao:value ?value . \n" 
+            + "OPTIONAL {\n"
+            + "   ?attribute ao:value ?value . \n"
             + "   OPTIONAL {?value ao:id ?lit_value . }\n"
-            + "}\n" + "BIND(?dataSet as ?dataSetUri)\n" 
-            + "  }\n" 
+            + "}\n" + "BIND(?dataSet as ?dataSetUri)\n"
+            + "  }\n"
             + "} ORDER BY ?rule ?attribute";
 
-    private static final String policyKeyTemplatePrefix = 
+    private static final String policyKeyTemplatePrefix =
               "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
             + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
             + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
             + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n" 
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?"
-            + POLICY + "?testData ?value ?valueId ( COUNT(?key) AS ?keySize ) \n" 
+            + POLICY + "?testData ?value ?valueId ( COUNT(?key) AS ?keySize ) \n"
             + "WHERE {\n"
-            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n" 
-            + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n" 
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n"
             + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
-            + "  ?testDataSets ao:testDataset ?dataSet . \n" 
+            + "  ?testDataSets ao:testDataset ?dataSet . \n"
             + "  ?dataSet ao:testData ?testData . \n"
-            + "  OPTIONAL { ?testData ao:dataValue ?value . \n" 
-            + "    OPTIONAL { ?value ao:id ?valueId . } \n" 
+            + "  OPTIONAL { ?testData ao:dataValue ?value . \n"
+            + "    OPTIONAL { ?value ao:id ?valueId . } \n"
             + "  }"
             + "  ?policyKeyUri ao:keyComponent ?key .\n";
 
     private static final String policyKeyTemplateSuffix = "}} GROUP BY ?" + POLICY + " ?value ?valueId ?testData";
 
-    private static final String policyStatementByKeyTemplatePrefix = 
+    private static final String policyStatementByKeyTemplatePrefix =
               "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
             + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
             + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
             + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n" 
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "CONSTRUCT { \n"
-            + "  ?testData ao:dataValue <%s> .\n" 
-            + "}\n" 
+            + "  ?testData ao:dataValue <%s> .\n"
+            + "}\n"
             + "WHERE {\n"
-            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n" 
-            + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n" 
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n"
             + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
-            + "  ?testDataSets ao:testDataset ?dataSet . \n" 
+            + "  ?testDataSets ao:testDataset ?dataSet . \n"
             + "  ?dataSet ao:testData ?testData . \n";
 
     private static final String policyStatementByKeyTemplateSuffix = "}}";
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
index bef2490a30..8ac6a403d5 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
@@ -10,13 +10,12 @@
 import java.util.List;
 import java.util.Map;
 
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
-
 public class PolicyStore implements Policies {
-    
+
     private static final Comparator<Policy> comparator = getPolicyComparator();
     private static PolicyStore INSTANCE = new PolicyStore();
     private static final Log log = LogFactory.getLog(PolicyStore.class);
@@ -24,10 +23,11 @@ public class PolicyStore implements Policies {
     private PolicyStore() {
         INSTANCE = this;
     }
-    
+
     public static PolicyStore getInstance() {
         return INSTANCE;
     }
+
     protected List<Policy> policyList = Collections.synchronizedList(new ArrayList<Policy>());
     protected Map<String, Policy> policyMap = Collections.synchronizedMap(new LinkedHashMap<String, Policy>());
 
@@ -55,7 +55,7 @@ public synchronized void clear() {
         policyList.clear();
         policyMap.clear();
     }
-    
+
     public List<String> getUris() {
         List<String> uris = new LinkedList<>();
         for (Policy policy : policyList) {
@@ -63,18 +63,17 @@ public List<String> getUris() {
         }
         return uris;
     }
-    
+
     private static Comparator<Policy> getPolicyComparator() {
         return new Comparator<Policy>() {
             @Override
             public int compare(Policy lps, Policy rps) {
-                if ( lps.getPriority() > rps.getPriority() ) {
+                if (lps.getPriority() > rps.getPriority()) {
                     return -1;
-                } else 
-                if (lps.getPriority() < rps.getPriority()) {
+                } else if (lps.getPriority() < rps.getPriority()) {
                     return 1;
                 }
-                return lps.getUri().compareTo(lps.getUri()); 
+                return lps.getUri().compareTo(lps.getUri());
             }
         };
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java
index 1a55dd048d..09b61254fb 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java
@@ -5,20 +5,19 @@
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
 /**
- * Represents the process of mapping an identifier that represents a user or
- * principle and a action they are requesting to true, representing authorized or
- * false, representing unauthorized.
+ * Represents the process of mapping an identifier that represents a user or principle and a action they are requesting
+ * to true, representing authorized or false, representing unauthorized.
  *
  * @author bdc34
  *
  */
-public interface Policy  {
+public interface Policy {
     public PolicyDecision decide(AuthorizationRequest ar);
 
     public default String getUri() {
         return "";
     }
-    
+
     public default long getPriority() {
         return 0;
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AllowedAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AllowedAuthorizationRequest.java
index fdb99f9fc4..6da2d72eff 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AllowedAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AllowedAuthorizationRequest.java
@@ -4,7 +4,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 
-public class AllowedAuthorizationRequest extends AuthorizationRequest{
+public class AllowedAuthorizationRequest extends AuthorizationRequest {
 
     private DecisionResult decision;
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java
index a72796ad69..db7aff3130 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java
@@ -9,35 +9,38 @@
 
 public class AndAuthorizationRequest extends AuthorizationRequest {
 
-	private final AuthorizationRequest ar1;
-	private final AuthorizationRequest ar2;
+    private final AuthorizationRequest ar1;
+    private final AuthorizationRequest ar2;
 
-	AndAuthorizationRequest(AuthorizationRequest ar1, AuthorizationRequest ar2) {
-		this.ar1 = ar1;
-		this.ar2 = ar2;
-	}
+    AndAuthorizationRequest(AuthorizationRequest ar1, AuthorizationRequest ar2) {
+        this.ar1 = ar1;
+        this.ar2 = ar2;
+    }
 
     @Override
     public WRAP_TYPE getWrapType() {
         return WRAP_TYPE.AND;
     }
-	
-    public List<AuthorizationRequest> getItems(){
+
+    public List<AuthorizationRequest> getItems() {
         return Arrays.asList(ar1, ar2);
     };
 
-	@Override
-	public String toString() {
-		return "(" + ar1 + " && " + ar2 + ")";
-	}
+    @Override
+    public String toString() {
+        return "(" + ar1 + " && " + ar2 + ")";
+    }
+
     @Override
     public AccessObject getAccessObject() {
         return null;
     }
+
     @Override
     public AccessOperation getAccessOperation() {
         return null;
     }
+
     @Override
     public IdentifierBundle getIds() {
         return null;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java
index eb7b9832f3..1489e27b53 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java
@@ -9,15 +9,15 @@
 
 public class OrAuthorizationRequest extends AuthorizationRequest {
 
-	private final AuthorizationRequest ar1;
-	private final AuthorizationRequest ar2;
+    private final AuthorizationRequest ar1;
+    private final AuthorizationRequest ar2;
 
-	OrAuthorizationRequest(AuthorizationRequest ar1, AuthorizationRequest ar2) {
-		this.ar1 = ar1;
-		this.ar2 = ar2;
-	}
+    OrAuthorizationRequest(AuthorizationRequest ar1, AuthorizationRequest ar2) {
+        this.ar1 = ar1;
+        this.ar2 = ar2;
+    }
 
-    public List<AuthorizationRequest> getItems(){
+    public List<AuthorizationRequest> getItems() {
         return Arrays.asList(ar1, ar2);
     };
 
@@ -25,24 +25,24 @@ public List<AuthorizationRequest> getItems(){
     public WRAP_TYPE getWrapType() {
         return WRAP_TYPE.OR;
     }
-    
-	@Override
-	public String toString() {
-		return "(" + ar1 + " || " + ar2 + ")";
-	}
+
+    @Override
+    public String toString() {
+        return "(" + ar1 + " || " + ar2 + ")";
+    }
+
     @Override
     public AccessObject getAccessObject() {
-        // TODO Auto-generated method stub
         return null;
     }
+
     @Override
     public AccessOperation getAccessOperation() {
-        // TODO Auto-generated method stub
         return null;
     }
+
     @Override
     public IdentifierBundle getIds() {
-        // TODO Auto-generated method stub
         return null;
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java
index c7139f2cda..6c1bf7c9e9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java
@@ -18,12 +18,12 @@ public AccessOperation getOperation() {
     }
 
     private AccessOperation operation;
-    
+
     public SimpleAuthorizationRequest(AccessObject object, AccessOperation operation) {
         this.object = object;
         this.operation = operation;
     }
-    
+
     public SimpleAuthorizationRequest(String namedAccessObject) {
         this.object = new AccessObjectImpl(namedAccessObject);
         this.operation = AccessOperation.EXECUTE;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
index cbe01992fd..bb3f065bad 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
@@ -18,20 +18,20 @@ public interface AccessRule {
     public String getRuleUri();
 
     public void setRuleUri(String ruleUri);
-    
-	public List<Attribute> getAttributes();
-	
-	public boolean match(AuthorizationRequest ar);
-	
-	public void addAttribute(Attribute attr);
+
+    public List<Attribute> getAttributes();
+
+    public boolean match(AuthorizationRequest ar);
+
+    public void addAttribute(Attribute attr);
 
     public Set<String> getAttributeUris();
-    
+
     public boolean containsAttributeUri(String uri);
 
     public Set<Attribute> getAttributesByType(AttributeType type);
-    
+
     public long getAttributesCount();
-    
+
     public Attribute getAttribute(String uri);
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
index 876997ad4c..f7df488ce8 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
@@ -1,12 +1,11 @@
 package edu.cornell.mannlib.vitro.webapp.auth.rules;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jena.query.QuerySolution;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
-
 public class AccessRuleFactory {
 
     private static final Log log = LogFactory.getLog(AccessRuleFactory.class);
@@ -15,7 +14,7 @@ public static AccessRule createRule(QuerySolution qs) {
         AccessRule ar = new AccessRuleImpl();
         String ruleUri = qs.getResource(PolicyLoader.RULE).getURI();
         if (qs.contains("dataSetUri")) {
-            ruleUri += "." + qs.getResource("dataSetUri").getURI();    
+            ruleUri += "." + qs.getResource("dataSetUri").getURI();
         }
 
         ar.setRuleUri(ruleUri);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
index 008c695183..457c3c52e1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
@@ -11,22 +11,20 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeType;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeType;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-
 public class AccessRuleImpl implements AccessRule {
     private static final Log log = LogFactory.getLog(AccessRuleImpl.class);
-    protected Map<String,Attribute> attributeMap = new HashMap<>();
+    protected Map<String, Attribute> attributeMap = new HashMap<>();
     protected List<Attribute> attributes = new ArrayList<Attribute>();
     private static final Comparator<Attribute> comparator = getAttributeComparator();
 
-
     private boolean allowMatched = true;
     private String ruleUri;
 
@@ -45,26 +43,26 @@ public String getRuleUri() {
     public void setRuleUri(String ruleUri) {
         this.ruleUri = ruleUri;
     }
-    
+
     public List<Attribute> getAttributes() {
         return attributes;
     }
-    
+
     public boolean match(AuthorizationRequest ar) {
-       for (Attribute attribute : attributes) {
-           if (!attribute.match(ar)) {
-               if (log.isDebugEnabled()) {
-                   log.debug(String.format("Attribute %s didn't match", attribute.getUri()));    
-               }
-               return false;
-           }
-       }
-       return true;
+        for (Attribute attribute : attributes) {
+            if (!attribute.match(ar)) {
+                if (log.isDebugEnabled()) {
+                    log.debug(String.format("Attribute %s didn't match", attribute.getUri()));
+                }
+                return false;
+            }
+        }
+        return true;
     }
 
     public void addAttribute(Attribute attr) {
         if (attributeMap.containsKey(attr.getUri())) {
-            log.error(String.format("attribute %s already exists in the rule",attr.getUri()));
+            log.error(String.format("attribute %s already exists in the rule", attr.getUri()));
         }
         attributes.add(attr);
         Collections.sort(attributes, comparator);
@@ -86,7 +84,7 @@ public boolean equals(Object object) {
                 .append(getAttributes(), compared.getAttributes())
                 .isEquals();
     }
-    
+
     @Override
     public int hashCode() {
         return new HashCodeBuilder(15, 101)
@@ -98,37 +96,35 @@ public int hashCode() {
     public Set<String> getAttributeUris() {
         return attributeMap.keySet();
     }
-    
+
     public boolean containsAttributeUri(String uri) {
         return attributeMap.containsKey(uri);
     }
 
-    public Set<Attribute> getAttributesByType(AttributeType type){
+    public Set<Attribute> getAttributesByType(AttributeType type) {
         return getAttributes().stream().filter(a -> a.getAttributeType().equals(type)).collect(Collectors.toSet());
     }
-    
+
     public long getAttributesCount() {
         return attributes.size();
     }
-    
+
     public Attribute getAttribute(String uri) {
         return attributeMap.get(uri);
     }
-    
+
     private static Comparator<Attribute> getAttributeComparator() {
         return new Comparator<Attribute>() {
             @Override
             public int compare(Attribute latt, Attribute ratt) {
-                if ( latt.getComputationalCost() > ratt.getComputationalCost() ) {
+                if (latt.getComputationalCost() > ratt.getComputationalCost()) {
                     return -1;
-                } else 
-                if (latt.getComputationalCost() < ratt.getComputationalCost()) {
+                } else if (latt.getComputationalCost() < ratt.getComputationalCost()) {
                     return 1;
                 }
-                return latt.getUri().compareTo(latt.getUri()); 
+                return latt.getUri().compareTo(latt.getUri());
             }
         };
     }
 
-    
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/FilterByDisplayPermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/FilterByDisplayPermission.java
index 8593883be8..a4a18b6fd1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/FilterByDisplayPermission.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/FilterByDisplayPermission.java
@@ -4,9 +4,6 @@
 
 import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
@@ -21,80 +18,81 @@
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
 import net.sf.jga.fn.UnaryFunctor;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 /**
- * Filter the properties depending on what DisplayByRolePermission is on the
- * request. If no request, or no permission, use the Public permission.
+ * Filter the properties depending on what DisplayByRolePermission is on the request. If no request, or no permission,
+ * use the Public permission.
  */
 public class FilterByDisplayPermission extends VitroFiltersImpl {
-	private static final Log log = LogFactory.getLog(FilterByDisplayPermission.class);
-	IdentifierBundle accessSubject = ActiveIdentifierBundleFactories.getUserIdentifierBundle(null);
+    private static final Log log = LogFactory.getLog(FilterByDisplayPermission.class);
+    IdentifierBundle accessSubject = ActiveIdentifierBundleFactories.getUserIdentifierBundle(null);
 
-	public FilterByDisplayPermission() {
-	    setDataPropertyFilter(new DataPropertyFilterByPolicy());
-	    setObjectPropertyFilter(new ObjectPropertyFilterByPolicy());
-	    setDataPropertyStatementFilter(new DataPropertyStatementFilterByPolicy());
-	    setObjectPropertyStatementFilter(new ObjectPropertyStatementFilterByPolicy());
-	}
+    public FilterByDisplayPermission() {
+        setDataPropertyFilter(new DataPropertyFilterByPolicy());
+        setObjectPropertyFilter(new ObjectPropertyFilterByPolicy());
+        setDataPropertyStatementFilter(new DataPropertyStatementFilterByPolicy());
+        setObjectPropertyStatementFilter(new ObjectPropertyStatementFilterByPolicy());
+    }
 
-	boolean checkAuthorization(AccessObject accessObject) {
-		boolean decision = PolicyHelper.isAuthorizedForActions(accessSubject, accessObject, AccessOperation.DISPLAY);
-		log.debug("decision is " + decision);
-		return decision;
-	}
+    boolean checkAuthorization(AccessObject accessObject) {
+        boolean decision = PolicyHelper.isAuthorizedForActions(accessSubject, accessObject, AccessOperation.DISPLAY);
+        log.debug("decision is " + decision);
+        return decision;
+    }
 
-	/**
-	 * Private Classes
-	 */
+    /**
+     * Private Classes
+     */
 
-	private class DataPropertyFilterByPolicy extends UnaryFunctor<DataProperty, Boolean> {
-		@Override
-		public Boolean fn(DataProperty dp) {
-			return checkAuthorization(new DataPropertyAccessObject(dp));
-		}
-	}
+    private class DataPropertyFilterByPolicy extends UnaryFunctor<DataProperty, Boolean> {
+        @Override
+        public Boolean fn(DataProperty dp) {
+            return checkAuthorization(new DataPropertyAccessObject(dp));
+        }
+    }
 
-	private class ObjectPropertyFilterByPolicy extends UnaryFunctor<ObjectProperty, Boolean> {
-		@Override
-		public Boolean fn(ObjectProperty op) {
-			return checkAuthorization(new ObjectPropertyAccessObject(op));
-		}
-	}
+    private class ObjectPropertyFilterByPolicy extends UnaryFunctor<ObjectProperty, Boolean> {
+        @Override
+        public Boolean fn(ObjectProperty op) {
+            return checkAuthorization(new ObjectPropertyAccessObject(op));
+        }
+    }
 
-	private class DataPropertyStatementFilterByPolicy extends UnaryFunctor<DataPropertyStatement, Boolean> {
-		@Override
-		public Boolean fn(DataPropertyStatement dps) {
-		    //TODO: Model should be here to correctly check authorization
-			return checkAuthorization(new DataPropertyStatementAccessObject(null, dps));
-		}
-	}
+    private class DataPropertyStatementFilterByPolicy extends UnaryFunctor<DataPropertyStatement, Boolean> {
+        @Override
+        public Boolean fn(DataPropertyStatement dps) {
+            //TODO: Model should be here to correctly check authorization
+            return checkAuthorization(new DataPropertyStatementAccessObject(null, dps));
+        }
+    }
 
-	private class ObjectPropertyStatementFilterByPolicy extends UnaryFunctor<ObjectPropertyStatement, Boolean> {
-		@Override
-		public Boolean fn(ObjectPropertyStatement ops) {
-			String subjectUri = ops.getSubjectURI();
-			ObjectProperty predicate = getOrCreateProperty(ops);
-			String objectUri = ops.getObjectURI();
-			return checkAuthorization(new ObjectPropertyStatementAccessObject(null, subjectUri, predicate, objectUri));
-		}
+    private class ObjectPropertyStatementFilterByPolicy extends UnaryFunctor<ObjectPropertyStatement, Boolean> {
+        @Override
+        public Boolean fn(ObjectPropertyStatement ops) {
+            String subjectUri = ops.getSubjectURI();
+            ObjectProperty predicate = getOrCreateProperty(ops);
+            String objectUri = ops.getObjectURI();
+            return checkAuthorization(new ObjectPropertyStatementAccessObject(null, subjectUri, predicate, objectUri));
+        }
 
-		/**
-		 * It would be nice if every ObjectPropertyStatement held a real
-		 * ObjectProperty. If it doesn't, we do the next best thing, but it
-		 * won't recognize any applicable Faux properties.
-		 */
-		private ObjectProperty getOrCreateProperty(ObjectPropertyStatement ops) {
-			if (ops.getProperty() != null) {
-				return ops.getProperty();
-			}
-			if (ops.getPropertyURI() ==  null) {
-				return null;
-			}
-			ObjectProperty op = new ObjectProperty();
-			op.setURI(ops.getPropertyURI());
-			op.setDomainVClassURI(SOME_URI);
-			op.setRangeVClassURI(SOME_URI);
-			return op;
-		}
-	}
+        /**
+         * It would be nice if every ObjectPropertyStatement held a real ObjectProperty. If it doesn't, we do the next
+         * best thing, but it won't recognize any applicable Faux properties.
+         */
+        private ObjectProperty getOrCreateProperty(ObjectPropertyStatement ops) {
+            if (ops.getProperty() != null) {
+                return ops.getProperty();
+            }
+            if (ops.getPropertyURI() == null) {
+                return null;
+            }
+            ObjectProperty op = new ObjectProperty();
+            op.setURI(ops.getPropertyURI());
+            op.setDomainVClassURI(SOME_URI);
+            op.setRangeVClassURI(SOME_URI);
+            return op;
+        }
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
index 5dc240ddbe..a4d222cceb 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
@@ -1,5 +1,12 @@
 package edu.cornell.mannlib.vitro.webapp.migration.auth;
 
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.ALL_ROLES;
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.ROLE_ADMIN_URI;
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.ROLE_CURATOR_URI;
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.ROLE_EDITOR_URI;
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.ROLE_PUBLIC_URI;
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.ROLE_SELF_EDITOR_URI;
+
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
@@ -7,22 +14,19 @@
 import java.util.Map;
 import java.util.Set;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.jena.query.QuerySolution;
-import org.apache.jena.query.ResultSet;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.RDFServiceUtils;
-
-import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.*;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.query.QuerySolution;
+import org.apache.jena.query.ResultSet;
 
 public class AnnotationMigrator {
-    
+
     private static final Log log = LogFactory.getLog(AnnotationMigrator.class);
 
     private static final String PREFIX = "http://vitro.mannlib.cornell.edu/ns/vitro/role#";
@@ -32,18 +36,20 @@ public class AnnotationMigrator {
     private static final String OLD_ROLE_CURATOR = PREFIX + "curator";
     private static final String OLD_ROLE_DB_ADMIN = PREFIX + "dbAdmin";
     private static final String OLD_ROLE_NOBODY = PREFIX + "nobody";
-    
+
     private RDFService contentRdfService;
     private RDFService configurationRdfService;
-    private Map<String,Set<String>> showMap;
-    
+    private Map<String, Set<String>> showMap;
+
     public AnnotationMigrator(RDFService contentRdfService, RDFService configurationRdfService) {
         this.contentRdfService = contentRdfService;
         this.configurationRdfService = configurationRdfService;
         showMap = new HashMap<>();
-        showMap.put(OLD_ROLE_PUBLIC, allRoles);
-        showMap.put(OLD_ROLE_SELF, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI)));
-        showMap.put(OLD_ROLE_EDITOR, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI)));
+        showMap.put(OLD_ROLE_PUBLIC, ALL_ROLES);
+        showMap.put(OLD_ROLE_SELF, new HashSet<String>(
+                Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI)));
+        showMap.put(OLD_ROLE_EDITOR,
+                new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI)));
         showMap.put(OLD_ROLE_CURATOR, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI)));
         showMap.put(OLD_ROLE_DB_ADMIN, new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI)));
         showMap.put(OLD_ROLE_NOBODY, Collections.emptySet());
@@ -62,15 +68,20 @@ protected void migrateConfiguration() {
         Map<String, Map<OperationGroup, Set<String>>> fdpConfigs = getFauxDataPropertyAnnotations(dpConfigs.keySet());
         log.info(String.format("Found %s faux data property annotation configurations", fdpConfigs.size()));
         Long[] valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.OBJECT_PROPERTY, opConfigs);
-        log.info(String.format("Updated object property datasets. Added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        log.info(String.format("Updated object property datasets. Added %d values, removed %d values", valueCounts[0],
+                valueCounts[1]));
         valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.DATA_PROPERTY, dpConfigs);
-        log.info(String.format("Updated data property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        log.info(String.format("Updated data property datasets, added %d values, removed %d values", valueCounts[0],
+                valueCounts[1]));
         valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.CLASS, classConfigs);
-        log.info(String.format("Updated class property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        log.info(String.format("Updated class property datasets, added %d values, removed %d values", valueCounts[0],
+                valueCounts[1]));
         valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.FAUX_OBJECT_PROPERTY, fopConfigs);
-        log.info(String.format("Updated faux object property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        log.info(String.format("Updated faux object property datasets, added %d values, removed %d values",
+                valueCounts[0], valueCounts[1]));
         valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.FAUX_DATA_PROPERTY, fdpConfigs);
-        log.info(String.format("Updated data property datasets, added %d values, removed %d values", valueCounts[0], valueCounts[1]));
+        log.info(String.format("Updated data property datasets, added %d values, removed %d values", valueCounts[0],
+                valueCounts[1]));
         PolicyLoader.getInstance().loadPolicies();
     }
 
@@ -79,7 +90,8 @@ protected Map<String, Map<OperationGroup, Set<String>>> getFauxDataPropertyAnnot
         return getFauxConfigurations(queryText, configurationRdfService, dataProperties);
     }
 
-    protected Map<String, Map<OperationGroup, Set<String>>> getFauxObjectPropertyAnnotations(Set<String> objectProperties) {
+    protected Map<String, Map<OperationGroup, Set<String>>> getFauxObjectPropertyAnnotations(
+            Set<String> objectProperties) {
         String queryText = getAnnotationQuery(fauxTypeSpecificPatterns);
         return getFauxConfigurations(queryText, configurationRdfService, objectProperties);
     }
@@ -100,7 +112,7 @@ protected Map<String, Map<OperationGroup, Set<String>>> getObjectPropertyAnnotat
     }
 
     /**
-     * @return map of entity URIs and maps of operations and list of allowed roles  
+     * @return map of entity URIs and maps of operations and list of allowed roles
      */
     private Map<String, Map<OperationGroup, Set<String>>> getConfigurations(String queryText, RDFService service) {
         Map<String, Map<OperationGroup, Set<String>>> configs = new HashMap<>();
@@ -118,9 +130,10 @@ private Map<String, Map<OperationGroup, Set<String>>> getConfigurations(String q
 
     /**
      * @param targetProperties set of property URIs to get configurations from
-     * @return map of entity URIs and maps of operations and list of allowed roles  
+     * @return map of entity URIs and maps of operations and list of allowed roles
      */
-    private Map<String, Map<OperationGroup, Set<String>>> getFauxConfigurations(String queryText, RDFService service, Set<String> targetProperties) {
+    private Map<String, Map<OperationGroup, Set<String>>> getFauxConfigurations(String queryText, RDFService service,
+            Set<String> targetProperties) {
         Map<String, Map<OperationGroup, Set<String>>> configs = new HashMap<>();
         try {
             ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, service);
@@ -142,15 +155,15 @@ private void collectConfiguration(Map<String, Map<OperationGroup, Set<String>>>
         String uri = qs.getResource("uri").getURI();
         String displayAnnotation = qs.getResource("display").getURI();
         Set<String> displayRoles = new HashSet<>(showMap.get(displayAnnotation));
-    
+
         String publishAnnotation = qs.getResource("publish").getURI();
         Set<String> publishRoles = new HashSet<>(showMap.get(publishAnnotation));
         publishRoles.remove(ROLE_PUBLIC_URI);
-    
+
         String updateAnnotation = qs.getResource("update").getURI();
         Set<String> updateRoles = new HashSet<>(showMap.get(updateAnnotation));
         updateRoles.remove(ROLE_PUBLIC_URI);
-    
+
         Map<OperationGroup, Set<String>> config = new HashMap<>();
         config.put(OperationGroup.UPDATE_GROUP, updateRoles);
         config.put(OperationGroup.PUBLISH_GROUP, publishRoles);
@@ -162,26 +175,21 @@ private static String getAnnotationQuery(String typeSpecificPatterns) {
         return ""
                 + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
                 + "PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-                + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n"
-                + "SELECT ?base ?uri ?update ?display ?publish\n"
-                + "WHERE {\n"
-                + typeSpecificPatterns
-                + "{  OPTIONAL { ?uri vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayAssigned . }\n"
-                + "  BIND (COALESCE(?displayAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#public> ) AS ?display )\n"
-                + "  OPTIONAL { ?uri vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateAssigned . }\n"
-                + "  BIND (COALESCE(?updateAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor> ) AS ?update )\n"
-                + "  OPTIONAL { ?uri vitro:hiddenFromPublishBelowRoleLevelAnnot ?publishAssigned . }\n"
-                + "  BIND (COALESCE(?publishAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#public> ) AS ?publish )\n"
-                + "  FILTER (!isBlank(?uri))\n"
-                + "}} \n";
+                + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n" + "SELECT ?base ?uri ?update ?display ?publish\n"
+                + "WHERE {\n" + typeSpecificPatterns
+                + "{OPTIONAL { ?uri vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayAssigned . }\n"
+                + "BIND (COALESCE(?displayAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#public>) AS ?display)\n"
+                + "OPTIONAL { ?uri vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateAssigned . }\n"
+                + "BIND (COALESCE(?updateAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#selfEditor>) AS ?update)\n"
+                + "OPTIONAL { ?uri vitro:hiddenFromPublishBelowRoleLevelAnnot ?publishAssigned . }\n"
+                + "BIND (COALESCE(?publishAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#public>) AS ?publish)\n"
+                + "FILTER (!isBlank(?uri))\n" + "}} \n";
     }
 
-    private static final String fauxTypeSpecificPatterns = ""
-      + "GRAPH <" + ModelNames.DISPLAY + "> {"
-      + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#configContextFor> ?base .\n"
-      + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#hasConfiguration> ?uri .\n"
-      + "  ?uri rdf:type <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#ObjectPropertyDisplayConfig> .\n"
-      + "} GRAPH <" + ModelNames.DISPLAY + ">";
-
+    private static final String fauxTypeSpecificPatterns = "" + "GRAPH <" + ModelNames.DISPLAY + "> {"
+            + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#configContextFor> ?base .\n"
+            + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#hasConfiguration> ?uri .\n"
+            + "  ?uri rdf:type <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#ObjectPropertyDisplayConfig> .\n"
+            + "} GRAPH <" + ModelNames.DISPLAY + ">";
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
index 87ddfe5dbf..9236b6ac98 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
@@ -8,12 +8,6 @@
 import java.util.Map;
 import java.util.Set;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.jena.query.ParameterizedSparqlString;
-import org.apache.jena.query.QuerySolution;
-import org.apache.jena.query.ResultSet;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
@@ -22,48 +16,46 @@
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFServiceException;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.RDFServiceUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.query.ParameterizedSparqlString;
+import org.apache.jena.query.QuerySolution;
+import org.apache.jena.query.ResultSet;
 
 public class ArmMigrator {
-    
+
     private static final Log log = LogFactory.getLog(ArmMigrator.class);
 
     protected static String DISPLAY = "Display";
     protected static String UPDATE = "Update";
     protected static String PUBLISH = "Publish";
-    
+
     protected static final String ARM_ADMIN = "ADMIN";
     protected static final String ARM_CURATOR = "CURATOR";
-    protected static final String ARM_EDITOR  = "EDITOR";
+    protected static final String ARM_EDITOR = "EDITOR";
     protected static final String ARM_SELF_EDITOR = "SELF_EDITOR";
     protected static final String ARM_PUBLIC = "PUBLIC";
 
-    protected static final List<String> armRoles = Arrays.asList(ARM_ADMIN, ARM_CURATOR, ARM_EDITOR, ARM_SELF_EDITOR, ARM_PUBLIC);
+    protected static final List<String> armRoles = Arrays.asList(ARM_ADMIN, ARM_CURATOR, ARM_EDITOR, ARM_SELF_EDITOR,
+            ARM_PUBLIC);
     protected static final List<String> armOperations = Arrays.asList(DISPLAY, UPDATE, PUBLISH);
-    protected static final List<AccessObjectType> entityTypes = Arrays.asList(
-            AccessObjectType.CLASS,
-            AccessObjectType.OBJECT_PROPERTY,
-            AccessObjectType.DATA_PROPERTY,
-            AccessObjectType.FAUX_OBJECT_PROPERTY,
-            AccessObjectType.FAUX_DATA_PROPERTY
-            );
+    protected static final List<AccessObjectType> entityTypes = Arrays.asList(AccessObjectType.CLASS,
+            AccessObjectType.OBJECT_PROPERTY, AccessObjectType.DATA_PROPERTY, AccessObjectType.FAUX_OBJECT_PROPERTY,
+            AccessObjectType.FAUX_DATA_PROPERTY);
 
     private RDFService contentRdfService;
     private RDFService configurationRdfService;
 
-    private String VALUE_QUERY = ""
-            + "SELECT ?uri \n"
-            + "WHERE {\n"
-            + "  GRAPH <" + ModelNames.USER_ACCOUNTS + "> {\n"
-            + "  ?permission <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity> ?uri . \n"
-            + "  }\n"
+    private String VALUE_QUERY = "" + "SELECT ?uri \n" + "WHERE {\n" + "  GRAPH <" + ModelNames.USER_ACCOUNTS + "> {\n"
+            + "  ?permission <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity> ?uri . \n" + "  }\n"
             + "}";
 
     private static Map<String, String> roleMap;
     private static Map<String, OperationGroup> operationMap;
-    
+
     public ArmMigrator(RDFService contentRdfService, RDFService configurationRdfService) {
         this.contentRdfService = contentRdfService;
-        this.configurationRdfService = configurationRdfService;  
+        this.configurationRdfService = configurationRdfService;
         operationMap = new HashMap<>();
         operationMap.put(DISPLAY, OperationGroup.DISPLAY_GROUP);
         operationMap.put(UPDATE, OperationGroup.UPDATE_GROUP);
@@ -77,12 +69,12 @@ public ArmMigrator(RDFService contentRdfService, RDFService configurationRdfServ
     }
 
     public static String getArmPermissionSubject(String operation, String role) {
-        return "java:edu.cornell.mannlib.vitro.webapp.auth.permissions.Entity" + operation + "Permission#" + role ;
+        return "java:edu.cornell.mannlib.vitro.webapp.auth.permissions.Entity" + operation + "Permission#" + role;
     }
 
     public void migrateConfiguration() {
         cleanEntityDataSetValues();
-        Map<AccessObjectType,Set<String>> entityTypeMap = getEntityMap();
+        Map<AccessObjectType, Set<String>> entityTypeMap = getEntityMap();
         StringBuilder additions = new StringBuilder();
         collectAdditions(entityTypeMap, additions);
         PolicyLoader.getInstance().updateAccessControlModel(additions.toString(), true);
@@ -101,15 +93,16 @@ protected StringBuilder getStatementsToRemove() {
                 OperationGroup og = operationMap.get(operation);
                 for (AccessObjectType aot : entityTypes) {
                     Set<String> entityUris = PolicyLoader.getInstance().getPolicyDataSetValues(og, aot, newRole);
-                    for( String entityUri : entityUris) {
-                        EntityPolicyController.getDataValueStatements(entityUri, aot, og, Collections.singleton(newRole), removals);    
+                    for (String entityUri : entityUris) {
+                        EntityPolicyController.getDataValueStatements(entityUri, aot, og,
+                                Collections.singleton(newRole), removals);
                     }
                 }
             }
         }
         return removals;
     }
-    
+
     private Set<String> getFauxByBase(String baseUri) {
         Set<String> entities = new HashSet<>();
         String queryText = getQueryText(AccessObjectType.FAUX_OBJECT_PROPERTY);
@@ -131,7 +124,7 @@ private Set<String> getFauxByBase(String baseUri) {
     }
 
     protected void collectAdditions(Map<AccessObjectType, Set<String>> entityTypeMap, StringBuilder additions) {
-        
+
         for (String role : armRoles) {
             String newRole = roleMap.get(role);
             for (String operation : armOperations) {
@@ -144,20 +137,20 @@ protected void collectAdditions(Map<AccessObjectType, Set<String>> entityTypeMap
                     Set<String> allTypeEntitities = entityTypeMap.get(type);
                     HashSet<String> intersectionEntities = new HashSet<>(armEntities);
                     intersectionEntities.retainAll(allTypeEntitities);
-                    
-                    //Workaround for ARM behavior 
+
+                    // Workaround for ARM behavior
                     if (AccessObjectType.OBJECT_PROPERTY.equals(type)) {
-                        //find all faux object properties for each of base property from entityUri set
-                        //and add to the list of additional faux object properties
-                        for (String entity: intersectionEntities) {
+                        // find all faux object properties for each of base property from entityUri set
+                        // and add to the list of additional faux object properties
+                        for (String entity : intersectionEntities) {
                             Set<String> faux = getFauxByBase(entity);
                             addFauxOP.addAll(faux);
                         }
                     }
                     if (AccessObjectType.DATA_PROPERTY.equals(type)) {
-                        //find all faux data properties for each of base property from entityUri set
-                        //and add to the list of additional faux data properties
-                        for (String entity: intersectionEntities) {
+                        // find all faux data properties for each of base property from entityUri set
+                        // and add to the list of additional faux data properties
+                        for (String entity : intersectionEntities) {
                             Set<String> faux = getFauxByBase(entity);
                             addFauxDP.addAll(faux);
                         }
@@ -169,18 +162,19 @@ protected void collectAdditions(Map<AccessObjectType, Set<String>> entityTypeMap
                         intersectionEntities.addAll(addFauxDP);
                     }
                     for (String entityUri : intersectionEntities) {
-                        EntityPolicyController.getDataValueStatements(entityUri, type, og, Collections.singleton(newRole), additions);    
+                        EntityPolicyController.getDataValueStatements(entityUri, type, og,
+                                Collections.singleton(newRole), additions);
                     }
                 }
             }
         }
     }
-    
+
     protected Map<AccessObjectType, Set<String>> getEntityMap() {
         Map<AccessObjectType, Set<String>> map = new HashMap<>();
         for (AccessObjectType type : entityTypes) {
             addEntitiesForType(type, map);
-        } 
+        }
         return map;
     }
 
@@ -193,14 +187,14 @@ private void addEntitiesForType(AccessObjectType type, Map<AccessObjectType, Set
             while (rs.hasNext()) {
                 QuerySolution qs = rs.next();
                 String entity = qs.getResource("uri").getURI();
-                if (AccessObjectType.FAUX_DATA_PROPERTY.equals(type)){
+                if (AccessObjectType.FAUX_DATA_PROPERTY.equals(type)) {
                     String baseUri = qs.getResource("base").getURI();
                     Set<String> dataPropSet = map.get(AccessObjectType.DATA_PROPERTY);
                     if (!dataPropSet.contains(baseUri)) {
                         continue;
                     }
                 }
-                if (AccessObjectType.FAUX_OBJECT_PROPERTY.equals(type)){
+                if (AccessObjectType.FAUX_OBJECT_PROPERTY.equals(type)) {
                     String baseUri = qs.getResource("base").getURI();
                     Set<String> objectPropSet = map.get(AccessObjectType.OBJECT_PROPERTY);
                     if (!objectPropSet.contains(baseUri)) {
@@ -214,50 +208,44 @@ private void addEntitiesForType(AccessObjectType type, Map<AccessObjectType, Set
         }
         map.put(type, entities);
     }
-    
+
     private String getQueryText(AccessObjectType type) {
-        String fauxTypeSpecificPatterns = ""
-        + "GRAPH <" + ModelNames.DISPLAY + "> {"
-        + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#configContextFor> ?base .\n"
-        + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#hasConfiguration> ?uri .\n"
-        + "  ?uri rdf:type <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#ObjectPropertyDisplayConfig> .\n"
-        + "}";
+        String fauxTypeSpecificPatterns = "" + "GRAPH <" + ModelNames.DISPLAY + "> {"
+                + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#configContextFor> ?base .\n"
+                + "  ?context <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#hasConfiguration> ?uri .\n"
+                + "  ?uri rdf:type <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#ObjectPropertyDisplayConfig> .\n"
+                + "}";
         switch (type) {
-        case FAUX_OBJECT_PROPERTY:
-            return getQuery(fauxTypeSpecificPatterns);
-        case FAUX_DATA_PROPERTY:
-            return getQuery(fauxTypeSpecificPatterns);
-        case CLASS:
-            return getQuery("{?uri rdf:type owl:Class .}\n");
-        case DATA_PROPERTY:
-            return getQuery("{?uri rdf:type owl:DatatypeProperty .}\n");
-        default:
-            return getQuery("{?uri rdf:type owl:ObjectProperty .}\n");
-        } 
+            case FAUX_OBJECT_PROPERTY:
+                return getQuery(fauxTypeSpecificPatterns);
+            case FAUX_DATA_PROPERTY:
+                return getQuery(fauxTypeSpecificPatterns);
+            case CLASS:
+                return getQuery("{?uri rdf:type owl:Class .}\n");
+            case DATA_PROPERTY:
+                return getQuery("{?uri rdf:type owl:DatatypeProperty .}\n");
+            default:
+                return getQuery("{?uri rdf:type owl:ObjectProperty .}\n");
+        }
     }
-    
+
     private static String getQuery(String typePatterns) {
-        return ""
-                + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
+        return "" + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
                 + "PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-                + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n"
-                + "SELECT ?base ?uri \n"
-                + "WHERE {\n"
-                + typePatterns
-                + "} \n";
+                + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n" + "SELECT ?base ?uri \n" + "WHERE {\n"
+                + typePatterns + "} \n";
     }
 
     private RDFService getRdfService(AccessObjectType type) {
-        if (AccessObjectType.FAUX_OBJECT_PROPERTY.equals(type) ||
-            AccessObjectType.FAUX_DATA_PROPERTY.equals(type)) {
+        if (AccessObjectType.FAUX_OBJECT_PROPERTY.equals(type) || AccessObjectType.FAUX_DATA_PROPERTY.equals(type)) {
             return configurationRdfService;
-        } 
+        }
         return contentRdfService;
     }
 
     private Set<String> getArmEntites(String permissionUri) {
         Set<String> entities = new HashSet<>();
-        ParameterizedSparqlString pss = new ParameterizedSparqlString(VALUE_QUERY );
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(VALUE_QUERY);
         pss.setIri("permission", permissionUri);
         String queryText = pss.toString();
         try {
@@ -276,16 +264,12 @@ private Set<String> getArmEntites(String permissionUri) {
     public boolean isArmConfiguation() {
         return containsAdminDisplayPermission();
     }
-    
+
     private boolean containsAdminDisplayPermission() {
         boolean result = false;
-        String query = ""
-                + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-                + "ASK WHERE {\n"
-                + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n"
-                + "       <" + getArmPermissionSubject(DISPLAY, ARM_ADMIN) + "> ?p ?o .\n" 
-                + "  }\n" 
-                + "}";
+        String query = "" + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n" + "ASK WHERE {\n"
+                + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n" + "       <"
+                + getArmPermissionSubject(DISPLAY, ARM_ADMIN) + "> ?p ?o .\n" + "  }\n" + "}";
         try {
             result = configurationRdfService.sparqlAskQuery(query);
         } catch (RDFServiceException e) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 8e744375fa..52053ec76b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -2,6 +2,17 @@
 
 package edu.cornell.mannlib.vitro.webapp.migration.auth;
 
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
@@ -12,25 +23,13 @@
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.RDFServiceUtils;
 import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jena.query.ParameterizedSparqlString;
 import org.apache.jena.query.QuerySolution;
 import org.apache.jena.query.ResultSet;
 
-import javax.servlet.ServletContext;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-public class AuthMigrator implements ServletContextListener { 
+public class AuthMigrator implements ServletContextListener {
 
     private static final Log log = LogFactory.getLog(AuthMigrator.class);
     protected static final String ROLE_ADMIN_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
@@ -38,7 +37,8 @@ public class AuthMigrator implements ServletContextListener {
     protected static final String ROLE_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
     protected static final String ROLE_SELF_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR";
     protected static final String ROLE_PUBLIC_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
-    protected static final Set<String> allRoles = new HashSet<String>(Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI));
+    protected static final Set<String> ALL_ROLES = new HashSet<String>(
+            Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI));
 
     private RDFService contentRdfService;
     private RDFService configurationRdfService;
@@ -47,7 +47,8 @@ public class AuthMigrator implements ServletContextListener {
     public void contextInitialized(ServletContextEvent sce) {
         long begin = System.currentTimeMillis();
         ContextModelAccess modelAccess = ModelAccess.getInstance();
-        initialize(modelAccess.getRDFService(WhichService.CONTENT), modelAccess.getRDFService(WhichService.CONFIGURATION));
+        initialize(modelAccess.getRDFService(WhichService.CONTENT),
+                modelAccess.getRDFService(WhichService.CONFIGURATION));
         if (!isMigrationRequired()) {
             return;
         }
@@ -65,7 +66,7 @@ protected void initialize(RDFService content, RDFService configuration) {
     }
 
     protected void convertAuthorizationConfiguration() {
-        if(isArmConfiguration()) {
+        if (isArmConfiguration()) {
             convertArmConfiguration();
         } else {
             convertAnnotationConfiguation();
@@ -78,12 +79,12 @@ private void convertArmConfiguration() {
         ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService);
         armMigrator.migrateConfiguration();
     }
-    
+
     private void convertAnnotationConfiguation() {
         AnnotationMigrator annotationMigrator = new AnnotationMigrator(contentRdfService, configurationRdfService);
         annotationMigrator.migrateConfiguration();
     }
-    
+
     static Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<OperationGroup, Set<String>>> configs) {
         StringBuilder additions = new StringBuilder();
         StringBuilder removals = new StringBuilder();
@@ -92,22 +93,24 @@ static Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<Operati
             for (OperationGroup og : groupMap.keySet()) {
                 Set<String> rolesToAdd = groupMap.get(og);
                 EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToAdd, additions);
-                Set<String> rolesToRemove = new HashSet<>(allRoles);
+                Set<String> rolesToRemove = new HashSet<>(ALL_ROLES);
                 rolesToRemove.removeAll(rolesToAdd);
-                //Don't remove public publish and update data sets, as there are no public policies for that operation groups  
-                if (OperationGroup.PUBLISH_GROUP.equals(og) ||
-                    OperationGroup.UPDATE_GROUP.equals(og)) {
+                // Don't remove public publish and update data sets, as there are no public policies for that operation
+                // groups
+                if (OperationGroup.PUBLISH_GROUP.equals(og) || OperationGroup.UPDATE_GROUP.equals(og)) {
                     rolesToRemove.remove(ROLE_PUBLIC_URI);
                 }
                 EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToRemove, removals);
-                log.debug(String.format("Updated entity %s dataset for operation group %s access object type %s roles %s", entityUri, og, aot, rolesToAdd));
+                log.debug(
+                        String.format("Updated entity %s dataset for operation group %s access object type %s roles %s",
+                                entityUri, og, aot, rolesToAdd));
             }
         }
         PolicyLoader.getInstance().updateAccessControlModel(additions.toString(), true);
         PolicyLoader.getInstance().updateAccessControlModel(removals.toString(), false);
-        return new Long[]{getLineCount(additions.toString()), getLineCount(removals.toString())};
+        return new Long[] { getLineCount(additions.toString()), getLineCount(removals.toString()) };
     }
-    
+
     private boolean isMigrationRequired() {
         if (getVersion() == 0L) {
             return true;
@@ -119,19 +122,15 @@ private boolean isArmConfiguration() {
         ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService);
         return armMigrator.isArmConfiguation();
     }
-    
+
     protected long getVersion() {
         long version = 0L;
-        String query = ""
-                + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+        String query = "" + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
                 + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-                + "SELECT ?version \n" 
-                + "WHERE {\n"
+                + "SELECT ?version \n" + "WHERE {\n"
                 + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-                + "       ?configuration rdf:type ao:Configuration .\n" 
-                + "       ?configuration ao:version ?version .\n"
-                + "  }\n" 
-                + "}";
+                + "       ?configuration rdf:type ao:Configuration .\n"
+                + "       ?configuration ao:version ?version .\n" + "  }\n" + "}";
         try {
             ResultSet rs = RDFServiceUtils.sparqlSelectQuery(query, configurationRdfService);
             while (rs.hasNext()) {
@@ -146,35 +145,31 @@ protected long getVersion() {
         }
         return version;
     }
+
     protected void removeVersion(long version) {
-        String template = ""
-                + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
+        String template = "" + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
                 + "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
-                + "<https://vivoweb.org/ontology/vitro-application/auth/vocabulary/version> "
-                + "?version .";
+                + "<https://vivoweb.org/ontology/vitro-application/auth/vocabulary/version> " + "?version .";
         ParameterizedSparqlString pss = new ParameterizedSparqlString(template);
         pss.setLiteral("version", version);
         PolicyLoader.getInstance().updateAccessControlModel(pss.toString(), false);
     }
-    
+
     protected void setVersion(long version) {
-        String template = ""
-                + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
+        String template = "" + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
                 + "@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .\n"
                 + "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
-                + "rdf:type ao:Configuration ;\n"
-                + "ao:version ?version .";
+                + "rdf:type ao:Configuration ;\n" + "ao:version ?version .";
         ParameterizedSparqlString pss = new ParameterizedSparqlString(template);
         pss.setLiteral("version", version);
         PolicyLoader.getInstance().updateAccessControlModel(pss.toString(), true);
     }
-    
 
     @Override
     public void contextDestroyed(ServletContextEvent sce) {
         // Nothing to tear down.
     }
-    
+
     private long secondsSince(long startTime) {
         return (System.currentTimeMillis() - startTime) / 1000;
     }
@@ -183,7 +178,7 @@ private static long getLineCount(String lines) {
         Matcher matcher = Pattern.compile("\n").matcher(lines);
         long i = 0;
         while (matcher.find()) {
-            i ++;
+            i++;
         }
         return i;
     }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
index 4220bc08f4..d9bf63a1e9 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
@@ -13,85 +13,91 @@
 
 public class BasicPolicyTest extends PolicyTest {
 
-    public static final String BROKEN_POLICY_BROKEN_TEST = TEST_RESOURCES_PREFIX + "test_policy_broken1.n3";
-    public static final String BROKEN_POLICY_BROKEN_TYPE = TEST_RESOURCES_PREFIX + "test_policy_broken2.n3";
-    public static final String BROKEN_POLICY_BROKEN_TEST_ID = TEST_RESOURCES_PREFIX + "test_policy_broken3.n3";
-    public static final String BROKEN_POLICY_BROKEN_TYPE_ID = TEST_RESOURCES_PREFIX + "test_policy_broken4.n3";
-    public static final String BROKEN_POLICY_BROKEN_ATTRIBUTE_VALUES = TEST_RESOURCES_PREFIX + "test_policy_broken5.n3";
-
+    public static final String BROKEN_POLICY_BROKEN_TEST = RESOURCES_PREFIX + "test_policy_broken1.n3";
+    public static final String BROKEN_POLICY_BROKEN_TYPE = RESOURCES_PREFIX + "test_policy_broken2.n3";
+    public static final String BROKEN_POLICY_BROKEN_TEST_ID = RESOURCES_PREFIX + "test_policy_broken3.n3";
+    public static final String BROKEN_POLICY_BROKEN_TYPE_ID = RESOURCES_PREFIX + "test_policy_broken4.n3";
+    public static final String BROKEN_POLICY_BROKEN_ATTRIBUTE_VALUES = RESOURCES_PREFIX + "test_policy_broken5.n3";
 
     @Test
     public void testGetPolicyUris() {
         load(VALID_POLICY);
         assertTrue(!loader.getPolicyUris().isEmpty());
     }
-    
+
     @Test
     public void testValidPolicy() {
         load(VALID_POLICY);
         assertTrue(!loader.getPolicyUris().isEmpty());
     }
-    
+
     @Test
     public void testValidPolicyWithSet() {
         load(VALID_POLICY_WITH_SET);
-        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/ValidTestSetPolicy");
+        DynamicPolicy policy = loader
+                .loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/ValidTestSetPolicy");
         countRulesAndAttributes(policy, 2, Collections.singleton(2));
     }
-    
+
     @Test
     public void testBrokenTestId() {
         load(BROKEN_POLICY_BROKEN_TEST_ID);
-        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyBrokenTestTypeId");
+        DynamicPolicy policy = loader.loadPolicy(
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyBrokenTestTypeId");
         assertTrue(policy == null);
     }
-    
+
     @Test
     public void testBrokenTypeId() {
         load(BROKEN_POLICY_BROKEN_TYPE_ID);
-        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyTypeId");
+        DynamicPolicy policy = loader
+                .loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyTypeId");
         assertTrue(policy == null);
     }
-    
+
     @Test
     public void testBrokenTest() {
         load(BROKEN_POLICY_BROKEN_TEST);
-        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyBrokenTestType");
+        DynamicPolicy policy = loader.loadPolicy(
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyBrokenTestType");
         assertTrue(policy == null);
     }
-    
+
     @Test
     public void testBrokenType() {
         load(BROKEN_POLICY_BROKEN_TYPE);
-        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyType");
+        DynamicPolicy policy = loader
+                .loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyType");
         assertTrue(policy == null);
     }
-    
+
     @Test
     public void testBrokenAttributeValue() {
         load(BROKEN_POLICY_BROKEN_ATTRIBUTE_VALUES);
-        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
+        DynamicPolicy policy = loader
+                .loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
         assertTrue(policy == null);
     }
-    
+
     @Test
     public void testBrokenSet() {
         load(BROKEN_POLICY_WITH_SET);
-        DynamicPolicy policy = loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
+        DynamicPolicy policy = loader
+                .loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
         assertTrue(policy == null);
     }
-    
+
     @Test
     public void testDuplicateTriplesInPolicies() {
         Model m = ModelFactory.createDefaultModel();
-        Map<String,Long> pathToSizeMap = new HashMap<>();
-        for ( String entityPolicyPath : entityPolicies) {
+        Map<String, Long> pathToSizeMap = new HashMap<>();
+        for (String entityPolicyPath : entityPolicies) {
             load(m, entityPolicyPath);
             pathToSizeMap.put(entityPolicyPath, m.size());
             m.removeAll();
         }
         long cumulativeSize = 0;
-        for ( String entityPolicyPath : entityPolicies) {
+        for (String entityPolicyPath : entityPolicies) {
             load(m, entityPolicyPath);
             cumulativeSize += pathToSizeMap.get(entityPolicyPath);
             if (cumulativeSize != m.size()) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
index fb1dff8dc3..212bc0305c 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
@@ -7,16 +7,16 @@
 
 import org.junit.Test;
 
-public class EditablePagesPolicyTest extends PolicyTest{
+public class EditablePagesPolicyTest extends PolicyTest {
 
     public static final String EDITABLE_PAGES_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editable_pages.n3";
 
     @Test
-    public void testLoadEditablePagesPolicy() {        
+    public void testLoadEditablePagesPolicy() {
         load(EDITABLE_PAGES_POLICY_PATH);
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/EditIndividualPagesPolicy";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
-        countRulesAndAttributes(policy, 2, new HashSet<>(Arrays.asList(5,6)));
+        countRulesAndAttributes(policy, 2, new HashSet<>(Arrays.asList(5, 6)));
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
index 6225ef7558..9c25fa2823 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
@@ -6,10 +6,9 @@
 import java.util.Collections;
 import java.util.List;
 
-import org.junit.Test;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import org.junit.Test;
 
 public class EntityPolicyControllerTest extends PolicyTest {
 
@@ -18,23 +17,28 @@ public void testGetGrantedRoles() {
         load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
         load(SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH);
         List<String> allowedRoles = Arrays.asList(ROLE_ADMIN_URI, ROLE_SELF_EDITOR_URI);
-        EntityPolicyController.updateEntityPolicy("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP, allowedRoles, ROLE_LIST);
-        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_LIST);
+        EntityPolicyController.updateEntityPolicy("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
+                allowedRoles, ROLE_LIST);
+        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP,
+                AccessObjectType.CLASS, ROLE_LIST);
         assertEquals(2, roles.size());
         roles.contains(ROLE_ADMIN_URI);
         roles.contains(ROLE_EDITOR_URI);
     }
-    
+
     @Test
     public void testPolicyDataSetModification() {
         load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
-        EntityPolicyController.updateEntityPolicy("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP, Arrays.asList(ROLE_ADMIN_URI), ROLE_LIST);
-        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_LIST);
+        EntityPolicyController.updateEntityPolicy("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
+                Arrays.asList(ROLE_ADMIN_URI), ROLE_LIST);
+        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP,
+                AccessObjectType.CLASS, ROLE_LIST);
         assertEquals(1, roles.size());
         roles.contains(ROLE_ADMIN_URI);
-        EntityPolicyController.updateEntityPolicy("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP, Collections.emptyList(), ROLE_LIST);
-        roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_LIST);
+        EntityPolicyController.updateEntityPolicy("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
+                Collections.emptyList(), ROLE_LIST);
+        roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP,
+                AccessObjectType.CLASS, ROLE_LIST);
         assertEquals(0, roles.size());
     }
 }
-    
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
index 4bfd456590..5396d19a83 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
@@ -1,5 +1,13 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.CLASS;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.DATA_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_DATA_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_OBJECT_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.OBJECT_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.DISPLAY_GROUP;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.PUBLISH_GROUP;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.UPDATE_GROUP;
 import static org.junit.Assert.assertFalse;
 
 import java.util.Arrays;
@@ -8,139 +16,246 @@
 import java.util.HashSet;
 import java.util.Set;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 
 @RunWith(Parameterized.class)
 public class EntityPolicyTests extends PolicyTest {
     @org.junit.runners.Parameterized.Parameter(0)
     public String filePath;
-    
+
     @org.junit.runners.Parameterized.Parameter(1)
     public String uri;
-    
+
     @org.junit.runners.Parameterized.Parameter(2)
     public OperationGroup group;
-    
+
     @org.junit.runners.Parameterized.Parameter(3)
     public AccessObjectType type;
-    
+
     @org.junit.runners.Parameterized.Parameter(4)
     public String roleUri;
-    
+
     @org.junit.runners.Parameterized.Parameter(5)
     public int rulesCount;
-    
+
     @org.junit.runners.Parameterized.Parameter(6)
     public Set<Integer> attrCount;
-    
+
     @Test
     public void testPolicy() {
         load(filePath);
-        String policyUri =  PREFIX + uri;
+        String policyUri = PREFIX + uri;
         EntityPolicyController.updateEntityPolicy("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         countRulesAndAttributes(policy, rulesCount, attrCount);
         Set<String> values = loader.getPolicyDataSetValues(group, type, roleUri);
         assertFalse(values.isEmpty());
     }
-    
+
     @Parameterized.Parameters
     public static Collection<Object[]> requests() {
         return Arrays.asList(new Object[][] {
-            { EDITOR_DISPLAY_CLASS_POLICY_PATH, "EditorDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
-            { EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, "EditorDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            { EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, "EditorDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            
-            { SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH, "SelfEditorDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_SELF_EDITOR_URI, 1, Collections.singleton(4) },
-            { SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, "SelfEditorDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-            { SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, "SelfEditorDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-
-            { PUBLIC_DISPLAY_CLASS_POLICY_PATH, "PublicDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_PUBLIC_URI, 1, Collections.singleton(4) },
-            { PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH, "PublicDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
-            { PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH, "PublicDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
-            
-            { CURATOR_DISPLAY_CLASS_POLICY_PATH, "CuratorDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
-            { CURATOR_DISPLAY_DATA_PROP_POLICY_PATH, "CuratorDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-            { CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH, "CuratorDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-            
-            { ADMIN_DISPLAY_CLASS_POLICY_PATH, "AdminDisplayClassPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
-            { ADMIN_DISPLAY_DATA_PROP_POLICY_PATH, "AdminDisplayDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
-            { ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH, "AdminDisplayObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            
-            { EDITOR_PUBLISH_CLASS_POLICY_PATH, "EditorPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
-            { EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, "EditorPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            { EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, "EditorPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            
-            { SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH, "SelfEditorPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_SELF_EDITOR_URI, 1, Collections.singleton(4) },
-            { SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, "SelfEditorPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-            { SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, "SelfEditorPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-
-            { CURATOR_PUBLISH_CLASS_POLICY_PATH, "CuratorPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
-            { CURATOR_PUBLISH_DATA_PROP_POLICY_PATH, "CuratorPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-            { CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH, "CuratorPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-
-            { ADMIN_PUBLISH_CLASS_POLICY_PATH, "AdminPublishClassPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
-            { ADMIN_PUBLISH_DATA_PROP_POLICY_PATH, "AdminPublishDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            { ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH, "AdminPublishObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            
-            { EDITOR_UPDATE_CLASS_POLICY_PATH, "EditorUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
-            { EDITOR_UPDATE_DATA_PROP_POLICY_PATH, "EditorUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            { EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, "EditorUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            
-            { SELF_EDITOR_UPDATE_CLASS_POLICY_PATH, "SelfEditorUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_SELF_EDITOR_URI, 1, Collections.singleton(4) },
-            { SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH, "SelfEditorUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4,5)) },
-            { SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, "SelfEditorUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4,5)) },
-
-            { PUBLIC_UPDATE_CLASS_POLICY_PATH, "PublicUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_PUBLIC_URI, 1, Collections.singleton(4) },
-            { PUBLIC_UPDATE_DATA_PROP_POLICY_PATH, "PublicUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
-            { PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH, "PublicUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
-            
-            { CURATOR_UPDATE_CLASS_POLICY_PATH, "CuratorUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
-            { CURATOR_UPDATE_DATA_PROP_POLICY_PATH, "CuratorUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-            { CURATOR_UPDATE_OBJ_PROP_POLICY_PATH, "CuratorUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-            
-            { ADMIN_UPDATE_CLASS_POLICY_PATH, "AdminUpdateClassPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
-            { ADMIN_UPDATE_DATA_PROP_POLICY_PATH, "AdminUpdateDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            { ADMIN_UPDATE_OBJ_PROP_POLICY_PATH, "AdminUpdateObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            
-            { ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "AdminDisplayFauxObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            { CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "CuratorDisplayFauxObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-            { EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "EditorDisplayFauxObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            { SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "SelfEditorDisplayFauxObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-            { PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "PublicDisplayFauxObjectPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
-            
-            { ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "AdminPublishFauxObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            { CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "CuratorPublishFauxObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-            { EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "EditorPublishFauxObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            { SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "SelfEditorPublishFauxObjectPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-            
-            { ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "AdminUpdateFauxObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            { CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "CuratorUpdateFauxObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-            { EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "EditorUpdateFauxObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            { SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "SelfEditorUpdateFauxObjectPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4,5)) },
-            
-            { ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "AdminDisplayFauxDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            { CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "CuratorDisplayFauxDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-            { EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "EditorDisplayFauxDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            { SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "SelfEditorDisplayFauxDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-            { PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "PublicDisplayFauxDataPropertyPolicy", OperationGroup.DISPLAY_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
-            
-            { ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "AdminPublishFauxDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            { CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "CuratorPublishFauxDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-            { EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "EditorPublishFauxDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            { SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "SelfEditorPublishFauxDataPropertyPolicy", OperationGroup.PUBLISH_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-            
-            { ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "AdminUpdateFauxDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            { CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "CuratorUpdateFauxDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-            { EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "EditorUpdateFauxDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            { SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "SelfEditorUpdateFauxDataPropertyPolicy", OperationGroup.UPDATE_GROUP, AccessObjectType.FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4,5)) },
-            
+            { EDITOR_DISPLAY_CLASS_POLICY_PATH, "EditorDisplayClassPolicy", DISPLAY_GROUP,
+                CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
+            { EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, "EditorDisplayDataPropertyPolicy", DISPLAY_GROUP,
+                DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+            { EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, "EditorDisplayObjectPropertyPolicy",
+                DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
+                Collections.singleton(4) },
+
+            { SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH, "SelfEditorDisplayClassPolicy", DISPLAY_GROUP,
+                CLASS, ROLE_SELF_EDITOR_URI, 1, Collections.singleton(4) },
+            { SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, "SelfEditorDisplayDataPropertyPolicy",
+                DISPLAY_GROUP, DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
+                Collections.singleton(4) },
+            { SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, "SelfEditorDisplayObjectPropertyPolicy",
+                DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
+                Collections.singleton(4) },
+
+            { PUBLIC_DISPLAY_CLASS_POLICY_PATH, "PublicDisplayClassPolicy", DISPLAY_GROUP,
+                CLASS, ROLE_PUBLIC_URI, 1, Collections.singleton(4) },
+            { PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH, "PublicDisplayDataPropertyPolicy", DISPLAY_GROUP,
+                DATA_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
+            { PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH, "PublicDisplayObjectPropertyPolicy",
+                DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2,
+                Collections.singleton(4) },
+
+            { CURATOR_DISPLAY_CLASS_POLICY_PATH, "CuratorDisplayClassPolicy", DISPLAY_GROUP,
+                CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
+            { CURATOR_DISPLAY_DATA_PROP_POLICY_PATH, "CuratorDisplayDataPropertyPolicy",
+                DISPLAY_GROUP, DATA_PROPERTY, ROLE_CURATOR_URI, 2,
+                Collections.singleton(4) },
+            { CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH, "CuratorDisplayObjectPropertyPolicy",
+                DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
+                Collections.singleton(4) },
+
+            { ADMIN_DISPLAY_CLASS_POLICY_PATH, "AdminDisplayClassPolicy", DISPLAY_GROUP,
+                CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
+            { ADMIN_DISPLAY_DATA_PROP_POLICY_PATH, "AdminDisplayDataPropertyPolicy", DISPLAY_GROUP,
+                DATA_PROPERTY, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
+            { ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH, "AdminDisplayObjectPropertyPolicy", DISPLAY_GROUP,
+                OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+
+            { EDITOR_PUBLISH_CLASS_POLICY_PATH, "EditorPublishClassPolicy", PUBLISH_GROUP,
+                CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
+            { EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, "EditorPublishDataPropertyPolicy", PUBLISH_GROUP,
+                DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+            { EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, "EditorPublishObjectPropertyPolicy",
+                PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
+                Collections.singleton(4) },
+
+            { SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH, "SelfEditorPublishClassPolicy", PUBLISH_GROUP,
+                CLASS, ROLE_SELF_EDITOR_URI, 1, Collections.singleton(4) },
+            { SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, "SelfEditorPublishDataPropertyPolicy",
+                PUBLISH_GROUP, DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
+                Collections.singleton(4) },
+            { SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, "SelfEditorPublishObjectPropertyPolicy",
+                PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
+                Collections.singleton(4) },
+
+            { CURATOR_PUBLISH_CLASS_POLICY_PATH, "CuratorPublishClassPolicy", PUBLISH_GROUP,
+                CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
+            { CURATOR_PUBLISH_DATA_PROP_POLICY_PATH, "CuratorPublishDataPropertyPolicy",
+                PUBLISH_GROUP, DATA_PROPERTY, ROLE_CURATOR_URI, 2,
+                Collections.singleton(4) },
+            { CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH, "CuratorPublishObjectPropertyPolicy",
+                PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
+                Collections.singleton(4) },
+
+            { ADMIN_PUBLISH_CLASS_POLICY_PATH, "AdminPublishClassPolicy", PUBLISH_GROUP,
+                CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
+            { ADMIN_PUBLISH_DATA_PROP_POLICY_PATH, "AdminPublishDataPropertyPolicy", PUBLISH_GROUP,
+                DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+            { ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH, "AdminPublishObjectPropertyPolicy", PUBLISH_GROUP,
+                OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+
+            { EDITOR_UPDATE_CLASS_POLICY_PATH, "EditorUpdateClassPolicy", UPDATE_GROUP,
+                CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
+            { EDITOR_UPDATE_DATA_PROP_POLICY_PATH, "EditorUpdateDataPropertyPolicy", UPDATE_GROUP,
+                DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+            { EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, "EditorUpdateObjectPropertyPolicy", UPDATE_GROUP,
+                OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+
+            { SELF_EDITOR_UPDATE_CLASS_POLICY_PATH, "SelfEditorUpdateClassPolicy", UPDATE_GROUP,
+                CLASS, ROLE_SELF_EDITOR_URI, 1, Collections.singleton(4) },
+            { SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH, "SelfEditorUpdateDataPropertyPolicy",
+                UPDATE_GROUP, DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
+                new HashSet<>(Arrays.asList(4, 5)) },
+            { SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, "SelfEditorUpdateObjectPropertyPolicy",
+                UPDATE_GROUP, OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
+                new HashSet<>(Arrays.asList(4, 5)) },
+
+            { PUBLIC_UPDATE_CLASS_POLICY_PATH, "PublicUpdateClassPolicy", UPDATE_GROUP,
+                CLASS, ROLE_PUBLIC_URI, 1, Collections.singleton(4) },
+            { PUBLIC_UPDATE_DATA_PROP_POLICY_PATH, "PublicUpdateDataPropertyPolicy", UPDATE_GROUP,
+                DATA_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
+            { PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH, "PublicUpdateObjectPropertyPolicy", UPDATE_GROUP,
+                OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
+
+            { CURATOR_UPDATE_CLASS_POLICY_PATH, "CuratorUpdateClassPolicy", UPDATE_GROUP,
+                CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
+            { CURATOR_UPDATE_DATA_PROP_POLICY_PATH, "CuratorUpdateDataPropertyPolicy", UPDATE_GROUP,
+                DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+            { CURATOR_UPDATE_OBJ_PROP_POLICY_PATH, "CuratorUpdateObjectPropertyPolicy", UPDATE_GROUP,
+                OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+
+            { ADMIN_UPDATE_CLASS_POLICY_PATH, "AdminUpdateClassPolicy", UPDATE_GROUP,
+                CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
+            { ADMIN_UPDATE_DATA_PROP_POLICY_PATH, "AdminUpdateDataPropertyPolicy", UPDATE_GROUP,
+                DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+            { ADMIN_UPDATE_OBJ_PROP_POLICY_PATH, "AdminUpdateObjectPropertyPolicy", UPDATE_GROUP,
+                OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+
+            { ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "AdminDisplayFauxObjectPropertyPolicy",
+                DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
+                Collections.singleton(4) },
+            { CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "CuratorDisplayFauxObjectPropertyPolicy",
+                DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
+                Collections.singleton(4) },
+            { EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "EditorDisplayFauxObjectPropertyPolicy",
+                DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
+                Collections.singleton(4) },
+            { SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "SelfEditorDisplayFauxObjectPropertyPolicy",
+                DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
+                Collections.singleton(4) },
+            { PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "PublicDisplayFauxObjectPropertyPolicy",
+                DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2,
+                Collections.singleton(4) },
+
+            { ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "AdminPublishFauxObjectPropertyPolicy",
+                PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
+                Collections.singleton(4) },
+            { CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "CuratorPublishFauxObjectPropertyPolicy",
+                PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
+                Collections.singleton(4) },
+            { EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "EditorPublishFauxObjectPropertyPolicy",
+                PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
+                Collections.singleton(4) },
+            { SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "SelfEditorPublishFauxObjectPropertyPolicy",
+                PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
+                Collections.singleton(4) },
+
+            { ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "AdminUpdateFauxObjectPropertyPolicy",
+                UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
+                Collections.singleton(4) },
+            { CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "CuratorUpdateFauxObjectPropertyPolicy",
+                UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
+                Collections.singleton(4) },
+            { EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "EditorUpdateFauxObjectPropertyPolicy",
+                UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
+                Collections.singleton(4) },
+            { SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "SelfEditorUpdateFauxObjectPropertyPolicy",
+                UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
+                new HashSet<>(Arrays.asList(4, 5)) },
+
+            { ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "AdminDisplayFauxDataPropertyPolicy",
+                DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2,
+                Collections.singleton(4) },
+            { CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "CuratorDisplayFauxDataPropertyPolicy",
+                DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2,
+                Collections.singleton(4) },
+            { EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "EditorDisplayFauxDataPropertyPolicy",
+                DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2,
+                Collections.singleton(4) },
+            { SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "SelfEditorDisplayFauxDataPropertyPolicy",
+                DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
+                Collections.singleton(4) },
+            { PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "PublicDisplayFauxDataPropertyPolicy",
+                DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_PUBLIC_URI, 2,
+                Collections.singleton(4) },
+
+            { ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "AdminPublishFauxDataPropertyPolicy",
+                PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2,
+                Collections.singleton(4) },
+            { CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "CuratorPublishFauxDataPropertyPolicy",
+                PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2,
+                Collections.singleton(4) },
+            { EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "EditorPublishFauxDataPropertyPolicy",
+                PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2,
+                Collections.singleton(4) },
+            { SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "SelfEditorPublishFauxDataPropertyPolicy",
+                PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
+                Collections.singleton(4) },
+
+            { ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "AdminUpdateFauxDataPropertyPolicy",
+                UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2,
+                Collections.singleton(4) },
+            { CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "CuratorUpdateFauxDataPropertyPolicy",
+                UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2,
+                Collections.singleton(4) },
+            { EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "EditorUpdateFauxDataPropertyPolicy",
+                UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2,
+                Collections.singleton(4) },
+            { SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "SelfEditorUpdateFauxDataPropertyPolicy",
+                UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
+                new HashSet<>(Arrays.asList(4, 5)) },
+
         });
     }
-    
+
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
index 1137892183..aadc819902 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
@@ -3,8 +3,6 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
-import org.junit.Test;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
@@ -12,24 +10,27 @@
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
+import org.junit.Test;
 
 public class HomeMenuItemsRestrictionPolicyTest extends PolicyTest {
 
     public static final String MENU_ITEMS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_menu_items_editing.n3";
-    
+
     @Test
-    public void testHomeMenuItemsRestrictionPolicy() {        
+    public void testHomeMenuItemsRestrictionPolicy() {
         load(MENU_ITEMS_POLICY_PATH);
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/RestrictHomeMenuItemsEditingPolicy";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
         assertEquals(9000, policy.getPriority());
-        assertTrue(policy.getRules().size() > 0 );
+        assertTrue(policy.getRules().size() > 0);
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(false, rule.isAllowMatched());
         assertEquals(4, rule.getAttributesCount());
-        
-        AccessObject ao = new ObjectPropertyStatementAccessObject(null, null, new Property("http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem"), "http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement");
+
+        AccessObject ao = new ObjectPropertyStatementAccessObject(null, null,
+                new Property("http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem"),
+                "http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement");
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
         assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
         ar = new SimpleAuthorizationRequest(ao, AccessOperation.EDIT);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
index 4cbf3916e6..548f1cb382 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
@@ -1,11 +1,11 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DROP;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_LITERAL;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
-import org.junit.Test;
-
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
@@ -13,61 +13,65 @@
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
+import org.junit.Test;
 
-public class NonModifiableStatementsPolicyTest extends PolicyTest{
+public class NonModifiableStatementsPolicyTest extends PolicyTest {
 
+    private static final String VALID = "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid";
+    private static final String MOD_TIME = "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime";
     public static final String NOT_MODIFIABLE_STATEMENTS_POLICY_PATH = "policy_not_modifiable_statements";
-    
+
     @Test
-    public void testNonModifiableStatementsPolicy() {        
+    public void testNonModifiableStatementsPolicy() {
         load(USER_ACCOUNTS_HOME_EVERYTIME + NOT_MODIFIABLE_STATEMENTS_POLICY_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + NOT_MODIFIABLE_STATEMENTS_POLICY_PATH + DATASET + EXT);
 
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/NotModifiableStatementsPolicy";
+        String policyUri =
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/NotModifiableStatementsPolicy";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
         assertEquals(8000, policy.getPriority());
         assertEquals(5, policy.getRules().size());
-        final AccessRule rule = policy.getRules().iterator().next();
+        AccessRule rule = policy.getRules().iterator().next();
         assertEquals(false, rule.isAllowMatched());
         for (AccessRule irule : policy.getRules()) {
             assertEquals(3, irule.getAttributesCount());
         }
-        
-        AccessObject ao = new ObjectPropertyStatementAccessObject(null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid", null, null);
-        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+
+        AccessObject ao = new ObjectPropertyStatementAccessObject(null, VALID, null, null);
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(ao, DROP);
         assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
-        ao = new ObjectPropertyStatementAccessObject(null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime", null, null);
-        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        ao = new ObjectPropertyStatementAccessObject(null, MOD_TIME, null, null);
+        ar = new SimpleAuthorizationRequest(ao, DROP);
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
-        
-        ao = new ObjectPropertyStatementAccessObject(null, null, new Property("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid"), null);
-        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+
+        ao = new ObjectPropertyStatementAccessObject(null, null, new Property(VALID), null);
+        ar = new SimpleAuthorizationRequest(ao, DROP);
         assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
-        ao = new ObjectPropertyStatementAccessObject(null, null, new Property("http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime"), null);
-        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        ao = new ObjectPropertyStatementAccessObject(null, null, new Property(MOD_TIME), null);
+        ar = new SimpleAuthorizationRequest(ao, DROP);
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
-        
-        ao = new ObjectPropertyStatementAccessObject(null, null, null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid");
-        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+
+        ao = new ObjectPropertyStatementAccessObject(null, null, null, VALID);
+        ar = new SimpleAuthorizationRequest(ao, DROP);
         assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
-        ao = new ObjectPropertyStatementAccessObject(null, null, null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime");
-        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        ao = new ObjectPropertyStatementAccessObject(null, null, null, MOD_TIME);
+        ar = new SimpleAuthorizationRequest(ao, DROP);
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
-        
-        //Data property statement
-        ao = new DataPropertyStatementAccessObject(null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid", AccessObject.SOME_URI, AccessObject.SOME_LITERAL);
-        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+
+        // Data property statement
+        ao = new DataPropertyStatementAccessObject(null, VALID, SOME_URI, SOME_LITERAL);
+        ar = new SimpleAuthorizationRequest(ao, DROP);
         assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
-        ao = new DataPropertyStatementAccessObject(null, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime", AccessObject.SOME_URI, AccessObject.SOME_LITERAL);
-        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        ao = new DataPropertyStatementAccessObject(null, MOD_TIME, SOME_URI, SOME_LITERAL);
+        ar = new SimpleAuthorizationRequest(ao, DROP);
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
-        
-        ao = new DataPropertyStatementAccessObject(null, AccessObject.SOME_URI, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid", AccessObject.SOME_LITERAL);
-        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+
+        ao = new DataPropertyStatementAccessObject(null, SOME_URI, VALID, SOME_LITERAL);
+        ar = new SimpleAuthorizationRequest(ao, DROP);
         assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
-        ao = new DataPropertyStatementAccessObject(null, AccessObject.SOME_URI, "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime", AccessObject.SOME_LITERAL);
-        ar = new SimpleAuthorizationRequest(ao, AccessOperation.DROP);
+        ao = new DataPropertyStatementAccessObject(null, SOME_URI, MOD_TIME, SOME_LITERAL);
+        ar = new SimpleAuthorizationRequest(ao, DROP);
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStoreTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStoreTest.java
index 2989ac08a0..8c8b406afc 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStoreTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStoreTest.java
@@ -24,7 +24,7 @@ public void testPriorityOrder() {
         assertEquals(5, store.getList().get(0).getPriority());
         store.clear();
     }
-    
+
     @Test
     public void testPriorityDuplicates() {
         PolicyStore store = PolicyStore.getInstance();
@@ -42,7 +42,7 @@ public void testPriorityDuplicates() {
         assertEquals(4, store.size());
         store.clear();
     }
-    
+
     @Test
     public void testUriDuplicates() {
         PolicyStore store = PolicyStore.getInstance();
@@ -51,11 +51,11 @@ public void testUriDuplicates() {
         assertEquals(1, store.size());
         store.add(new DynamicPolicy("not unique", 0));
         assertEquals(2, store.size());
-        //replace current policy with the same priority
+        // replace current policy with the same priority
         store.add(new DynamicPolicy("not unique", 0));
         assertEquals(2, store.size());
         assertEquals(0, store.getList().get(0).getPriority());
-        //replace current policy with different priority
+        // replace current policy with different priority
         store.add(new DynamicPolicy("not unique", 1));
         assertEquals(2, store.size());
         assertEquals(1, store.getList().get(0).getPriority());
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index c511d0e78e..d357fc8f3c 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -9,6 +9,10 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jena.query.Dataset;
@@ -18,11 +22,6 @@
 import org.apache.jena.shared.Lock;
 import org.junit.Before;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
-import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
-
 public class PolicyTest {
     public static final String USER_ACCOUNTS_HOME_FIRSTTIME = "../home/src/main/resources/rdf/accessControl/firsttime/";
 
@@ -44,199 +43,232 @@ public class PolicyTest {
     public static final String TEST_TYPES_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "test_types.n3";
     public static final String TEST_VALUES_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "test_values.n3";
     public static final String TEST_DECISIONS = USER_ACCOUNTS_HOME_EVERYTIME + "decisions.n3";
-    
-    public static final String ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_display_object_property.n3";
-    public static final String ADMIN_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_display_data_property.n3";
-    public static final String ADMIN_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_display_class.n3";
-
-    public static final String CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_display_object_property.n3";
-    public static final String CURATOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_display_data_property.n3";
-    public static final String CURATOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_display_class.n3";
-
-    public static final String PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_display_object_property.n3";
-    public static final String PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_display_data_property.n3";
-    public static final String PUBLIC_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_display_class.n3";
-    
-    public static final String SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_display_object_property.n3";
-    public static final String SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_display_data_property.n3";
-    public static final String SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_display_class.n3";
-    
-    public static final String EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_display_object_property.n3";
-    public static final String EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_display_data_property.n3";
-    public static final String EDITOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_display_class.n3";
-    //Update
-    public static final String ADMIN_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_update_object_property.n3";
-    public static final String ADMIN_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_update_data_property.n3";
-    public static final String ADMIN_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_update_class.n3";
-
-    public static final String CURATOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_update_object_property.n3";
-    public static final String CURATOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_update_data_property.n3";
-    public static final String CURATOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_update_class.n3";
-
-    public static final String PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_update_object_property.n3";
-    public static final String PUBLIC_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_update_data_property.n3";
-    public static final String PUBLIC_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_update_class.n3";
-    
-    public static final String SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_update_object_property.n3";
-    public static final String SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_update_data_property.n3";
-    public static final String SELF_EDITOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_update_class.n3";
-    
-    public static final String EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_update_object_property.n3";
-    public static final String EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_update_data_property.n3";
-    public static final String EDITOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_update_class.n3"; 
-    //Publish
-    public static final String ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_publish_object_property.n3";
-    public static final String ADMIN_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_publish_data_property.n3";
-    public static final String ADMIN_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_publish_class.n3";
-
-    public static final String CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_publish_object_property.n3";
-    public static final String CURATOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_publish_data_property.n3";
-    public static final String CURATOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_publish_class.n3";
-
-    public static final String SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_publish_object_property.n3";
-    public static final String SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_publish_data_property.n3";
-    public static final String SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_publish_class.n3";
-    
-    public static final String EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_publish_object_property.n3";
-    public static final String EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_publish_data_property.n3";
-    public static final String EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_publish_class.n3";
-    
-    public static final String ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_display_faux_object_property.n3";
-    public static final String CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_display_faux_object_property.n3";
-    public static final String EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_display_faux_object_property.n3";
-    public static final String SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_display_faux_object_property.n3";
-    public static final String PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_display_faux_object_property.n3";
-
-    public static final String ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_publish_faux_object_property.n3";
-    public static final String CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_publish_faux_object_property.n3";
-    public static final String EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_publish_faux_object_property.n3";
-    public static final String SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_publish_faux_object_property.n3";
-   
-    public static final String ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_update_faux_object_property.n3";
-    public static final String CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_update_faux_object_property.n3";
-    public static final String EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_update_faux_object_property.n3";
-    public static final String SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_update_faux_object_property.n3";
-    
-    public static final String ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_display_faux_data_property.n3";
-    public static final String CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_display_faux_data_property.n3";
-    public static final String EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_display_faux_data_property.n3";
-    public static final String SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_display_faux_data_property.n3";
-    public static final String PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_public_display_faux_data_property.n3";
-
-    public static final String ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_publish_faux_data_property.n3";
-    public static final String CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_publish_faux_data_property.n3";
-    public static final String EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_publish_faux_data_property.n3";
-    public static final String SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_publish_faux_data_property.n3";
-   
-    public static final String ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_admin_update_faux_data_property.n3";
-    public static final String CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_curator_update_faux_data_property.n3";
-    public static final String EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editor_update_faux_data_property.n3";
-    public static final String SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_self_editor_update_faux_data_property.n3";
-    
-    protected static final String TEST_RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
-
-    public static final String VALID_POLICY = TEST_RESOURCES_PREFIX + "test_policy_valid.n3";
-    public static final String VALID_POLICY_WITH_SET = TEST_RESOURCES_PREFIX + "test_policy_valid_set.n3";
-    public static final String BROKEN_POLICY_WITH_SET = TEST_RESOURCES_PREFIX + "test_policy_broken_set.n3";
-    public static final String POLICY_KEY_TEST = TEST_RESOURCES_PREFIX + "test_policy_key.n3";
-    
-    protected static final List<String> ROLE_LIST = Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI);
+
+    public static final String ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_display_object_property.n3";
+    public static final String ADMIN_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_display_data_property.n3";
+    public static final String ADMIN_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_display_class.n3";
+
+    public static final String CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_display_object_property.n3";
+    public static final String CURATOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_display_data_property.n3";
+    public static final String CURATOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_display_class.n3";
+
+    public static final String PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_public_display_object_property.n3";
+    public static final String PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_public_display_data_property.n3";
+    public static final String PUBLIC_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_public_display_class.n3";
+
+    public static final String SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_display_object_property.n3";
+    public static final String SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_display_data_property.n3";
+    public static final String SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_display_class.n3";
+
+    public static final String EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_display_object_property.n3";
+    public static final String EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_display_data_property.n3";
+    public static final String EDITOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_display_class.n3";
+    // Update
+    public static final String ADMIN_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_update_object_property.n3";
+    public static final String ADMIN_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_update_data_property.n3";
+    public static final String ADMIN_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_update_class.n3";
+
+    public static final String CURATOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_update_object_property.n3";
+    public static final String CURATOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_update_data_property.n3";
+    public static final String CURATOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_update_class.n3";
+
+    public static final String PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_public_update_object_property.n3";
+    public static final String PUBLIC_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_public_update_data_property.n3";
+    public static final String PUBLIC_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_public_update_class.n3";
+
+    public static final String SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_update_object_property.n3";
+    public static final String SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_update_data_property.n3";
+    public static final String SELF_EDITOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_update_class.n3";
+
+    public static final String EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_update_object_property.n3";
+    public static final String EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_update_data_property.n3";
+    public static final String EDITOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_update_class.n3";
+    // Publish
+    public static final String ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_publish_object_property.n3";
+    public static final String ADMIN_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_publish_data_property.n3";
+    public static final String ADMIN_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_publish_class.n3";
+
+    public static final String CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_publish_object_property.n3";
+    public static final String CURATOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_publish_data_property.n3";
+    public static final String CURATOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_publish_class.n3";
+
+    public static final String SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_publish_object_property.n3";
+    public static final String SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_publish_data_property.n3";
+    public static final String SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_publish_class.n3";
+
+    public static final String EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_publish_object_property.n3";
+    public static final String EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_publish_data_property.n3";
+    public static final String EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_publish_class.n3";
+
+    public static final String ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_display_faux_object_property.n3";
+    public static final String CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_display_faux_object_property.n3";
+    public static final String EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_display_faux_object_property.n3";
+    public static final String SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_display_faux_object_property.n3";
+    public static final String PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_public_display_faux_object_property.n3";
+
+    public static final String ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_publish_faux_object_property.n3";
+    public static final String CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_publish_faux_object_property.n3";
+    public static final String EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_publish_faux_object_property.n3";
+    public static final String SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_publish_faux_object_property.n3";
+
+    public static final String ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_update_faux_object_property.n3";
+    public static final String CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_update_faux_object_property.n3";
+    public static final String EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_update_faux_object_property.n3";
+    public static final String SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_update_faux_object_property.n3";
+
+    public static final String ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_display_faux_data_property.n3";
+    public static final String CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_display_faux_data_property.n3";
+    public static final String EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_display_faux_data_property.n3";
+    public static final String SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_display_faux_data_property.n3";
+    public static final String PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_public_display_faux_data_property.n3";
+
+    public static final String ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_publish_faux_data_property.n3";
+    public static final String CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_publish_faux_data_property.n3";
+    public static final String EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_publish_faux_data_property.n3";
+    public static final String SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_publish_faux_data_property.n3";
+
+    public static final String ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_admin_update_faux_data_property.n3";
+    public static final String CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_curator_update_faux_data_property.n3";
+    public static final String EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_editor_update_faux_data_property.n3";
+    public static final String SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+            + "policy_self_editor_update_faux_data_property.n3";
+
+    protected static final String RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
+
+    public static final String VALID_POLICY = RESOURCES_PREFIX + "test_policy_valid.n3";
+    public static final String VALID_POLICY_WITH_SET = RESOURCES_PREFIX + "test_policy_valid_set.n3";
+    public static final String BROKEN_POLICY_WITH_SET = RESOURCES_PREFIX + "test_policy_broken_set.n3";
+    public static final String POLICY_KEY_TEST = RESOURCES_PREFIX + "test_policy_key.n3";
+
+    protected static final List<String> ROLE_LIST = Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI,
+            ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI);
     public static final String PREFIX = "https://vivoweb.org/ontology/vitro-application/auth/individual/";
     public static final String DATASET = "_dataset";
     public static final String EXT = ".n3";
-    
+
     private static final Log log = LogFactory.getLog(PolicyTest.class);
-    
-    protected static final List<String> entityPolicies = Arrays.asList(
-            ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH,
-            ADMIN_DISPLAY_DATA_PROP_POLICY_PATH,
-            ADMIN_DISPLAY_CLASS_POLICY_PATH,
-            
-            CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH,
-            CURATOR_DISPLAY_DATA_PROP_POLICY_PATH,
+
+    protected static final List<String> entityPolicies = Arrays.asList(ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH,
+            ADMIN_DISPLAY_DATA_PROP_POLICY_PATH, ADMIN_DISPLAY_CLASS_POLICY_PATH,
+
+            CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH, CURATOR_DISPLAY_DATA_PROP_POLICY_PATH,
             CURATOR_DISPLAY_CLASS_POLICY_PATH,
-            
-            PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH,
-            PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH,
-            PUBLIC_DISPLAY_CLASS_POLICY_PATH,
-            
-            SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH,
-            SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH,
+
+            PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH, PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH, PUBLIC_DISPLAY_CLASS_POLICY_PATH,
+
+            SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH,
             SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH,
-            
-            EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH,
-            EDITOR_DISPLAY_DATA_PROP_POLICY_PATH,
-            EDITOR_DISPLAY_CLASS_POLICY_PATH,
-            
-            ADMIN_UPDATE_OBJ_PROP_POLICY_PATH,
-            ADMIN_UPDATE_DATA_PROP_POLICY_PATH,
-            ADMIN_UPDATE_CLASS_POLICY_PATH,
-            
-            CURATOR_UPDATE_OBJ_PROP_POLICY_PATH,
-            CURATOR_UPDATE_DATA_PROP_POLICY_PATH,
-            CURATOR_UPDATE_CLASS_POLICY_PATH,
-            
-            PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH,
-            PUBLIC_UPDATE_DATA_PROP_POLICY_PATH,
-            PUBLIC_UPDATE_CLASS_POLICY_PATH,
-            
-            SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH,
-            SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH,
+
+            EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, EDITOR_DISPLAY_CLASS_POLICY_PATH,
+
+            ADMIN_UPDATE_OBJ_PROP_POLICY_PATH, ADMIN_UPDATE_DATA_PROP_POLICY_PATH, ADMIN_UPDATE_CLASS_POLICY_PATH,
+
+            CURATOR_UPDATE_OBJ_PROP_POLICY_PATH, CURATOR_UPDATE_DATA_PROP_POLICY_PATH, CURATOR_UPDATE_CLASS_POLICY_PATH,
+
+            PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH, PUBLIC_UPDATE_DATA_PROP_POLICY_PATH, PUBLIC_UPDATE_CLASS_POLICY_PATH,
+
+            SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH,
             SELF_EDITOR_UPDATE_CLASS_POLICY_PATH,
 
-            EDITOR_UPDATE_OBJ_PROP_POLICY_PATH,
-            EDITOR_UPDATE_DATA_PROP_POLICY_PATH,
-            EDITOR_UPDATE_CLASS_POLICY_PATH,
-            
-            ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH,
-            ADMIN_PUBLISH_DATA_PROP_POLICY_PATH,
-            ADMIN_PUBLISH_CLASS_POLICY_PATH,
-            
-            CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH,
-            CURATOR_PUBLISH_DATA_PROP_POLICY_PATH,
+            EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, EDITOR_UPDATE_DATA_PROP_POLICY_PATH, EDITOR_UPDATE_CLASS_POLICY_PATH,
+
+            ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH, ADMIN_PUBLISH_DATA_PROP_POLICY_PATH, ADMIN_PUBLISH_CLASS_POLICY_PATH,
+
+            CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH, CURATOR_PUBLISH_DATA_PROP_POLICY_PATH,
             CURATOR_PUBLISH_CLASS_POLICY_PATH,
-            
-            SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH,
-            SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH,
+
+            SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH,
             SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH,
-            
-            EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH,
-            EDITOR_PUBLISH_DATA_PROP_POLICY_PATH,
-            EDITOR_PUBLISH_CLASS_POLICY_PATH,
-            
-            ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+
+            EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, EDITOR_PUBLISH_CLASS_POLICY_PATH,
+
+            ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
             PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            
-            ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            
-            ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            
-            ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
-            CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
-            EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
-            SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
+
+            ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+
+            ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+
+            ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
+            EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
             PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
-            
-            ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
-            CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
-            EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
-            SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
-            
-            ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
-            CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
-            EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
-            SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH
-            );
-    
+
+            ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
+            EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
+
+            ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
+            EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH);
+
     protected Model accessControlModel;
     protected PolicyLoader loader;
     protected Dataset configurationDataSet;
@@ -256,16 +288,16 @@ public void init() {
         load(TEST_VALUES_PATH);
         load(TEST_DECISIONS);
         RDFServiceModel rdfService = new RDFServiceModel(configurationDataSet);
-        
+
         PolicyLoader.initialize(rdfService);
         loader = PolicyLoader.getInstance();
     }
-    
+
     protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<Integer> attrCount) {
         assertTrue(policy != null);
         Set<AccessRule> rules = policy.getRules();
-        Map<String, AccessRule> ruleMap = rules.stream().collect(Collectors.toMap( r -> r.getRuleUri(), r -> r));
-        if(ruleCount != ruleMap.size()) {
+        Map<String, AccessRule> ruleMap = rules.stream().collect(Collectors.toMap(r -> r.getRuleUri(), r -> r));
+        if (ruleCount != ruleMap.size()) {
             log.error(String.format("Rules count %s doesn't match for policy %s", ruleMap.size(), policy.getUri()));
             for (AccessRule ar : ruleMap.values()) {
                 log.error(String.format("Rule uri %s", ar.getRuleUri()));
@@ -273,25 +305,26 @@ protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<
         }
         assertEquals(ruleCount, ruleMap.size());
         for (AccessRule ar : ruleMap.values()) {
-            if(!attrCount.contains(ar.getAttributes().size())) {
-                log.error(String.format("Attribute count %s doesn't match for policy %s", ar.getAttributes().size(), policy.getUri()));
+            if (!attrCount.contains(ar.getAttributes().size())) {
+                log.error(String.format("Attribute count %s doesn't match for policy %s", ar.getAttributes().size(),
+                        policy.getUri()));
                 for (String att : ar.getAttributeUris()) {
                     log.error(String.format("Attribute uri %s", att));
                 }
             }
             assertTrue(attrCount.contains(ar.getAttributes().size()));
             for (Attribute att : ar.getAttributes()) {
-                assertTrue(att.getValues().size() > 0); 
+                assertTrue(att.getValues().size() > 0);
             }
         }
     }
-    
+
     protected void loadAllEntityPolicies() {
         for (String policyPath : entityPolicies) {
             load(policyPath);
         }
     }
-    
+
     protected void load(String filePath) {
         try {
             accessControlModel.enterCriticalSection(Lock.WRITE);
@@ -302,7 +335,7 @@ protected void load(String filePath) {
         configurationDataSet.replaceNamedModel(ModelNames.ACCESS_CONTROL, accessControlModel);
 
     }
-    
+
     protected void load(Model m, String filePath) {
         try {
             m.enterCriticalSection(Lock.WRITE);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
index c8dea27cf6..be6034bbc3 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
@@ -5,34 +5,33 @@
 
 import java.util.Arrays;
 
-import org.apache.jena.rdf.model.Model;
-import org.apache.jena.rdf.model.ModelFactory;
-import org.apache.jena.shared.Lock;
-import org.junit.Test;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.ModelFactory;
+import org.apache.jena.shared.Lock;
+import org.junit.Test;
 
-public class ProximityTest extends PolicyTest{
+public class ProximityTest extends PolicyTest {
+
+    private static final String PROXIMITY_POLICY_PATH = RESOURCES_PREFIX + "proximity_test_policy.n3";
+    private static final String PROXIMITY_DATA_PATH = RESOURCES_PREFIX + "proximity_test_data.n3";
 
-    private static final String PROXIMITY_POLICY_PATH = TEST_RESOURCES_PREFIX + "proximity_test_policy.n3";
-    private static final String PROXIMITY_DATA_PATH = TEST_RESOURCES_PREFIX + "proximity_test_data.n3";
-    
     @Test
-    public void testProximityPolicy() {        
+    public void testProximityPolicy() {
         load(PROXIMITY_POLICY_PATH);
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/ProximityTestPolicy";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
-        assertTrue(policy.getRules().size() == 1 );
+        assertTrue(policy.getRules().size() == 1);
         AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
         assertEquals(1, rule.getAttributesCount());
-        
+
         Model targetModel = ModelFactory.createDefaultModel();
         try {
             targetModel.enterCriticalSection(Lock.WRITE);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
index eee0dc4360..53381ea68b 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
@@ -7,12 +7,12 @@
 
 import org.junit.Test;
 
-public class RootUserPolicyTest extends PolicyTest{
+public class RootUserPolicyTest extends PolicyTest {
 
     public static final String ROOT_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_root_user.n3";
 
     @Test
-    public void testLoadRootUserPolicy() {        
+    public void testLoadRootUserPolicy() {
         load(ROOT_POLICY_PATH);
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/RootUserPolicy";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
index 89becfece2..e9601d71ad 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
@@ -5,12 +5,11 @@
 
 import java.util.Arrays;
 
-import org.junit.Test;
-
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+import org.junit.Test;
 
 public class SimplePermissionPolicyTest extends PolicyTest {
 
@@ -19,8 +18,9 @@ public class SimplePermissionPolicyTest extends PolicyTest {
     public static final String EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_editor_simple_permissions";
     public static final String SELF_EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_self_editor_simple_permissions";
     public static final String PUBLIC_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_public_simple_permissions";
+
     @Test
-    public void testAdminSimplePermissionPolicy() {        
+    public void testAdminSimplePermissionPolicy() {
         load(USER_ACCOUNTS_HOME_EVERYTIME + ADMIN_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + ADMIN_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/AdminSimplePermissionsPolicy";
@@ -31,16 +31,16 @@ public void testAdminSimplePermissionPolicy() {
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
         assertEquals(3, rule.getAttributesCount());
-        
+
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "SeeSiteAdminPage");
         ar.setRoleUris(Arrays.asList(ROLE_CURATOR_URI));
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
         ar.setRoleUris(Arrays.asList(ROLE_ADMIN_URI));
         assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
     }
-    
+
     @Test
-    public void testCuratorSimplePermissionPolicy() {        
+    public void testCuratorSimplePermissionPolicy() {
         load(USER_ACCOUNTS_HOME_EVERYTIME + CURATOR_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + CURATOR_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/CuratorSimplePermissionsPolicy";
@@ -51,16 +51,16 @@ public void testCuratorSimplePermissionPolicy() {
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
         assertEquals(3, rule.getAttributesCount());
-        
+
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "EditOntology");
         ar.setRoleUris(Arrays.asList(ROLE_EDITOR_URI));
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
         ar.setRoleUris(Arrays.asList(ROLE_CURATOR_URI));
         assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
     }
-    
+
     @Test
-    public void testEditorSimplePermissionPolicy() {        
+    public void testEditorSimplePermissionPolicy() {
         load(USER_ACCOUNTS_HOME_EVERYTIME + EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/EditorSimplePermissionsPolicy";
@@ -71,7 +71,7 @@ public void testEditorSimplePermissionPolicy() {
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
         assertEquals(3, rule.getAttributesCount());
-        
+
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "DoBackEndEditing");
         ar.setRoleUris(Arrays.asList(ROLE_SELF_EDITOR_URI));
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
@@ -80,7 +80,7 @@ public void testEditorSimplePermissionPolicy() {
     }
 
     @Test
-    public void testSelfEditorSimplePermissionPolicy() {        
+    public void testSelfEditorSimplePermissionPolicy() {
         load(USER_ACCOUNTS_HOME_EVERYTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SelfEditorSimplePermissionsPolicy";
@@ -91,16 +91,16 @@ public void testSelfEditorSimplePermissionPolicy() {
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
         assertEquals(3, rule.getAttributesCount());
-        
+
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "DoFrontEndEditing");
         ar.setRoleUris(Arrays.asList(ROLE_PUBLIC_URI));
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
         ar.setRoleUris(Arrays.asList(ROLE_SELF_EDITOR_URI));
         assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
     }
-    
+
     @Test
-    public void testPublicSimplePermissionPolicy() {        
+    public void testPublicSimplePermissionPolicy() {
         load(USER_ACCOUNTS_HOME_EVERYTIME + PUBLIC_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + PUBLIC_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/PublicSimplePermissionsPolicy";
@@ -111,13 +111,12 @@ public void testPublicSimplePermissionPolicy() {
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
         assertEquals(3, rule.getAttributesCount());
-        
+
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "QueryFullModel");
         ar.setRoleUris(Arrays.asList(""));
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
         ar.setRoleUris(Arrays.asList(ROLE_PUBLIC_URI));
         assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
     }
-   
-    
+
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
index 9d310d8a2e..e27bab4ad0 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
@@ -4,11 +4,10 @@
 
 import java.util.List;
 
-import org.junit.Test;
-
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectUriAttribute;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.TestType;
+import org.junit.Test;
 
 public class AccessRuleTest {
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java
index 2e4e9e4046..eaf63585b3 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java
@@ -9,21 +9,20 @@
 import java.util.Map;
 import java.util.Set;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
 import org.junit.Test;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
-import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
-
-    
 public class AnnotationMigratorTest extends AuthMigratorTest {
-    
+
     @Test
     public void testGetAnnotationConfigs() {
-        AnnotationMigrator annotationMigrator = new AnnotationMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet));
+        AnnotationMigrator annotationMigrator = new AnnotationMigrator(new RDFServiceModel(contentModel),
+                new RDFServiceModel(configurationDataSet));
         Map<String, Map<OperationGroup, Set<String>>> configs = annotationMigrator.getObjectPropertyAnnotations();
         Set<String> ops = configs.keySet();
         assertEquals(1, configs.size());
@@ -37,17 +36,18 @@ public void testGetAnnotationConfigs() {
         configs = annotationMigrator.getFauxDataPropertyAnnotations(dps);
         assertEquals(1, configs.size());
     }
-    
+
     @Test
     public void testConvertAnnotationConfiguration() {
-        AnnotationMigrator annotationMigrator = new AnnotationMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet));
+        AnnotationMigrator annotationMigrator = new AnnotationMigrator(new RDFServiceModel(contentModel),
+                new RDFServiceModel(configurationDataSet));
         Model tmpModel = ModelFactory.createDefaultModel();
         tmpModel.add(configurationDataSet.getNamedModel(ModelNames.ACCESS_CONTROL));
         long initialSize = accessControlModel.size();
         annotationMigrator.migrateConfiguration();
         assertTrue(configurationDataSet.getNamedModel(ModelNames.ACCESS_CONTROL).size() > initialSize);
         Model diff = configurationDataSet.getNamedModel(ModelNames.ACCESS_CONTROL).difference(tmpModel);
-        try(ByteArrayOutputStream baos = new ByteArrayOutputStream()){
+        try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
             diff.write(baos, "TTL");
             String newData = baos.toString();
             assertFalse(StringUtils.isBlank(newData));
@@ -55,7 +55,7 @@ public void testConvertAnnotationConfiguration() {
             e.printStackTrace();
         }
     }
-    
+
     @Test
     public void testConfigurationVersion() {
         Model tmpModel = ModelFactory.createDefaultModel();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index 44df0d14d7..778614a181 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -9,6 +9,12 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
 import org.apache.jena.rdf.model.Statement;
@@ -18,15 +24,8 @@
 import org.junit.Before;
 import org.junit.Test;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
-import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
-
-    
 public class ArmMigratorTest extends AuthMigratorTest {
-    
+
     private static final String FAUX_DATA_PROPERTY_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/siteConfig/fp396";
     private static final String FAUX_OBJECT_PROPERTY_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/siteConfig/orgAdministersGrantConfig";
     private static final String DATA_PROPERTY_URI = "http://vivoweb.org/ontology/core#abbreviation";
@@ -37,28 +36,29 @@ public class ArmMigratorTest extends AuthMigratorTest {
     private String propertyUri = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity";
     private String dataValue = "https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue";
 
-    @Before 
+    @Before
     public void initArmMigration() {
         userAccountsModel = ModelFactory.createDefaultModel();
         configurationDataSet.addNamedModel(ModelNames.USER_ACCOUNTS, userAccountsModel);
         armMigrator = new ArmMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet));
     }
-    
+
     @Test
     public void isArmConfigurationTest() {
         assertFalse(armMigrator.isArmConfiguation());
-        addArmStatement(ArmMigrator.ARM_ADMIN,ArmMigrator.DISPLAY, OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_ADMIN, ArmMigrator.DISPLAY, OBJECT_PROPERTY_URI);
         assertTrue(armMigrator.isArmConfiguation());
     }
 
     private void addArmStatement(String role, String operation, String uri) {
         String persmissionUri = ArmMigrator.getArmPermissionSubject(operation, role);
         String objectUri = uri;
-        Statement statement = new StatementImpl(new ResourceImpl(persmissionUri), new PropertyImpl(propertyUri), new ResourceImpl(objectUri));
+        Statement statement = new StatementImpl(new ResourceImpl(persmissionUri), new PropertyImpl(propertyUri),
+                new ResourceImpl(objectUri));
         userAccountsModel.add(statement);
         configurationDataSet.replaceNamedModel(ModelNames.USER_ACCOUNTS, userAccountsModel);
     }
-    
+
     @Test
     public void getEntityMapTest() {
         Map<AccessObjectType, Set<String>> map = armMigrator.getEntityMap();
@@ -69,33 +69,34 @@ public void getEntityMapTest() {
         assertEquals(1, map.get(AccessObjectType.FAUX_DATA_PROPERTY).size());
         assertEquals(1, map.get(AccessObjectType.FAUX_DATA_PROPERTY).size());
     }
-    
+
     @Test
     public void getStatementsToRemoveTest() {
         StringBuilder removals = armMigrator.getStatementsToRemove();
-        assertTrue(removals.toString().isBlank());
-        EntityPolicyController.updateEntityPolicy("test:entity", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP, ROLE_LIST, ROLE_LIST);
+        assertTrue(StringUtils.isBlank(removals.toString()));
+        EntityPolicyController.updateEntityPolicy("test:entity", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
+                ROLE_LIST, ROLE_LIST);
         removals = armMigrator.getStatementsToRemove();
         assertEquals(5, getCount("\n", removals.toString()));
     }
-    
+
     @Test
     public void migrateConfigurationTest() {
-        addArmStatement(ArmMigrator.ARM_ADMIN,ArmMigrator.DISPLAY, OBJECT_PROPERTY_URI);
-        addArmStatement(ArmMigrator.ARM_EDITOR,ArmMigrator.PUBLISH, OBJECT_PROPERTY_URI);
-        addArmStatement(ArmMigrator.ARM_CURATOR,ArmMigrator.UPDATE, OBJECT_PROPERTY_URI);
-        addArmStatement(ArmMigrator.ARM_SELF_EDITOR,ArmMigrator.DISPLAY, CLASS_URI);
-        addArmStatement(ArmMigrator.ARM_EDITOR,ArmMigrator.PUBLISH, CLASS_URI);
-        addArmStatement(ArmMigrator.ARM_EDITOR,ArmMigrator.UPDATE, CLASS_URI);
-        addArmStatement(ArmMigrator.ARM_ADMIN,ArmMigrator.DISPLAY, DATA_PROPERTY_URI);
-        addArmStatement(ArmMigrator.ARM_EDITOR,ArmMigrator.PUBLISH, DATA_PROPERTY_URI);
-        addArmStatement(ArmMigrator.ARM_CURATOR,ArmMigrator.UPDATE, DATA_PROPERTY_URI);
-        addArmStatement(ArmMigrator.ARM_SELF_EDITOR,ArmMigrator.DISPLAY, FAUX_DATA_PROPERTY_URI);
-        addArmStatement(ArmMigrator.ARM_EDITOR,ArmMigrator.PUBLISH, FAUX_DATA_PROPERTY_URI);
-        addArmStatement(ArmMigrator.ARM_ADMIN,ArmMigrator.UPDATE, FAUX_DATA_PROPERTY_URI);
-        addArmStatement(ArmMigrator.ARM_PUBLIC,ArmMigrator.DISPLAY, FAUX_OBJECT_PROPERTY_URI);
-        addArmStatement(ArmMigrator.ARM_EDITOR,ArmMigrator.PUBLISH, FAUX_OBJECT_PROPERTY_URI);
-        addArmStatement(ArmMigrator.ARM_CURATOR,ArmMigrator.UPDATE, FAUX_OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_ADMIN, ArmMigrator.DISPLAY, OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_CURATOR, ArmMigrator.UPDATE, OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_SELF_EDITOR, ArmMigrator.DISPLAY, CLASS_URI);
+        addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, CLASS_URI);
+        addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.UPDATE, CLASS_URI);
+        addArmStatement(ArmMigrator.ARM_ADMIN, ArmMigrator.DISPLAY, DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_CURATOR, ArmMigrator.UPDATE, DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_SELF_EDITOR, ArmMigrator.DISPLAY, FAUX_DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, FAUX_DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_ADMIN, ArmMigrator.UPDATE, FAUX_DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_PUBLIC, ArmMigrator.DISPLAY, FAUX_OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, FAUX_OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_CURATOR, ArmMigrator.UPDATE, FAUX_OBJECT_PROPERTY_URI);
         Map<AccessObjectType, Set<String>> entityTypeMap = armMigrator.getEntityMap();
         StringBuilder additions = new StringBuilder();
         armMigrator.collectAdditions(entityTypeMap, additions);
@@ -109,12 +110,12 @@ public void migrateConfigurationTest() {
         assertEquals(5, getCount(FAUX_DATA_PROPERTY_URI, stringResult));
         assertEquals(4, getCount(FAUX_OBJECT_PROPERTY_URI, stringResult));
     }
-    
+
     private static long getCount(String pattern, String lines) {
         Matcher matcher = Pattern.compile(pattern).matcher(lines);
         long i = 0;
         while (matcher.find()) {
-            i ++;
+            i++;
         }
         return i;
     }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
index 3312ed7994..fc4b9d484b 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
@@ -1,25 +1,23 @@
 package edu.cornell.mannlib.vitro.webapp.migration.auth;
 
-
-import org.apache.jena.rdf.model.Model;
-import org.apache.jena.rdf.model.ModelFactory;
-import org.junit.Before;
-
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.ModelFactory;
+import org.junit.Before;
 
-    
 public class AuthMigratorTest extends PolicyTest {
-    protected static final String TEST_MIGRATION_RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/";
+    protected static final String TEST_MIGRATION_RESOURCES_PREFIX =
+            "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/";
     protected static final String CONTENT = TEST_MIGRATION_RESOURCES_PREFIX + "content.n3";
     protected static final String CONFIGURATION = TEST_MIGRATION_RESOURCES_PREFIX + "configuration.n3";
-    
+
     protected Model contentModel;
     protected Model configurationModel;
     protected AuthMigrator migrator;
 
-    @Before 
+    @Before
     public void initAuthMigration() {
         contentModel = ModelFactory.createDefaultModel();
         configurationModel = ModelFactory.createDefaultModel();

From 9d9caa1b31ba27ea79c1c5d9777219d3a6a77845 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 22 Aug 2023 17:02:06 +0200
Subject: [PATCH 035/148] Removed not used access operation ANY and object type
 ANY

---
 .../auth/attributes/AccessObjectType.java     |  1 -
 .../auth/attributes/AccessOperation.java      |  1 -
 .../webapp/auth/objects/AccessObject.java     |  4 +--
 ...PolicyHelper_AuthorizationRequestTest.java | 16 ++++++++++++
 .../AuthorizationRequestTest.java             | 26 ++++++++++++-------
 5 files changed, 33 insertions(+), 15 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
index ea961d9805..af5dd8e847 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
@@ -1,7 +1,6 @@
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 public enum AccessObjectType {
-    ANY,
     CLASS,
     NAMED_OBJECT,
     DATA_PROPERTY,
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
index 8945ebd05b..32fa9e2613 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
@@ -1,7 +1,6 @@
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 public enum AccessOperation {
-    ANY,
     EXECUTE,
     PUBLISH,
     UPDATE,
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
index 5255a16a3c..5d6630f011 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
@@ -30,9 +30,7 @@ public String getUri() {
         return null;
     }
 
-    public AccessObjectType getType() {
-        return AccessObjectType.ANY;
-    };
+    public abstract AccessObjectType getType();
 
     public AccessObjectStatement getStatement() {
         return statement;
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_AuthorizationRequestTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_AuthorizationRequestTest.java
index 067e279e1b..1af4515f10 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_AuthorizationRequestTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_AuthorizationRequestTest.java
@@ -14,6 +14,7 @@
 import stubs.javax.servlet.ServletContextStub;
 import stubs.javax.servlet.http.HttpServletRequestStub;
 import stubs.javax.servlet.http.HttpSessionStub;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
@@ -94,14 +95,29 @@ private void createPolicy(AccessObject... authorizedActions) {
 	// ----------------------------------------------------------------------
 
 	public static class Action1 extends AccessObject {
+
+        @Override
+        public AccessObjectType getType() {
+            return null;
+        }
 		// actions must be public, with public constructor
 	}
 
 	public static class Action2 extends AccessObject {
+	    
+        @Override
+        public AccessObjectType getType() {
+            return null;
+        }
 		// actions must be public, with public constructor
 	}
 
 	public static class Action3 extends AccessObject {
+	    
+        @Override
+        public AccessObjectType getType() {
+            return null;
+        }
 		// actions must be public, with public constructor
 	}
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequestTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequestTest.java
index 4def3b6e56..be5d2f27b1 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequestTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequestTest.java
@@ -7,6 +7,7 @@
 import org.junit.Test;
 
 import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
@@ -36,17 +37,22 @@ public class AuthorizationRequestTest extends AbstractTestClass {
 	// Helper classes
 	// ----------------------------------------------------------------------
 
-	private static class MyAuth extends AccessObject {
-		private final String name;
+    private static class MyAuth extends AccessObject {
+        private final String name;
 
-		public MyAuth(String name) {
-			this.name = name;
-		}
+        public MyAuth(String name) {
+            this.name = name;
+        }
 
-		@Override
-		public String toString() {
-			return "MyAuth[" + name + "]";
-		}
+        @Override
+        public AccessObjectType getType() {
+            return null;
+        }
 
-	}
+        @Override
+        public String toString() {
+            return "MyAuth[" + name + "]";
+        }
+
+    }
 }

From d3b7aa48ba714fd1b1ddf7375053cdb51d1e8d6b Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 29 Aug 2023 17:09:18 +0200
Subject: [PATCH 036/148] removed duplicate lines

---
 .../resources/rdf/accessControl/firsttime/attribute_types.n3   | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/attribute_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/attribute_types.n3
index 8a74ad6fd5..7e251b7b79 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/attribute_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/attribute_types.n3
@@ -32,9 +32,6 @@ ai:SubjectNotMatch rdf:type ao:AttributeType ;
 ai:ObjectNotMatch rdf:type ao:AttributeType ;
          ao:id "OBJECT_NOT_MATCH" .
          
-ai:SubjectNotMatch rdf:type ao:AttributeType ;
-         ao:id "SUBJECT_NOT_MATCH" .
-         
 ai:RelatesToSubjectProfile rdf:type ao:AttributeType ;
          ao:id "RELATES_TO_SUBJECT_PROFILE" .
          

From 0e854e04ef2cf2b1307fb1de6038501b173fd390 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 29 Aug 2023 17:12:15 +0200
Subject: [PATCH 037/148] fixed identation

---
 .../vitro/webapp/auth/migration/configuration.n3 | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/configuration.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/configuration.n3
index 3d617f0ca6..3eedbc571c 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/configuration.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/migration/configuration.n3
@@ -14,19 +14,19 @@
 @base <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration> .
 
 local:orgAdministersGrantContext a :ConfigContext ;
-    :hasConfiguration local:orgAdministersGrantConfig ;
-    :configContextFor <http://purl.obolibrary.org/obo/RO_0000053> ;
-    .
+        :hasConfiguration local:orgAdministersGrantConfig ;
+        :configContextFor <http://purl.obolibrary.org/obo/RO_0000053> ;
+        .
 
 local:orgAdministersGrantConfig a :ObjectPropertyDisplayConfig ;
-    vitro:hiddenFromDisplayBelowRoleLevelAnnot role:public ;
-    vitro:hiddenFromPublishBelowRoleLevelAnnot role:dbAdmin ;
-    vitro:prohibitedFromUpdateBelowRoleLevelAnnot role:selfEditor ;
-    .
+        vitro:hiddenFromDisplayBelowRoleLevelAnnot role:public ;
+        vitro:hiddenFromPublishBelowRoleLevelAnnot role:dbAdmin ;
+        vitro:prohibitedFromUpdateBelowRoleLevelAnnot role:selfEditor ;
+        .
 
 <http://vitro.mannlib.cornell.edu/ns/vitro/siteConfig/fp985> a :ConfigContext ;
-        :configContextFor vivo:abbreviation ;
         :hasConfiguration <http://vitro.mannlib.cornell.edu/ns/vitro/siteConfig/fp396> ;
+        :configContextFor vivo:abbreviation ;
         .
 
 <http://vitro.mannlib.cornell.edu/ns/vitro/siteConfig/fp396> a :ObjectPropertyDisplayConfig ;

From 5ebcde2c6a256ea23295e417343d9b81c411031f Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 29 Aug 2023 17:19:10 +0200
Subject: [PATCH 038/148] fixed type

---
 .../src/main/resources/rdf/accessControl/firsttime/decisions.n3 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
index 58e37f5441..e064a0299a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
@@ -11,5 +11,5 @@
 ai:Deny rdf:type ao:Decision;
          ao:id "DENY" .
 
-ai:Allow rdf:type ao:Decison;
+ai:Allow rdf:type ao:Decision;
          ao:id "ALLOW" .

From 9f01a7cbfdf3ae92247ee85d772b5fc3bf22d7ca Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 1 Sep 2023 12:39:11 +0200
Subject: [PATCH 039/148] removed unused property

---
 .../main/resources/rdf/accessControl/firsttime/ontology.n3    | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3 b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
index 0610eb4ae0..57c97f9ce8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
@@ -125,10 +125,6 @@ ao:operation rdf:type owl:ObjectProperty ;
 ao:rule rdf:type owl:ObjectProperty ;
           rdfs:domain ao:Policy ;
           rdfs:range ao:Rule .
-
-ao:object rdf:type owl:ObjectProperty ;
-          rdfs:domain ao:Rule ;
-          rdfs:range ao:object .
           
 ao:keyComponent rdf:type owl:ObjectProperty .
           

From 56fae01f61a636f9b10c4c7497e2f79b1c1fed11 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 1 Sep 2023 13:26:27 +0200
Subject: [PATCH 040/148] refact: extracted entity attribute name constants

---
 .../mannlib/vedit/controller/BaseEditController.java       | 7 +++++--
 .../mannlib/vedit/controller/OperationController.java      | 4 ++--
 .../main/webapp/templates/edit/specific/dataprop_retry.jsp | 7 +++++--
 .../webapp/templates/edit/specific/fauxProperty_retry.jsp  | 6 ++++--
 .../main/webapp/templates/edit/specific/property_retry.jsp | 6 ++++--
 .../main/webapp/templates/edit/specific/vclass_retry.jsp   | 6 ++++--
 6 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
index e0164ca6de..11b79883d4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
@@ -38,7 +38,10 @@
 
 public class BaseEditController extends VitroHttpServlet {
 
-	public static final boolean FORCE_NEW = true; // when you know you're starting a new edit process
+	public static final String ENTITY_URI_ATTRIBUTE_NAME = "_permissionsEntityURI";
+    public static final String ENTITY_TYPE_ATTRIBUTE_NAME = "_permissionsEntityType";
+
+    public static final boolean FORCE_NEW = true; // when you know you're starting a new edit process
 
     public static final String JSP_PREFIX = "/templates/edit/specific/";
 
@@ -205,7 +208,7 @@ public String getDefaultLandingPage(HttpServletRequest request) {
 
     protected static void addAccessAttributes(HttpServletRequest req, String entityURI, AccessObjectType aot) {
         // Add the permissionsEntityURI (if we are creating a new property, this will be empty)
-        req.setAttribute("_permissionsEntityURI", entityURI);
+        req.setAttribute(ENTITY_URI_ATTRIBUTE_NAME, entityURI);
 
         // Get the available permission sets
         List<PermissionSet> permissionSets = buildListOfSelectableRoles(ModelAccess.on(req).getWebappDaoFactory());
diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
index cb96b514f0..c8120dd7ef 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
@@ -135,14 +135,14 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
             // If contains restrictions
             if (request.getParameter("_permissions") != null) {
                 // Get the namespace that we are editing
-                String entityUri = request.getParameter("_permissionsEntityURI");
+                String entityUri = request.getParameter(ENTITY_URI_ATTRIBUTE_NAME);
                 if (StringUtils.isEmpty(entityUri)) {
                     // If we don't have a namespace set, we are creating a new entity so use that namespace
                     if (!StringUtils.isEmpty(request.getParameter("Namespace")) && !StringUtils.isEmpty(request.getParameter("LocalName"))) {
                         entityUri = "" + request.getParameter("Namespace") + request.getParameter("LocalName");    
                     }
                 }
-                String entityType = request.getParameter("_permissionsEntityType");
+                String entityType = request.getParameter(ENTITY_TYPE_ATTRIBUTE_NAME);
                 List<PermissionSet> permissionSets = buildListOfSelectableRoles(ModelAccess.on(request).getWebappDaoFactory());
                 List<String> roleUris = new ArrayList<>();
                 for (PermissionSet permissionSet : permissionSets) {
diff --git a/webapp/src/main/webapp/templates/edit/specific/dataprop_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/dataprop_retry.jsp
index 08757afb9e..959828b2ca 100644
--- a/webapp/src/main/webapp/templates/edit/specific/dataprop_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/dataprop_retry.jsp
@@ -3,6 +3,9 @@
 <%@ taglib prefix="form" uri="http://vitro.mannlib.cornell.edu/edit/tags" %>
 <%@ taglib prefix="c"  uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
+
+<jsp:directive.page import="edu.cornell.mannlib.vedit.controller.BaseEditController"/>
+
 <%-- colspan set to 4 in DatapropRetryController.java --%>
 <tr class="editformcell">
 	<td valign="top" colspan="2">
@@ -126,8 +129,8 @@
 <!-- Permissions -->
 <c:if test="${!empty roles}">
 	<input id="_permissions" type="hidden" name="_permissions" value="enabled" />
-	<input id="_permissionsEntityURI" type="hidden" name="_permissionsEntityURI" value="${_permissionsEntityURI}" />
-	<input id="_permissionsEntityType" type="hidden" name="_permissionsEntityType" value="DATA_PROPERTY" />
+	<input id="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" value="${_permissionsEntityURI}" />
+	<input id="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" value="DATA_PROPERTY" />
 	<tr class="editformcell">
 		<td valign="top" colspan="5">
 			<b>Display</b> permissions for this property<br/>
diff --git a/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp
index 3f6ce4160e..2d864f27c7 100644
--- a/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp
@@ -4,6 +4,8 @@
 <%@ taglib prefix="c"  uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
 
+<jsp:directive.page import="edu.cornell.mannlib.vedit.controller.BaseEditController"/>
+
 <tr class="editformcell">
     <td valign="top" colspan="2">
         <b>Base property</b><br/>
@@ -63,8 +65,8 @@
 <!-- Permissions -->
 <c:if test="${!empty roles}">
     <input id="_permissions" type="hidden" name="_permissions" value="enabled" />
-    <input id="_permissionsEntityURI" type="hidden" name="_permissionsEntityURI" value="${_permissionsEntityURI}" />
-    <input id="_permissionsEntityType" type="hidden" name="_permissionsEntityType" value="${_faux_property_type}" />
+    <input id="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" value="${_permissionsEntityURI}" />
+    <input id="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" value="${_faux_property_type}" />
     <tr class="editformcell">
         <td valign="top" colspan="5">
             <b>Display</b> permissions for this property<br/>
diff --git a/webapp/src/main/webapp/templates/edit/specific/property_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/property_retry.jsp
index 22d8486aa7..19da776ae2 100644
--- a/webapp/src/main/webapp/templates/edit/specific/property_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/property_retry.jsp
@@ -4,6 +4,8 @@
 <%@ taglib prefix="c"  uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
 
+<jsp:directive.page import="edu.cornell.mannlib.vedit.controller.BaseEditController"/>
+
 <%-- colspan set to 6 in PropertyRetryController.java --%>
 <tr class="editformcell">
     <td valign="top" colspan="2">
@@ -190,8 +192,8 @@
 <!-- Permissions -->
 <c:if test="${!empty roles}">
     <input id="_permissions" type="hidden" name="_permissions" value="enabled" />
-    <input id="_permissionsEntityURI" type="hidden" name="_permissionsEntityURI" value="${_permissionsEntityURI}" />
-    <input id="_permissionsEntityType" type="hidden" name="_permissionsEntityType" value="OBJECT_PROPERTY" />
+    <input id="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" value="${_permissionsEntityURI}" />
+    <input id="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" value="OBJECT_PROPERTY" />
     <tr class="editformcell">
         <td valign="top" colspan="5">
             <b>Display</b> permissions for this property<br/>
diff --git a/webapp/src/main/webapp/templates/edit/specific/vclass_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/vclass_retry.jsp
index 6a567472f5..307815ad40 100644
--- a/webapp/src/main/webapp/templates/edit/specific/vclass_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/vclass_retry.jsp
@@ -6,6 +6,8 @@
 <%@ taglib prefix="c"  uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
 
+<jsp:directive.page import="edu.cornell.mannlib.vedit.controller.BaseEditController"/>
+
 <tr class="editformcell">
 	<td valign="bottom" colspan="2">
 		<b>Class label</b><br/>
@@ -88,8 +90,8 @@
 <!-- Permissions -->
 <c:if test="${!empty roles}">
     <input id="_permissions" type="hidden" name="_permissions" value="enabled" />
-    <input id="_permissionsEntityURI" type="hidden" name="_permissionsEntityURI" value="${_permissionsEntityURI}" />
-    <input id="_permissionsEntityType" type="hidden" name="_permissionsEntityType" value="CLASS" />
+    <input id="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" value="${_permissionsEntityURI}" />
+    <input id="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" value="CLASS" />
     <tr class="editformcell">
         <td valign="top" colspan="4">
             <b>Display</b> permissions for this property<br/>

From 9170d106dc4fc16c0d42575d2a9931d19cbf3f67 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 1 Sep 2023 13:31:42 +0200
Subject: [PATCH 041/148] refact: fixed typo in method name

---
 .../auth/attributes/AttributeValueTester.java |  2 +-
 .../auth/attributes/ProximityChecker.java     |  2 +-
 .../auth/identifier/common/IsBlacklisted.java | 89 -------------------
 ...tedFactory.java => HasProfileFactory.java} |  0
 .../policy/setup/CommonPolicyFamilySetup.java |  4 +-
 5 files changed, 4 insertions(+), 93 deletions(-)
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IsBlacklisted.java
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/{HasProfileOrIsBlacklistedFactory.java => HasProfileFactory.java} (100%)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
index 84b43fad83..c6cd85da75 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
@@ -62,7 +62,7 @@ private static boolean sparqlQueryContains(Attribute attr, AuthorizationRequest
             }
         }
         List<String> resourceUris = Arrays.asList(ao.getResourceUris());
-        return ProximityChecker.isAanyRelated(m, resourceUris, personUris, queryTemplate);
+        return ProximityChecker.isAnyRelated(m, resourceUris, personUris, queryTemplate);
     }
 
     private static boolean contains(Attribute attr, String... inputValues) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
index 364c7d4f13..08ba72f231 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
@@ -20,7 +20,7 @@
 public class ProximityChecker {
     private static final Log log = LogFactory.getLog(ProximityChecker.class);
 
-    public static boolean isAanyRelated(Model ontModel, List<String> resourceUris, List<String> personUris,
+    public static boolean isAnyRelated(Model ontModel, List<String> resourceUris, List<String> personUris,
             String query) {
         for (String personUri : personUris) {
             List<String> connectedResourceUris = getRelatedUris(ontModel, personUri, query);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IsBlacklisted.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IsBlacklisted.java
deleted file mode 100644
index dd9a5b411e..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/IsBlacklisted.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.identifier.common;
-
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
-
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.beans.Individual;
-
-/**
- * The current user is blacklisted for this reason.
- */
-public class IsBlacklisted extends AbstractCommonIdentifier implements
-		Identifier {
-
-	private static final String NOT_BLACKLISTED = null;
-
-	// ----------------------------------------------------------------------
-	// static methods
-	// ----------------------------------------------------------------------
-
-	/**
-	 * If this individual is blacklisted, return an appropriate Identifier.
-	 * Otherwise, return null.
-	 */
-	public static IsBlacklisted getInstance(Individual individual) {
-		if (individual == null) {
-			throw new NullPointerException("individual may not be null.");
-		}
-
-		String reasonForBlacklisting = NOT_BLACKLISTED;
-		IsBlacklisted id = new IsBlacklisted(individual.getURI(),
-				reasonForBlacklisting);
-		if (id.isBlacklisted()) {
-			return id;
-		} else {
-			return null;
-		}
-	}
-
-	public static Collection<IsBlacklisted> getIdentifiers(IdentifierBundle ids) {
-		return getIdentifiersForClass(ids, IsBlacklisted.class);
-	}
-
-	public static Collection<String> getBlacklistReasons(IdentifierBundle ids) {
-		Set<String> set = new HashSet<String>();
-		for (IsBlacklisted id : getIdentifiers(ids)) {
-			if (id.isBlacklisted()) {
-				set.add(id.getReasonForBlacklisting());
-			}
-		}
-		return set;
-	}
-
-	// ----------------------------------------------------------------------
-	// the Identifier
-	// ----------------------------------------------------------------------
-
-	private final String associatedIndividualUri;
-	private final String reasonForBlacklisting;
-
-	public IsBlacklisted(String associatedIndividualUri,
-			String reasonForBlacklisting) {
-		this.associatedIndividualUri = associatedIndividualUri;
-		this.reasonForBlacklisting = reasonForBlacklisting;
-	}
-
-	public String getAssociatedIndividualUri() {
-		return associatedIndividualUri;
-	}
-
-	public boolean isBlacklisted() {
-		return reasonForBlacklisting != NOT_BLACKLISTED;
-	}
-
-	public String getReasonForBlacklisting() {
-		return reasonForBlacklisting;
-	}
-
-	@Override
-	public String toString() {
-		return "IsBlacklisted[" + associatedIndividualUri + ", "
-				+ reasonForBlacklisting + "]";
-	}
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileOrIsBlacklistedFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileFactory.java
similarity index 100%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileOrIsBlacklistedFactory.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileFactory.java
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java
index 1623952e8c..bc370dc85d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java
@@ -9,7 +9,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundleFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasPermissionSetFactory;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasProfileOrIsBlacklistedFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasProfileFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasProxyEditingRightsFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.IsRootUserFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.IsUserFactory;
@@ -33,7 +33,7 @@ public void contextInitialized(ServletContextEvent sce) {
 		    PolicyLoader.getInstance().loadPolicies();
 			factory(new IsUserFactory());
 			factory(new IsRootUserFactory());
-			factory(new HasProfileOrIsBlacklistedFactory());
+			factory(new HasProfileFactory());
 			factory(new HasPermissionSetFactory());
 			factory(new HasProxyEditingRightsFactory());
 		} catch (Exception e) {

From 03b6f3cc9b4b31ea78c7f9d0721b10f79f3a0016 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 7 Nov 2023 17:17:29 +0100
Subject: [PATCH 042/148] removed dead code in HasProfileFactory

---
 .../identifier/factory/HasProfileFactory.java | 67 ++++++++-----------
 1 file changed, 27 insertions(+), 40 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileFactory.java
index 3801839312..65544f65f8 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileFactory.java
@@ -5,60 +5,47 @@
 import java.util.ArrayList;
 import java.util.Collection;
 
-import javax.servlet.ServletContext;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasProfile;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsBlacklisted;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 /**
- * Find all of the individuals that are associated with the current user, and
- * create either an IsBlacklisted or HasAssociatedIndividual for each one.
+ * Find all of the individuals that are associated with the current user and create HasAssociatedIndividual for each
+ * one.
  */
-public class HasProfileOrIsBlacklistedFactory extends
-		BaseUserBasedIdentifierBundleFactory {
-	private static final Log log = LogFactory
-			.getLog(HasProfileOrIsBlacklistedFactory.class);
+public class HasProfileFactory extends BaseUserBasedIdentifierBundleFactory {
+    private static final Log log = LogFactory.getLog(HasProfileFactory.class);
 
-	@Override
-	public IdentifierBundle getIdentifierBundleForUser(UserAccount user) {
-		ArrayIdentifierBundle ids = new ArrayIdentifierBundle();
+    @Override
+    public IdentifierBundle getIdentifierBundleForUser(UserAccount user) {
+        ArrayIdentifierBundle ids = new ArrayIdentifierBundle();
 
-		for (Individual ind : getAssociatedIndividuals(user)) {
-			// If they are blacklisted, this factory will return an identifier
-			Identifier id = IsBlacklisted.getInstance(ind);
-			if (id != null) {
-				ids.add(id);
-			} else {
-				ids.add(new HasProfile(ind.getURI()));
-			}
-		}
+        for (Individual ind : getAssociatedIndividuals(user)) {
+            ids.add(new HasProfile(ind.getURI()));
+        }
 
-		return ids;
-	}
+        return ids;
+    }
 
-	/**
-	 * Get all Individuals associated with the current user as SELF.
-	 */
-	private Collection<Individual> getAssociatedIndividuals(UserAccount user) {
-		Collection<Individual> individuals = new ArrayList<Individual>();
+    /**
+     * Get all Individuals associated with the current user as SELF.
+     */
+    private Collection<Individual> getAssociatedIndividuals(UserAccount user) {
+        Collection<Individual> individuals = new ArrayList<Individual>();
 
-		if (user == null) {
-			log.debug("No Associated Individuals: not logged in.");
-			return individuals;
-		}
+        if (user == null) {
+            log.debug("No Associated Individuals: not logged in.");
+            return individuals;
+        }
 
-		SelfEditingConfiguration sec = SelfEditingConfiguration.getInstance();
-		individuals.addAll(sec.getAssociatedIndividuals(indDao, user));
+        SelfEditingConfiguration sec = SelfEditingConfiguration.getInstance();
+        individuals.addAll(sec.getAssociatedIndividuals(indDao, user));
 
-		return individuals;
-	}
+        return individuals;
+    }
 }

From f2db307bec5bd011f652fbea1794bb5e7ac10321 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 1 Sep 2023 14:34:34 +0200
Subject: [PATCH 043/148] format: added empty lines at the end of new java
 classes

---
 .../vitro/webapp/auth/objects/DataPropertyAccessObject.java     | 2 +-
 .../vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java | 2 +-
 .../webapp/auth/objects/FauxObjectPropertyAccessObject.java     | 2 +-
 .../auth/objects/FauxObjectPropertyStatementAccessObject.java   | 2 +-
 .../vitro/webapp/auth/objects/ObjectPropertyAccessObject.java   | 2 +-
 .../auth/objects/ObjectPropertyStatementAccessObject.java       | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
index b20ca026ff..61f3447ed9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
@@ -49,4 +49,4 @@ private void debug(DataProperty dataProperty) {
             }
         }
     }
-}
\ No newline at end of file
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
index ff0ffa1cc9..c47baf6777 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
@@ -34,4 +34,4 @@ public String toString() {
         }
         return getClass().getSimpleName() + ": " + (dp == null ? dp : dp.getURI());
     }
-}
\ No newline at end of file
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
index 0885d4a03b..9191b84d5b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
@@ -34,4 +34,4 @@ public String toString() {
         }
         return getClass().getSimpleName() + ": " + (op == null ? op : op.getURI());
     }
-}
\ No newline at end of file
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
index 2e2f22ca3f..186a00505f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyStatementAccessObject.java
@@ -33,4 +33,4 @@ public String toString() {
         return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + predicate.getConfigUri() + "> <"
                 + getStatementObject() + ">";
     }
-}
\ No newline at end of file
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
index 49809ad31f..685ed2e31f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
@@ -48,4 +48,4 @@ private void debug(ObjectProperty property) {
             }
         }
     }
-}
\ No newline at end of file
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java
index 5dd0df5658..87db9869a2 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyStatementAccessObject.java
@@ -30,4 +30,4 @@ public String toString() {
         return getClass().getSimpleName() + ": <" + getStatementSubject() + "> <" + getStatementPredicateUri() + "> <"
                 + getStatementObject() + ">";
     }
-}
\ No newline at end of file
+}

From 52255336ee86535ec6d7fea2ae75c66938a9bccc Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 1 Sep 2023 14:38:27 +0200
Subject: [PATCH 044/148] refact: renamed variable

---
 .../mannlib/vitro/webapp/auth/policy/BasicPolicyDecision.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyDecision.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyDecision.java
index 2f44ff48dc..3d0ed69974 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyDecision.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyDecision.java
@@ -16,10 +16,10 @@ public class BasicPolicyDecision implements PolicyDecision{
     String StackTrace;
     DecisionResult decisionResult;
 
-    public BasicPolicyDecision( DecisionResult authorized, String message) {
+    public BasicPolicyDecision( DecisionResult decisionResult, String message) {
         super();
         this.message = message;
-        this.decisionResult = authorized;
+        this.decisionResult = decisionResult;
     }
 
     public DecisionResult getDecisionResult() {

From e836f85b59a3bd8deb3dd01900a3f5328082570e Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 1 Sep 2023 14:43:11 +0200
Subject: [PATCH 045/148] fix: uncommented debug call, removed rest commented
 out code

---
 .../mannlib/vitro/webapp/auth/policy/PolicyLoader.java        | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index c00a4abc46..0e6f4b99f5 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -453,11 +453,9 @@ private static String getPolicyTestValuesByKeyQuery(String[] uris, String[] ids)
     }
 
     private long getPriority(String uri) {
-        // debug("SPARQL Query to get policy uris from the graph:\n %s",
-        // POLICY_URIS_QUERY);
         ParameterizedSparqlString pss = new ParameterizedSparqlString(PRIORITY_QUERY);
         pss.setIri(POLICY, uri);
-        // debug("Get priority query:\n %s", pss.toString());
+        debug("Get priority for uri %s query:\n %s", uri, pss.toString());
         long[] priority = new long[1];
         try {
             rdfService.sparqlSelectQuery(pss.toString(), new ResultSetConsumer() {

From d9600b18b4a43a36be57399000cd026e6e17b751 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 1 Sep 2023 14:52:32 +0200
Subject: [PATCH 046/148] formatting: identation fixes

---
 .../webapp/controller/individual/IndividualRdfAssembler.java  | 4 ++--
 .../vitro/webapp/servlet/setup/ConfigurationModelsSetup.java  | 2 +-
 .../vitro/webapp/modelaccess/ModelAccessFactoryStub.java      | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/individual/IndividualRdfAssembler.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/individual/IndividualRdfAssembler.java
index 0091049a5b..c4f578dab9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/individual/IndividualRdfAssembler.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/individual/IndividualRdfAssembler.java
@@ -216,8 +216,8 @@ private void removeProhibitedTriples(OntModel o) {
 				String objectUri = stmt.getObject().asResource().getURI();
 				 /** We don't need to know range and domain because publishing never involves faux properties. */
 				Property prop = new Property(predicateUri);
-		        prop.setDomainVClassURI("?SOME_URI");
-		        prop.setRangeVClassURI("?SOME_URI");
+				prop.setDomainVClassURI("?SOME_URI");
+				prop.setRangeVClassURI("?SOME_URI");
 				AccessObject pops = new ObjectPropertyStatementAccessObject(o, subjectUri, prop, objectUri);
 				if (!PolicyHelper.isAuthorizedForActions(vreq, pops, AccessOperation.PUBLISH)) {
 					log.debug("not authorized: " + pops);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/servlet/setup/ConfigurationModelsSetup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/servlet/setup/ConfigurationModelsSetup.java
index e17e6bbe9f..8972e36837 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/servlet/setup/ConfigurationModelsSetup.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/servlet/setup/ConfigurationModelsSetup.java
@@ -41,7 +41,7 @@ public void contextInitialized(ServletContextEvent sce) {
 			setupModel(ctx, DISPLAY_TBOX, "displayTbox");
 			setupModel(ctx, DISPLAY_DISPLAY, "displayDisplay");
 			setupModel(ctx, USER_ACCOUNTS, "auth");
-            setupModel(ctx, ACCESS_CONTROL, "accessControl");
+			setupModel(ctx, ACCESS_CONTROL, "accessControl");
 			setupModel(ctx, INTERFACE_I18N, "interface-i18n");
 			ss.info(this, "Set up the display models and the user accounts model.");
 		} catch (Exception e) {
diff --git a/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelAccessFactoryStub.java b/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelAccessFactoryStub.java
index cb674c9fa7..21a54c0e37 100644
--- a/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelAccessFactoryStub.java
+++ b/api/src/test/java/stubs/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelAccessFactoryStub.java
@@ -35,7 +35,7 @@ public ModelAccessFactoryStub() {
 
 		contextMA = new ContextModelAccessStub();
 		requestMA = new RequestModelAccessStub();
-        ModelAccess.setInstance(contextMA);
+		ModelAccess.setInstance(contextMA);
 	}
 
 	@Override

From ddc2fdb578c22bb88b9a9c505d3e33092a1d86e2 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 1 Sep 2023 15:49:24 +0200
Subject: [PATCH 047/148] chore: added license lines in new java classes

---
 .../mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java | 2 ++
 .../mannlib/vitro/webapp/auth/attributes/AccessObjectType.java  | 2 ++
 .../vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java | 2 ++
 .../vitro/webapp/auth/attributes/AccessObjectUriAttribute.java  | 2 ++
 .../mannlib/vitro/webapp/auth/attributes/AccessOperation.java   | 2 ++
 .../cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java | 2 ++
 .../mannlib/vitro/webapp/auth/attributes/AttributeFactory.java  | 2 ++
 .../mannlib/vitro/webapp/auth/attributes/AttributeGroup.java    | 2 ++
 .../mannlib/vitro/webapp/auth/attributes/AttributeType.java     | 2 ++
 .../vitro/webapp/auth/attributes/AttributeValueTester.java      | 2 ++
 .../vitro/webapp/auth/attributes/OperationAttribute.java        | 2 ++
 .../mannlib/vitro/webapp/auth/attributes/OperationGroup.java    | 2 ++
 .../vitro/webapp/auth/attributes/QueryResultsMapCache.java      | 2 ++
 .../webapp/auth/attributes/StatementObjectUriAttribute.java     | 2 ++
 .../webapp/auth/attributes/StatementPredicateUriAttribute.java  | 2 ++
 .../webapp/auth/attributes/StatementSubjectUriAttribute.java    | 2 ++
 .../vitro/webapp/auth/attributes/SubjectRoleAttribute.java      | 2 ++
 .../vitro/webapp/auth/attributes/SubjectTypeAttribute.java      | 2 ++
 .../cornell/mannlib/vitro/webapp/auth/attributes/TestType.java  | 2 ++
 .../vitro/webapp/auth/objects/AccessObjectStatement.java        | 2 ++
 .../vitro/webapp/auth/objects/DataPropertyAccessObject.java     | 2 ++
 .../vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java | 2 ++
 .../webapp/auth/objects/FauxObjectPropertyAccessObject.java     | 2 ++
 .../vitro/webapp/auth/objects/ObjectPropertyAccessObject.java   | 2 ++
 .../mannlib/vitro/webapp/auth/permissions/SimplePermission.java | 2 ++
 .../cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java | 2 ++
 .../vitro/webapp/auth/policy/EntityPolicyController.java        | 2 ++
 .../edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java  | 2 ++
 .../mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java   | 2 ++
 .../cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java  | 2 ++
 .../auth/requestedAction/AllowedAuthorizationRequest.java       | 2 ++
 .../webapp/auth/requestedAction/AndAuthorizationRequest.java    | 2 ++
 .../vitro/webapp/auth/requestedAction/AuthorizationRequest.java | 2 ++
 .../auth/requestedAction/ForbiddenAuthorizationRequest.java     | 2 ++
 .../webapp/auth/requestedAction/OrAuthorizationRequest.java     | 2 ++
 .../webapp/auth/requestedAction/SimpleAuthorizationRequest.java | 2 ++
 .../mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java      | 2 ++
 37 files changed, 74 insertions(+)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
index acdec8897e..fe111897c1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import java.util.HashSet;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
index af5dd8e847..48ca429fb7 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectType.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 public enum AccessObjectType {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java
index 7ae3f72fb7..b9a608b120 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java
index c941edd4a0..b2255fbeb9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
index 32fa9e2613..159b77bea2 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 public enum AccessOperation {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
index 7494eeac00..877bca4e05 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import java.util.Set;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
index e603a5092f..d505f801b5 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeGroup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeGroup.java
index b7cade970a..62eb9358dd 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeGroup.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeGroup.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 public enum AttributeGroup {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java
index cb56fccbdf..cb5df74281 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 public enum AttributeType {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
index c6cd85da75..463f0912e4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import java.util.Arrays;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
index ee287ee155..d504da5263 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationGroup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationGroup.java
index 8ace7753eb..dc405f96d9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationGroup.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationGroup.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 public enum OperationGroup {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java
index c294a2a56e..3d716ddf4f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import java.io.IOException;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
index f99d074b6c..f4bf0717a4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
index 698577ca8b..4956a51103 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
index f32cd64b71..004f46d9b8 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java
index f2e3890506..e49561901d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import java.util.List;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
index bcccbdcd86..7e052c9e7d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java
index 45b3f5716c..613ee0fb1a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
 public enum TestType {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java
index 5762ab23d1..91872cd146 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectStatement.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
index 61f3447ed9..66442aff5d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
index c47baf6777..d1ff802e42 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
index 9191b84d5b..ff931a5978 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
index 685ed2e31f..8cf41c404a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
index 9c5571d499..e11e6cc7c4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.permissions;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
index 4adc2a770b..24dd045f7c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
 import java.util.Collections;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index c397062982..a2da431225 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
 import java.util.Collections;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
index 4f6258c9b6..b22e0cdb2b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
 import java.util.List;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
index f258f2ff8a..1c845335a9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 0e6f4b99f5..f0ddf5890a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
 import java.io.ByteArrayInputStream;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AllowedAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AllowedAuthorizationRequest.java
index 6da2d72eff..de6e0df893 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AllowedAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AllowedAuthorizationRequest.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java
index db7aff3130..a4b84adc44 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AndAuthorizationRequest.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
 
 import java.util.Arrays;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
index d8994fb171..492c0e8252 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
 
 import java.util.Collections;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ForbiddenAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ForbiddenAuthorizationRequest.java
index 43222c3ff2..878fb13d48 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ForbiddenAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ForbiddenAuthorizationRequest.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java
index 1489e27b53..e59991120c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/OrAuthorizationRequest.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
 
 import java.util.Arrays;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java
index 6c1bf7c9e9..59dea15f68 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
index f7df488ce8..10961626d7 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
@@ -1,3 +1,5 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
 package edu.cornell.mannlib.vitro.webapp.auth.rules;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;

From 2b2c97dbaf25d95f438668dcbc4296aa962711fe Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 1 Sep 2023 16:16:34 +0200
Subject: [PATCH 048/148] refact: created enum for rule decisions

---
 .../vitro/webapp/auth/rules/AccessRuleFactory.java        | 2 +-
 .../mannlib/vitro/webapp/auth/rules/RuleDecision.java     | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/RuleDecision.java

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
index 10961626d7..a662c02792 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
@@ -23,7 +23,7 @@ public static AccessRule createRule(QuerySolution qs) {
         ar.addAttribute(AttributeFactory.createAttribute(qs));
         if (qs.contains("decision_id") && qs.get("decision_id").isLiteral()) {
             String decisionId = qs.getLiteral("decision_id").getString();
-            if (decisionId.equals("DENY")) {
+            if (RuleDecision.DENY.toString().equals(decisionId)) {
                 ar.setAllowMatched(false);
             }
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/RuleDecision.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/RuleDecision.java
new file mode 100644
index 0000000000..cb65e2bfa0
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/RuleDecision.java
@@ -0,0 +1,8 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.rules;
+
+public enum RuleDecision {
+    ALLOW,
+    DENY
+}

From 7e1bc39b18e13439ce778fe8208cc9ef25e6e482 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 1 Sep 2023 17:19:09 +0200
Subject: [PATCH 049/148] Renamed class ao:Test to ao:Operator, object property
 ao:test to ao:operator

---
 .../webapp/auth/policy/PolicyLoader.java      |  4 +-
 .../auth/rules/proximity_test_policy.n3       |  2 +-
 .../webapp/auth/rules/test_policy_broken1.n3  |  2 +-
 .../webapp/auth/rules/test_policy_broken2.n3  |  4 +-
 .../webapp/auth/rules/test_policy_broken3.n3  |  4 +-
 .../webapp/auth/rules/test_policy_broken4.n3  |  4 +-
 .../webapp/auth/rules/test_policy_broken5.n3  |  4 +-
 .../auth/rules/test_policy_broken_set.n3      |  4 +-
 .../webapp/auth/rules/test_policy_key.n3      |  2 +-
 .../webapp/auth/rules/test_policy_valid.n3    |  2 +-
 .../auth/rules/test_policy_valid_set.n3       |  4 +-
 .../rdf/accessControl/firsttime/attributes.n3 | 50 +++++++++----------
 .../rdf/accessControl/firsttime/ontology.n3   |  8 ++-
 .../firsttime/{test_types.n3 => operators.n3} | 12 ++---
 .../firsttime/policy_admin_display_class.n3   |  2 +-
 .../policy_admin_display_data_property.n3     |  4 +-
 ...policy_admin_display_faux_data_property.n3 |  4 +-
 ...licy_admin_display_faux_object_property.n3 |  4 +-
 .../policy_admin_display_object_property.n3   |  4 +-
 .../firsttime/policy_admin_publish_class.n3   |  2 +-
 .../policy_admin_publish_data_property.n3     |  4 +-
 ...policy_admin_publish_faux_data_property.n3 |  4 +-
 ...licy_admin_publish_faux_object_property.n3 |  4 +-
 .../policy_admin_publish_object_property.n3   |  4 +-
 .../policy_admin_simple_permissions.n3        |  2 +-
 .../firsttime/policy_admin_update_class.n3    |  2 +-
 .../policy_admin_update_data_property.n3      |  4 +-
 .../policy_admin_update_faux_data_property.n3 |  4 +-
 ...olicy_admin_update_faux_object_property.n3 |  4 +-
 .../policy_admin_update_object_property.n3    |  4 +-
 .../firsttime/policy_curator_display_class.n3 |  2 +-
 .../policy_curator_display_data_property.n3   |  4 +-
 ...licy_curator_display_faux_data_property.n3 |  4 +-
 ...cy_curator_display_faux_object_property.n3 |  4 +-
 .../policy_curator_display_object_property.n3 |  4 +-
 .../firsttime/policy_curator_publish_class.n3 |  2 +-
 .../policy_curator_publish_data_property.n3   |  4 +-
 ...licy_curator_publish_faux_data_property.n3 |  4 +-
 ...cy_curator_publish_faux_object_property.n3 |  4 +-
 .../policy_curator_publish_object_property.n3 |  4 +-
 .../policy_curator_simple_permissions.n3      |  2 +-
 .../firsttime/policy_curator_update_class.n3  |  2 +-
 .../policy_curator_update_data_property.n3    |  4 +-
 ...olicy_curator_update_faux_data_property.n3 |  4 +-
 ...icy_curator_update_faux_object_property.n3 |  4 +-
 .../policy_curator_update_object_property.n3  |  4 +-
 .../firsttime/policy_editable_pages.n3        |  6 +--
 .../firsttime/policy_editor_display_class.n3  |  2 +-
 .../policy_editor_display_data_property.n3    |  4 +-
 ...olicy_editor_display_faux_data_property.n3 |  4 +-
 ...icy_editor_display_faux_object_property.n3 |  4 +-
 .../policy_editor_display_object_property.n3  |  4 +-
 .../firsttime/policy_editor_publish_class.n3  |  2 +-
 .../policy_editor_publish_data_property.n3    |  4 +-
 ...olicy_editor_publish_faux_data_property.n3 |  4 +-
 ...icy_editor_publish_faux_object_property.n3 |  4 +-
 .../policy_editor_publish_object_property.n3  |  4 +-
 .../policy_editor_simple_permissions.n3       |  2 +-
 .../firsttime/policy_editor_update_class.n3   |  2 +-
 .../policy_editor_update_data_property.n3     |  4 +-
 ...policy_editor_update_faux_data_property.n3 |  4 +-
 ...licy_editor_update_faux_object_property.n3 |  4 +-
 .../policy_editor_update_object_property.n3   |  4 +-
 .../firsttime/policy_menu_items_editing.n3    |  4 +-
 .../policy_not_modifiable_statements.n3       | 12 ++---
 .../firsttime/policy_public_display_class.n3  |  2 +-
 .../policy_public_display_data_property.n3    |  4 +-
 ...olicy_public_display_faux_data_property.n3 |  4 +-
 ...icy_public_display_faux_object_property.n3 |  4 +-
 .../policy_public_display_object_property.n3  |  4 +-
 .../policy_public_simple_permissions.n3       |  2 +-
 .../firsttime/policy_public_update_class.n3   |  2 +-
 .../policy_public_update_data_property.n3     |  4 +-
 .../policy_public_update_object_property.n3   |  4 +-
 .../policy_self_editor_display_class.n3       |  2 +-
 ...olicy_self_editor_display_data_property.n3 |  4 +-
 ..._self_editor_display_faux_data_property.n3 |  4 +-
 ...elf_editor_display_faux_object_property.n3 |  4 +-
 ...icy_self_editor_display_object_property.n3 |  4 +-
 .../policy_self_editor_publish_class.n3       |  2 +-
 ...olicy_self_editor_publish_data_property.n3 |  4 +-
 ..._self_editor_publish_faux_data_property.n3 |  4 +-
 ...elf_editor_publish_faux_object_property.n3 |  4 +-
 ...icy_self_editor_publish_object_property.n3 |  4 +-
 .../policy_self_editor_simple_permissions.n3  |  2 +-
 .../policy_self_editor_update_class.n3        |  2 +-
 ...policy_self_editor_update_data_property.n3 |  4 +-
 ...y_self_editor_update_faux_data_property.n3 |  4 +-
 ...self_editor_update_faux_object_property.n3 |  4 +-
 ...licy_self_editor_update_object_property.n3 |  4 +-
 90 files changed, 193 insertions(+), 189 deletions(-)
 rename home/src/main/resources/rdf/accessControl/firsttime/{test_types.n3 => operators.n3} (77%)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index f0ddf5890a..3d9776bc61 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -101,7 +101,7 @@ public class PolicyLoader {
             + "?rules ao:rule ?rule . \n"
             + "?rule ao:attribute ?attribute .\n"
             + "OPTIONAL {\n"
-            + "  ?attribute ao:test ?attributeTest .\n"
+            + "  ?attribute ao:operator ?attributeTest .\n"
             + "  OPTIONAL {\n"
             + "    ?attributeTest ao:id ?testId . \n"
             + "  }\n"
@@ -138,7 +138,7 @@ public class PolicyLoader {
             + "?rule ao:attribute ?attribute . \n"
             + "?attribute rdf:type ao:Attribute .\n"
             + "OPTIONAL {\n"
-            + "  ?attribute ao:test ?attributeTest .\n"
+            + "  ?attribute ao:operator ?attributeTest .\n"
             + "  OPTIONAL {\n"
             + "    ?attributeTest ao:id ?testId . \n"
             + "  }\n"
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
index 8acebcdebf..a574bf9a9b 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
@@ -18,7 +18,7 @@ ai:AllowPersonEditOwnPublication rdf:type ao:Rule ;
           ao:attribute ai:PublicationInProximityAttribute .
           
 ai:PublicationInProximityAttribute rdf:type ao:Attribute ;
-         ao:test ai:SparqlSelectQueryContains ;
+         ao:operator ai:SparqlSelectQueryContains ;
          ao:type ai:StatementSubjectUri ;
          ao:value ai:PublicationProximityToPerson .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
index 5dbb0f96e8..06d7677d66 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
@@ -23,7 +23,7 @@ ai:BrokenTestAttribute rdf:type ao:Attribute ;
          ao:value ai:PublishOperation .
          
 ai:ValidTestAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
index 6c0f3a4abf..137ddb92bd 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
@@ -19,11 +19,11 @@ ai:BrokenTestRule rdf:type ao:Rule ;
           ao:attribute ai:BrokenTestAttribute .
           
 ai:BrokenTestAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:value ai:PublishOperation .
          
 ai:ValidTestAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
index 4a0e9eb443..a30ef6d6af 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
@@ -19,12 +19,12 @@ ai:BrokenTestRule rdf:type ao:Rule ;
           ao:attribute ai:BrokenTestAttribute .
           
 ai:BrokenTestAttribute rdf:type ao:Attribute ;
-         ao:test ai:UnknownTest ;
+         ao:operator ai:UnknownTest ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
          
 ai:ValidTestAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
index e211ac2f67..b4f19fffe2 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
@@ -19,12 +19,12 @@ ai:BrokenTestRule rdf:type ao:Rule ;
           ao:attribute ai:BrokenTestAttribute .
           
 ai:BrokenTestAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:UnknownType ;
          ao:value ai:PublishOperation .
          
 ai:ValidTestAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index f4fd658fa1..f2426d9a8a 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -20,12 +20,12 @@ ai:BrokenRule rdf:type ao:Rule ;
           ao:attribute ai:BrokenAttribute2 .
           
 ai:BrokenAttribute1 rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:ObjectUri ;
          ao:setValue ai:valueSet1 .
          
 ai:BrokenAttribute2 rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:ObjectUri ;
          ao:setValue ai:valueSet2 .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index 3ea6fb6fdc..9a359400a4 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -20,12 +20,12 @@ ai:BrokenRule rdf:type ao:Rule ;
           ao:attribute ai:BrokenSetAttribute2 .
           
 ai:BrokenSetAttribute1 rdf:type ao:Attribute ;
-         ao:test ai:NotOneOf ;
+         ao:operator ai:NotOneOf ;
          ao:type ai:ObjectUri ;
          ao:setValue ai:valueSet1 .
          
 ai:BrokenSetAttribute2 rdf:type ao:Attribute ;
-         ao:test ai:NotOneOf ;
+         ao:operator ai:NotOneOf ;
          ao:type ai:ObjectUri ;
          ao:setValue ai:valueSet2 .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
index f45af6b1f9..c718a6c7ac 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -19,7 +19,7 @@ ai:KeyTestRule rdf:type ao:Rule ;
           ao:attribute ai:KeyTestAttribute .
           
 ai:KeyTestAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
index 9ede26ef47..9ec236dc09 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
@@ -18,7 +18,7 @@ ai:ValidRule rdf:type ao:Rule ;
           ao:attribute ai:ValidAttribute .
           
 ai:ValidAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index 1b56d26ab7..c98fb481c3 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -20,13 +20,13 @@ ai:ValidRule rdf:type ao:Rule ;
           ao:attribute ai:ValidAttribute2 .
           
 ai:ValidAttribute1 rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:valueSet3 ;
          ao:setValue ai:valueSet1 .
          
 ai:ValidAttribute2 rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:valueSet4 ;
          ao:setValue ai:valueSet2 .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3 b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
index 8bbcdfa5c5..d81f399547 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
@@ -12,37 +12,37 @@
 ### Subject attributes
 
 ai:IsRootUserAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:SubjectType ;
          ao:value ai:RootUserSubject .
 
 ai:SubjectRoleEqualsAdminRoleAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:SubjectRole ;
          ao:value auth:ADMIN .
          
 ai:SubjectRoleEqualsCuratorRoleAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:SubjectRole ;
          ao:value auth:CURATOR .
 
 ai:SubjectRoleEqualsEditorRoleAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:SubjectRole ;
          ao:value auth:EDITOR .
 
 ai:SubjectRoleEqualsSelfEditorRoleAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:SubjectRole ;
          ao:value auth:SELF_EDITOR .
 
 ai:SubjectRoleEqualsPublicRoleAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:SubjectRole ;
          ao:value auth:PUBLIC .
          
 ai:SubjectRoleOneOfEditorsAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:SubjectRole ;
          ao:value auth:ADMIN ;
          ao:value auth:CURATOR ;
@@ -52,37 +52,37 @@ ai:SubjectRoleOneOfEditorsAttribute rdf:type ao:Attribute ;
 ### Operation attributes
 
 ai:DisplayOperationAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:DisplayOperation .
          
 ai:PublishOperationAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
          
 ai:UpdateOperationAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:UpdateOperation .
          
 ai:EditOperationAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:EditOperation .
          
 ai:DropOperationAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:DropOperation .
          
 ai:AddOperationAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:AddOperation .
          
 ai:UpdateAddEditOrDropOperationsAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:Operation ;
          ao:value ai:UpdateOperation ;
          ao:value ai:AddOperation ;
@@ -93,57 +93,57 @@ ai:UpdateAddEditOrDropOperationsAttribute rdf:type ao:Attribute ;
 ### Object attributes
 
 ai:ObjectPropertyTypeAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:ObjectPropertyAccesObject .
 
 ai:DataPropertyTypeAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:DataPropertyAccesObject .
 
 ai:ObjectPropertyStatementTypeAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:ObjectPropertyStatementAccesObject .
          
 ai:DataPropertyStatementTypeAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:DataPropertyStatementAccesObject .
 
 ai:FauxObjectPropertyStatementTypeAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:FauxObjectPropertyStatementAccesObject .
          
 ai:FauxDataPropertyStatementTypeAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:FauxDataPropertyStatementAccesObject .
 
 ai:NamedObjectTypeAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:NamedObject .
          
 ai:ClassTypeAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:Class .
          
 ai:FauxObjectPropertyTypeAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:FauxObjectPropertyAccesObject .
 
 ai:FauxDataPropertyTypeAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:FauxDataPropertyAccesObject .
 
 ai:SelfEditorRelatedResourcesAttribute rdf:type ao:Attribute ;
-         ao:test ai:SparqlSelectQueryContains ;
+         ao:operator ai:SparqlSelectQueryContains ;
          ao:type ai:StatementSubjectUri ;
          ao:value ai:PersonProfileProximityToResourceUri .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3 b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
index 57c97f9ce8..d13ab7789c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
@@ -40,8 +40,8 @@ ao:PolicyKey rdf:type owl:Class ;
 ao:Attribute rdf:type owl:Class ;
      rdfs:label "Access rule attribute"@en-US .
      
-ao:Test rdf:type owl:Class ;
-     rdfs:label "Test type"@en-US .
+ao:Operator rdf:type owl:Class ;
+     rdfs:label "Operator"@en-US .
 
 ao:Operation rdf:type owl:Class ;
      rdfs:label "Operation"@en-US .
@@ -126,6 +126,10 @@ ao:rule rdf:type owl:ObjectProperty ;
           rdfs:domain ao:Policy ;
           rdfs:range ao:Rule .
           
+ao:test rdf:type owl:ObjectProperty ;
+          rdfs:domain ao:Attribute ;
+          rdfs:range ao:Operator .
+          
 ao:keyComponent rdf:type owl:ObjectProperty .
           
 ao:policyKey rdf:type owl:ObjectProperty ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/test_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operators.n3
similarity index 77%
rename from home/src/main/resources/rdf/accessControl/firsttime/test_types.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/operators.n3
index 0231095511..7d1f697670 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/test_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/operators.n3
@@ -8,20 +8,20 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:Equals rdf:type ao:Test;
+ai:Equals rdf:type ao:Operator;
          ao:id "EQUALS" .
 
-ai:NotEquals rdf:type ao:Test;
+ai:NotEquals rdf:type ao:Operator;
          ao:id "NOT_EQUALS" .
          
-ai:OneOf rdf:type ao:Test;
+ai:OneOf rdf:type ao:Operator;
          ao:id "ONE_OF" .
          
-ai:NotOneOf rdf:type ao:Test;
+ai:NotOneOf rdf:type ao:Operator;
          ao:id "NOT_ONE_OF" .
          
-ai:StartsWith rdf:type ao:Test;
+ai:StartsWith rdf:type ao:Operator;
          ao:id "STARTS_WITH" .
          
-ai:SparqlSelectQueryContains rdf:type ao:Test;
+ai:SparqlSelectQueryContains rdf:type ao:Operator;
          ao:id "SPARQL_SELECT_QUERY_CONTAINS" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3
index 911895df7a..71f6399fad 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3
@@ -33,7 +33,7 @@ ai:AllowAdminDisplayClassRule rdf:type ao:Rule;
           ao:attribute ai:AdminDisplayClassAttribute .
          
 ai:AdminDisplayClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminDisplayClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
index 5ccd707bfe..4dcda11577 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowAdminDisplayDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:AdminDisplayDataPropertyStatementAttribute .
          
 ai:AdminDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:AdminDisplayDataPropertyTestData .
 
 ai:AdminDisplayDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminDisplayDataPropertyTestData .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3
index 822eea399e..f32c6e9706 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowAdminDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:AdminDisplayFauxDataPropertyStatementAttribute .
          
 ai:AdminDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:AdminDisplayFauxDataPropertyTestData .
          
 ai:AdminDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminDisplayFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3
index 1e5e965089..ec70040efc 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowAdminDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:AdminDisplayFauxObjectPropertyStatementAttribute .
          
 ai:AdminDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:AdminDisplayFauxObjectPropertyTestData .
          
 ai:AdminDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminDisplayFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3
index 0af0f57c0f..3f90f54d0b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowAdminDisplayObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:AdminDisplayObjectPropertyStatementAttribute .
          
 ai:AdminDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:AdminDisplayObjectPropertyTestData .
          
 ai:AdminDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminDisplayObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3
index e400c5d202..7afea0994c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3
@@ -33,7 +33,7 @@ ai:AllowAdminPublishClassRule rdf:type ao:Rule;
           ao:attribute ai:AdminPublishClassAttribute .
          
 ai:AdminPublishClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminPublishClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
index e66c1743bd..92767d3174 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowAdminPublishDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:AdminPublishDataPropertyStatementAttribute .
          
 ai:AdminPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:AdminPublishDataPropertyTestData .
 
 ai:AdminPublishDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminPublishDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3
index 9b2512d225..02140361b7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowAdminPublishFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:AdminPublishFauxDataPropertyStatementAttribute .
          
 ai:AdminPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:AdminPublishFauxDataPropertyTestData .
 
 ai:AdminPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminPublishFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3
index 03cc6c8a1a..e2fd4043cf 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowAdminPublishFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:AdminPublishFauxObjectPropertyStatementAttribute .
          
 ai:AdminPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:AdminPublishFauxObjectPropertyTestData .
 
 ai:AdminPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminPublishFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3
index e368538075..30ae537e20 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowAdminPublishObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:AdminPublishObjectPropertyStatementAttribute .
          
 ai:AdminPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:AdminPublishObjectPropertyTestData .
 
 ai:AdminPublishObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminPublishObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3
index d10d9bdd51..dea0f48e88 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3
@@ -29,7 +29,7 @@ ai:AllowAdminSimplePermissions rdf:type ao:Rule;
         ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute .
           
 ai:PermissionNameInAdminAllowed rdf:type ao:Attribute ;
-        ao:test ai:OneOf ;
+        ao:operator ai:OneOf ;
         ao:type ai:AccessObjectUri ;
         ao:setValue ai:AdminSimplePermissionsTestData .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
index baea9fbc5e..c302ec3312 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
@@ -33,7 +33,7 @@ ai:AllowAdminUpdateClassRule rdf:type ao:Rule;
           ao:attribute ai:AdminUpdateClassAttribute .
          
 ai:AdminUpdateClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
index 973f0cd042..8c3136f1b5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowAdminUpdateAddEditorDropDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:AdminUpdateDataPropertyStatementAttribute .
          
 ai:AdminUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:AdminUpdateDataPropertyTestData .
 
 ai:AdminUpdateDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
index 3645c536e1..fa7ea9eadf 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowAdminUpdateEditAddDropFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:AdminUpdateFauxDataPropertyStatementAttribute .
 
 ai:AdminUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:AdminUpdateFauxDataPropertyTestData .
 
 ai:AdminUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
index 8048f6aab9..ace6d7c6dd 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowAdminUpdateEditAddDropFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:AdminUpdateFauxObjectPropertyStatementAttribute .
 
 ai:AdminUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:AdminUpdateFauxObjectPropertyTestData .
 
 ai:AdminUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
index c681e9d468..a650863a03 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowAdminUpdateEditAddDropObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:AdminUpdateObjectPropertyStatementAttribute .
 
 ai:AdminUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:AdminUpdateObjectPropertyTestData .
 
 ai:AdminUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3
index 20491906f4..cfbb3c2c69 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3
@@ -33,7 +33,7 @@ ai:AllowCuratorDisplayClassRule rdf:type ao:Rule;
           ao:attribute ai:CuratorDisplayClassAttribute .
          
 ai:CuratorDisplayClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorDisplayClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
index 8c0be0adbd..d1aff87316 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowCuratorDisplayDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:CuratorDisplayDataPropertyStatementAttribute .
          
 ai:CuratorDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:CuratorDisplayDataPropertyTestData .
 
 ai:CuratorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorDisplayDataPropertyTestData .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3
index d8450bfcb3..8483d07868 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowCuratorDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:CuratorDisplayFauxDataPropertyStatementAttribute .
          
 ai:CuratorDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:CuratorDisplayFauxDataPropertyTestData .
          
 ai:CuratorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorDisplayFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3
index 3432e1e04e..1346a87775 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowCuratorDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:CuratorDisplayFauxObjectPropertyStatementAttribute .
          
 ai:CuratorDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:CuratorDisplayFauxObjectPropertyTestData .
          
 ai:CuratorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorDisplayFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3
index 64c3f5b8e1..f552741ec3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowCuratorDisplayObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:CuratorDisplayObjectPropertyStatementAttribute .
          
 ai:CuratorDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:CuratorDisplayObjectPropertyTestData .
 
 ai:CuratorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorDisplayObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3
index e82272d4de..ea40c2311d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3
@@ -33,7 +33,7 @@ ai:AllowCuratorPublishClassRule rdf:type ao:Rule;
           ao:attribute ai:CuratorPublishClassAttribute .
          
 ai:CuratorPublishClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorPublishClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3
index 03098c9ee0..82ec422cf9 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowCuratorPublishDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:CuratorPublishDataPropertyStatementAttribute .
          
 ai:CuratorPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:CuratorPublishDataPropertyTestData .
 
 ai:CuratorPublishDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorPublishDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3
index 77cdf007b5..8543850023 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowCuratorPublishFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:CuratorPublishFauxDataPropertyStatementAttribute .
          
 ai:CuratorPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:CuratorPublishFauxDataPropertyTestData .
          
 ai:CuratorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorPublishFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3
index c461a7f17d..6ae1a8f3f5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowCuratorPublishFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:CuratorPublishFauxObjectPropertyStatementAttribute .
          
 ai:CuratorPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:CuratorPublishFauxObjectPropertyTestData .
          
 ai:CuratorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorPublishFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3
index 4148919550..36aecac6ad 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowCuratorPublishObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:CuratorPublishObjectPropertyStatementAttribute .
          
 ai:CuratorPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:CuratorPublishObjectPropertyTestData .
          
 ai:CuratorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorPublishObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3
index d5701a16a5..8af148658a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3
@@ -29,7 +29,7 @@ ai:AllowCuratorSimplePermissions rdf:type ao:Rule;
         ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute .
           
 ai:PermissionNameInCuratorAllowed rdf:type ao:Attribute ;
-        ao:test ai:OneOf ;
+        ao:operator ai:OneOf ;
         ao:type ai:AccessObjectUri ;
         ao:setValue ai:CuratorSimplePermissionsTestData .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
index 5fe3d578c9..b05dd57226 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
@@ -33,7 +33,7 @@ ai:AllowCuratorUpdateClassRule rdf:type ao:Rule;
           ao:attribute ai:CuratorUpdateClassAttribute .
          
 ai:CuratorUpdateClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
index 0c774c9664..14ab57c788 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowCuratorUpdateDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:CuratorUpdateDataPropertyStatementAttribute .
          
 ai:CuratorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:CuratorUpdateDataPropertyTestData .
          
 ai:CuratorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
index 0cb295a7e2..0a674e4e22 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowCuratorUpdateFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:CuratorUpdateFauxDataPropertyStatementAttribute .
          
 ai:CuratorUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:CuratorUpdateFauxDataPropertyTestData .
 
 ai:CuratorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
index c27a070dd2..01b8f8f86c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowCuratorUpdateFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:CuratorUpdateFauxObjectPropertyStatementAttribute .
          
 ai:CuratorUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:CuratorUpdateFauxObjectPropertyTestData .
 
 ai:CuratorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
index c69d0b9845..ac064406b7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowCuratorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:CuratorUpdateObjectPropertyStatementAttribute .
          
 ai:CuratorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:CuratorUpdateObjectPropertyTestData .
 
 ai:CuratorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index 2a50b18996..bd0ebe95f9 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -30,17 +30,17 @@ ai:AllowEditRelatedPagesRule rdf:type ao:Rule;
           ao:attribute ai:SomePredicateAttribute .
          
 ai:SomePredicateAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:StatementPredicateUri ;
          ao:value ai:SomeUriTestData .
          
 ai:SomeObjectUriAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:StatementObjectUri ;
          ao:value ai:SomeUriTestData .
          
 ai:StatementObjectUriContainsSelfEditorResourceAttribute rdf:type ao:Attribute ;
-         ao:test ai:SparqlSelectQueryContains ;
+         ao:operator ai:SparqlSelectQueryContains ;
          ao:type ai:StatementSubjectUri ;
          ao:value ai:PersonProfileProximityToResourceUri .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3
index 5676e113e3..676e03cc17 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3
@@ -33,7 +33,7 @@ ai:AllowEditorDisplayClassRule rdf:type ao:Rule;
           ao:attribute ai:EditorDisplayClassAttribute .
          
 ai:EditorDisplayClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorDisplayClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3
index b2adac5eab..4a96cc0c02 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowEditorDisplayDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:EditorDisplayDataPropertyStatementAttribute .
          
 ai:EditorDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:EditorDisplayDataPropertyTestData .
 
 ai:EditorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorDisplayDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3
index cc06d53c02..727bb9df05 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowEditorDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:EditorDisplayFauxDataPropertyStatementAttribute .
          
 ai:EditorDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:EditorDisplayFauxDataPropertyTestData .
          
 ai:EditorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorDisplayFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3
index b04b749297..cd993f47f5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowEditorDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:EditorDisplayFauxObjectPropertyStatementAttribute .
          
 ai:EditorDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:EditorDisplayFauxObjectPropertyTestData .
          
 ai:EditorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorDisplayFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3
index 6e9a8042d7..4033241819 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowEditorDisplayObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:EditorDisplayObjectPropertyStatementAttribute .
          
 ai:EditorDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:EditorDisplayObjectPropertyTestData .
 
 ai:EditorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorDisplayObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3
index cbd4160bb2..e6768450d8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3
@@ -33,7 +33,7 @@ ai:AllowEditorPublishClassRule rdf:type ao:Rule;
           ao:attribute ai:EditorPublishClassAttribute .
          
 ai:EditorPublishClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorPublishClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3
index 2eb33eef78..e127e13fe3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowEditorPublishDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:EditorPublishDataPropertyStatementAttribute .
          
 ai:EditorPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:EditorPublishDataPropertyTestData .
 
 ai:EditorPublishDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorPublishDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3
index 65d07a875f..55564d26e3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowEditorPublishFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:EditorPublishFauxDataPropertyStatementAttribute .
          
 ai:EditorPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:EditorPublishFauxDataPropertyTestData .
 
 ai:EditorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorPublishFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3
index 33f5690bd3..984041d4bf 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowEditorPublishFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:EditorPublishFauxObjectPropertyStatementAttribute .
          
 ai:EditorPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:EditorPublishFauxObjectPropertyTestData .
 
 ai:EditorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorPublishFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3
index 63da030b64..1e9dd96861 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowEditorPublishObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:EditorPublishObjectPropertyStatementAttribute .
          
 ai:EditorPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:EditorPublishObjectPropertyTestData .
 
 ai:EditorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorPublishObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3
index c2eebb2a3f..6f3e17dd19 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3
@@ -29,7 +29,7 @@ ai:AllowEditorSimplePermissions rdf:type ao:Rule;
         ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute .
           
 ai:PermissionNameInEditorAllowed rdf:type ao:Attribute ;
-        ao:test ai:OneOf ;
+        ao:operator ai:OneOf ;
         ao:type ai:AccessObjectUri ;
         ao:setValue ai:EditorSimplePermissionsTestData .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
index fd0720427c..26ee8ccd50 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
@@ -33,7 +33,7 @@ ai:AllowEditorUpdateClassRule rdf:type ao:Rule;
           ao:attribute ai:EditorUpdateClassAttribute .
          
 ai:EditorUpdateClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
index 2608eee0a0..c24a0cbe46 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowEditorUpdateDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:EditorUpdateDataPropertyStatementAttribute .
          
 ai:EditorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:EditorUpdateDataPropertyTestData .
 
 ai:EditorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
index 57304880c7..aadb1d6b69 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowEditorUpdateFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:EditorUpdateFauxDataPropertyStatementAttribute .
          
 ai:EditorUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:EditorUpdateFauxDataPropertyTestData .
 
 ai:EditorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
index 6656efd779..52f010f289 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowEditorUpdateFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:EditorUpdateFauxObjectPropertyStatementAttribute .
          
 ai:EditorUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:EditorUpdateFauxObjectPropertyTestData .
 
 ai:EditorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
index ca3faecb26..e3cb5f90ce 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowEditorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:EditorUpdateObjectPropertyStatementAttribute .
          
 ai:EditorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:EditorUpdateObjectPropertyTestData .
 
 ai:EditorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
index c9e2d56ac9..bd92ce04f4 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
@@ -31,11 +31,11 @@ ai:RestrictDropHomeMenuItems rdf:type ao:Rule ;
           ao:attribute ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute .
           
 ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:StatementPredicateUri ;
          ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem> .
 
 ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute rdf:type ao:Attribute ;
-         ao:test ai:Equals ;
+         ao:operator ai:Equals ;
          ao:type ai:StatementObjectUri ;
          ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
index 92e89fe2d1..b1b84e6bf2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
@@ -57,32 +57,32 @@ ai:RestrictDataPropertyStatementsWithNotModifiablePredicate rdf:type ao:Rule ;
 
 ### Not modifiable property statement attributes
 ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute rdf:type ao:Attribute ;
-         ao:test ai:StartsWith ;
+         ao:operator ai:StartsWith ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:ProhibitedNamespaceTestData .
 
 ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions rdf:type ao:Attribute ;
-         ao:test ai:NotOneOf ;
+         ao:operator ai:NotOneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:ProhibitedNamespaceExceptionsTestData .
          
 ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute rdf:type ao:Attribute ;
-         ao:test ai:StartsWith ;
+         ao:operator ai:StartsWith ;
          ao:type ai:StatementSubjectUri ;
          ao:setValue ai:ProhibitedNamespaceTestData .
 
 ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions rdf:type ao:Attribute ;
-         ao:test ai:NotOneOf ;
+         ao:operator ai:NotOneOf ;
          ao:type ai:StatementSubjectUri ;
          ao:setValue ai:ProhibitedNamespaceExceptionsTestData .         
          
 ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute rdf:type ao:Attribute ;
-         ao:test ai:StartsWith ;
+         ao:operator ai:StartsWith ;
          ao:type ai:StatementObjectUri ;
          ao:setValue ai:ProhibitedNamespaceTestData .
 
 ai:PropertyStatementObjectUriEqualsToProhibitedExceptions rdf:type ao:Attribute ;
-         ao:test ai:NotOneOf ;
+         ao:operator ai:NotOneOf ;
          ao:type ai:StatementObjectUri ;
          ao:setValue ai:ProhibitedNamespaceExceptionsTestData .  
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3
index ae6efaceb7..f1064a3ee7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3
@@ -33,7 +33,7 @@ ai:AllowPublicDisplayClassRule rdf:type ao:Rule;
           ao:attribute ai:PublicDisplayClassAttribute .
          
 ai:PublicDisplayClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicDisplayClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3
index 2f4c397cf4..5b98dff828 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowPublicDisplayDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:PublicDisplayDataPropertyStatementAttribute .
          
 ai:PublicDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:PublicDisplayDataPropertyTestData .
          
 ai:PublicDisplayDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicDisplayDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3
index ac1f5ef6e9..39162c5d7a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowPublicDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:PublicDisplayFauxDataPropertyStatementAttribute .
          
 ai:PublicDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:PublicDisplayFauxDataPropertyTestData .
          
 ai:PublicDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicDisplayFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3
index 29c7197331..8242a3b776 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowPublicDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:PublicDisplayFauxObjectPropertyStatementAttribute .
          
 ai:PublicDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:PublicDisplayFauxObjectPropertyTestData .
          
 ai:PublicDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicDisplayFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3
index ae3dd4af55..425fc95a77 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowPublicDisplayObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:PublicDisplayObjectPropertyStatementAttribute .
          
 ai:PublicDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:PublicDisplayObjectPropertyTestData .
 
 ai:PublicDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicDisplayObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3
index aa18a08420..7664a59eb3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3
@@ -29,7 +29,7 @@ ai:AllowPublicSimplePermissions rdf:type ao:Rule;
         ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute .
           
 ai:PermissionNameInPublicAllowed rdf:type ao:Attribute ;
-        ao:test ai:OneOf ;
+        ao:operator ai:OneOf ;
         ao:type ai:AccessObjectUri ;
         ao:setValue ai:PublicSimplePermissionsTestData .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
index 30ea1c9269..b2e774fd4c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
@@ -33,7 +33,7 @@ ai:AllowPublicUpdateClassRule rdf:type ao:Rule;
           ao:attribute ai:PublicUpdateClassAttribute .
          
 ai:PublicUpdateClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicUpdateClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
index 9506b53930..3dfe9fe0ce 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowPublicUpdateDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:PublicUpdateDataPropertyStatementAttribute .
          
 ai:PublicUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:PublicUpdateDataPropertyTestData .
 
 ai:PublicUpdateDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicUpdateDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
index 0d916a7464..10840c2a91 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowPublicUpdateObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:PublicUpdateObjectPropertyStatementAttribute .
          
 ai:PublicUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:PublicUpdateObjectPropertyTestData .
 
 ai:PublicUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicUpdateObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3
index a9e214d2d6..72740ab636 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3
@@ -33,7 +33,7 @@ ai:AllowSelfEditorDisplayClassRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorDisplayClassAttribute .
          
 ai:SelfEditorDisplayClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
index 97088993a2..35b58f65bf 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowSelfEditorDisplayDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorDisplayDataPropertyStatementAttribute .
          
 ai:SelfEditorDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:SelfEditorDisplayDataPropertyTestData .
          
 ai:SelfEditorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
index dafe69b256..477193a0c2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowSelfEditorDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorDisplayFauxDataPropertyStatementAttribute .
          
 ai:SelfEditorDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:SelfEditorDisplayFauxDataPropertyTestData .
          
 ai:SelfEditorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
index 1a8bc58501..869bbe5a66 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowSelfEditorDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorDisplayFauxObjectPropertyStatementAttribute .
          
 ai:SelfEditorDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:SelfEditorDisplayFauxObjectPropertyTestData .
          
 ai:SelfEditorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
index 5d72b917e0..e01be6e5e0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowSelfEditorDisplayObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorDisplayObjectPropertyStatementAttribute .
          
 ai:SelfEditorDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:SelfEditorDisplayObjectPropertyTestData .
 
 ai:SelfEditorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3
index 110b47a228..74e7031e49 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3
@@ -33,7 +33,7 @@ ai:AllowSelfEditorPublishClassRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorPublishClassAttribute .
          
 ai:SelfEditorPublishClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
index 2211c634a7..64500feb0a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowSelfEditorPublishDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorPublishDataPropertyStatementAttribute .
 
 ai:SelfEditorPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:SelfEditorPublishDataPropertyTestData .
 
 ai:SelfEditorPublishDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
index e089de9d2b..87885afbce 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
@@ -40,12 +40,12 @@ ai:AllowSelfEditorPublishFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorPublishFauxDataPropertyStatementAttribute .
          
 ai:SelfEditorPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:SelfEditorPublishFauxDataPropertyTestData .
 
 ai:SelfEditorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
index 92c6fd178d..562cb1578f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowSelfEditorPublishFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorPublishFauxObjectPropertyStatementAttribute .
          
 ai:SelfEditorPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:SelfEditorPublishFauxObjectPropertyTestData .
 
 ai:SelfEditorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
index d363b0518c..0069b71171 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
@@ -40,12 +40,12 @@ ai:AllowSelfEditorPublishObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorPublishObjectPropertyStatementAttribute .
          
 ai:SelfEditorPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:SelfEditorPublishObjectPropertyTestData .
 
 ai:SelfEditorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3
index 2587a9c637..2d79e79145 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3
@@ -29,7 +29,7 @@ ai:AllowSelfEditorSimplePermissions rdf:type ao:Rule;
         ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute .
           
 ai:PermissionNameInSelfEditorAllowed rdf:type ao:Attribute ;
-        ao:test ai:OneOf ;
+        ao:operator ai:OneOf ;
         ao:type ai:AccessObjectUri ;
         ao:setValue ai:SelfEditorSimplePermissionsTestData .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
index 57865bb5ea..14b73548a3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
@@ -33,7 +33,7 @@ ai:AllowSelfEditorUpdateClassRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorUpdateClassAttribute .
          
 ai:SelfEditorUpdateClassAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateClassTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
index a619550b99..2c4578287b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
@@ -41,12 +41,12 @@ ai:AllowSelfEditorUpdateDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorUpdateDataPropertyStatementAttribute .
          
 ai:SelfEditorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:SelfEditorUpdateDataPropertyTestData .
 
 ai:SelfEditorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
index 441a0fb5be..c026a711f8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
@@ -41,12 +41,12 @@ ai:AllowSelfEditorUpdateFauxDataPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorUpdateFauxDataPropertyStatementAttribute .
          
 ai:SelfEditorUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:SelfEditorUpdateFauxDataPropertyTestData .
 
 ai:SelfEditorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateFauxDataPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
index 21f37ab863..af1e8cfe19 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
@@ -41,12 +41,12 @@ ai:AllowSelfEditorUpdateFauxObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorUpdateFauxObjectPropertyStatementAttribute .
          
 ai:SelfEditorUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:SelfEditorUpdateFauxObjectPropertyTestData .
 
 ai:SelfEditorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateFauxObjectPropertyTestData .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
index c80d8386ab..ac7e2908b8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
@@ -41,12 +41,12 @@ ai:AllowSelfEditorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
           ao:attribute ai:SelfEditorUpdateObjectPropertyStatementAttribute .
          
 ai:SelfEditorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:StatementPredicateUri ;
          ao:setValue ai:SelfEditorUpdateObjectPropertyTestData .
 
 ai:SelfEditorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:test ai:OneOf ;
+         ao:operator ai:OneOf ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateObjectPropertyTestData .
          

From 4afeebc2bdd7812333365284451f014f62ecf98f Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 1 Sep 2023 17:24:40 +0200
Subject: [PATCH 050/148] fix: changed filename in test changed in previous
 commit

---
 .../cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index d357fc8f3c..dc4fa438cf 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -40,7 +40,7 @@ public class PolicyTest {
     public static final String SUBJECT_TYPES = USER_ACCOUNTS_HOME_EVERYTIME + "subject_types.n3";
     public static final String OBJECT_TYPES = USER_ACCOUNTS_HOME_EVERYTIME + "object_types.n3";
     public static final String ATTRIBUTE_TYPES_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "attribute_types.n3";
-    public static final String TEST_TYPES_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "test_types.n3";
+    public static final String OPERATORS_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "operators.n3";
     public static final String TEST_VALUES_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "test_values.n3";
     public static final String TEST_DECISIONS = USER_ACCOUNTS_HOME_EVERYTIME + "decisions.n3";
 
@@ -284,7 +284,7 @@ public void init() {
         load(SUBJECT_TYPES);
         load(OBJECT_TYPES);
         load(ATTRIBUTE_TYPES_PATH);
-        load(TEST_TYPES_PATH);
+        load(OPERATORS_PATH);
         load(TEST_VALUES_PATH);
         load(TEST_DECISIONS);
         RDFServiceModel rdfService = new RDFServiceModel(configurationDataSet);

From 736d31d695afa28d3bd8d31bccc7757db1bc6c99 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 16 Oct 2023 14:50:52 +0200
Subject: [PATCH 051/148] policy templates draft

---
 .../webapp/auth/policy/PolicyLoader.java      |  96 +++++++----
 .../auth/policy/EditablePagesPolicyTest.java  |   2 +-
 .../HomeMenuItemsRestrictionPolicyTest.java   |   2 +-
 .../NonModifiableStatementsPolicyTest.java    |   2 +-
 .../vitro/webapp/auth/policy/PolicyTest.java  | 160 +++++++++---------
 .../auth/policy/RootUserPolicyTest.java       |   2 +-
 .../policy/SimplePermissionPolicyTest.java    |  56 +++---
 .../rdf/accessControl/firsttime/ontology.n3   |   3 +
 .../policy_admin_publish_data_property.n3     |  54 +++---
 .../policy_admin_simple_permissions.n3        |  37 ----
 ...policy_admin_simple_permissions_dataset.n3 |   2 +-
 .../policy_curator_simple_permissions.n3      |  37 ----
 ...licy_curator_simple_permissions_dataset.n3 |   2 +-
 .../policy_editor_simple_permissions.n3       |  37 ----
 ...olicy_editor_simple_permissions_dataset.n3 |   2 +-
 .../policy_public_simple_permissions.n3       |  37 ----
 ...olicy_public_simple_permissions_dataset.n3 |   2 +-
 .../policy_self_editor_simple_permissions.n3  |  37 ----
 ..._self_editor_simple_permissions_dataset.n3 |   2 +-
 .../firsttime/policy_simple_permissions.n3    | 138 +++++++++++++++
 20 files changed, 349 insertions(+), 361 deletions(-)
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_simple_permissions.n3

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 3d9776bc61..4e73acba09 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -66,7 +66,6 @@ public class PolicyLoader {
             + "SELECT DISTINCT ?" + PRIORITY + " \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?" + POLICY  + " rdf:type ao:Policy .\n"
             + "    OPTIONAL {?" + POLICY + " ao:priority ?set_priority" + " . }\n"
             + "    BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n"
             + "  }\n"
@@ -131,38 +130,41 @@ public class PolicyLoader {
             + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id ?dataSetUri \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "?policy rdf:type ao:Policy .\n"
-            + "?policy ao:rules ?rules . \n"
-            + "?rules rdf:type ao:Rules . \n"
-            + "?rules ao:rule ?rule . \n"
-            + "?rule ao:attribute ?attribute . \n"
-            + "?attribute rdf:type ao:Attribute .\n"
-            + "OPTIONAL {\n"
-            + "  ?attribute ao:operator ?attributeTest .\n"
-            + "  OPTIONAL {\n"
-            + "    ?attributeTest ao:id ?testId . \n"
-            + "  }\n"
-            + "}"
-            + "OPTIONAL {\n"
-            + "  ?attribute ao:type ?attributeType . \n"
-            + "  OPTIONAL {\n"
-            + "    ?attributeType ao:id ?typeId . \n"
-            + "  }\n"
-            + "}\n"
-            + "OPTIONAL {\n"
-            + "   ?rule ao:decision ?decision . \n"
-            + "   ?decision ao:id ?decision_id . \n"
-            + "}\n"
-            + "OPTIONAL {\n"
-            + "   ?attribute ao:setValue ?testData . \n"
-            + "   ?dataSet ao:testData ?testData . \n"
-            + "   ?testData ao:dataValue ?value . \n"
-            + "   OPTIONAL {?value ao:id ?lit_value . }\n"
-            + "}\n"
-            + "OPTIONAL {\n"
-            + "   ?attribute ao:value ?value . \n"
-            + "   OPTIONAL {?value ao:id ?lit_value . }\n"
-            + "}\n" + "BIND(?dataSet as ?dataSetUri)\n"
+            + "    ?policy a ao:PolicyTemplate .\n"
+            + "    ?policy ao:rules ?rules .\n"
+            + "    ?rules rdf:type ao:Rules .\n"
+            + "    ?rules ao:rule ?rule .\n"
+            + "    ?rule ao:attribute ?attribute .\n"
+            + "    ?attribute rdf:type ao:Attribute .\n"
+            + "    OPTIONAL {\n"
+            + "      ?attribute ao:operator ?attributeTest .\n"
+            + "      OPTIONAL {\n"
+            + "        ?attributeTest ao:id ?testId .\n"
+            + "      }\n"
+            + "    }\n"
+            + "    OPTIONAL {\n"
+            + "      ?attribute ao:type ?attributeType .\n"
+            + "      OPTIONAL {\n"
+            + "        ?attributeType ao:id ?typeId .\n"
+            + "      }\n"
+            + "    }\n"
+            + "    OPTIONAL {\n"
+            + "       ?rule ao:decision ?decision .\n"
+            + "       ?decision ao:id ?decision_id .\n"
+            + "    }\n"
+            + "    OPTIONAL {\n"
+            + "       ?attribute ao:templateValue ?attributeValueSet .\n"
+            + "       ?attributeValueSet a ao:AttributeValueSet .\n"
+            + "       ?attributeValueSet ao:attributeValue ?attributeValue .\n"
+            + "       ?attributeValue ao:dataValue ?value .\n"
+            + "       ?dataSet ao:dataSetValues ?attributeValue .\n"
+            + "       OPTIONAL {?value ao:id ?lit_value . }\n"
+            + "    }\n"
+            + "    OPTIONAL {\n"
+            + "       ?attribute ao:value ?value .\n"
+            + "       OPTIONAL {?value ao:id ?lit_value . }\n"
+            + "    }\n" 
+            + "    BIND(?dataSet as ?dataSetUri)\n"
             + "  }\n"
             + "} ORDER BY ?rule ?attribute";
 
@@ -264,7 +266,8 @@ protected void processQuerySolution(QuerySolution qs) {
 
         return policyUris;
     }
-
+    
+    @Deprecated
     public DynamicPolicy loadPolicy(String uri) {
         List<String> dataSetNames = getDataSetNames(uri);
         Set<AccessRule> rules = new HashSet<>();
@@ -287,6 +290,31 @@ public DynamicPolicy loadPolicy(String uri) {
         policy.addRules(rules);
         return policy;
     }
+    
+    public DynamicPolicy loadPolicyWithDataSet(String uri, String dataSetUri) {
+        Set<AccessRule> rules = new HashSet<>();
+        long priority = getPriority(uri);
+        try {
+            if (dataSetUri == null) {
+                loadRulesWithoutDataSet(uri, rules);
+            } else {
+                loadRulesForDataSet(uri, rules, dataSetUri);
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+            return null;
+        }
+        if (rules.isEmpty()) {
+            return null;
+        }
+        String policyUri = uri;
+        if (dataSetUri != null) {
+            policyUri += "+" + dataSetUri;
+        }
+        DynamicPolicy policy = new DynamicPolicy(policyUri, priority);
+        policy.addRules(rules);
+        return policy;
+    }
 
     public Set<String> getPolicyDataSetValues(OperationGroup og, AccessObjectType aot, String role) {
         Set<String> values = new HashSet<>();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
index 212bc0305c..7b0b069f3e 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
@@ -9,7 +9,7 @@
 
 public class EditablePagesPolicyTest extends PolicyTest {
 
-    public static final String EDITABLE_PAGES_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_editable_pages.n3";
+    public static final String EDITABLE_PAGES_POLICY_PATH = PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + "policy_editable_pages.n3";
 
     @Test
     public void testLoadEditablePagesPolicy() {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
index aadc819902..d08cf0ec59 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
@@ -14,7 +14,7 @@
 
 public class HomeMenuItemsRestrictionPolicyTest extends PolicyTest {
 
-    public static final String MENU_ITEMS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_menu_items_editing.n3";
+    public static final String MENU_ITEMS_POLICY_PATH = PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + "policy_menu_items_editing.n3";
 
     @Test
     public void testHomeMenuItemsRestrictionPolicy() {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
index 548f1cb382..aedbe99c9d 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
@@ -23,7 +23,7 @@ public class NonModifiableStatementsPolicyTest extends PolicyTest {
 
     @Test
     public void testNonModifiableStatementsPolicy() {
-        load(USER_ACCOUNTS_HOME_EVERYTIME + NOT_MODIFIABLE_STATEMENTS_POLICY_PATH + EXT);
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + NOT_MODIFIABLE_STATEMENTS_POLICY_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + NOT_MODIFIABLE_STATEMENTS_POLICY_PATH + DATASET + EXT);
 
         String policyUri =
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index dc4fa438cf..525c22751a 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -25,179 +25,177 @@
 public class PolicyTest {
     public static final String USER_ACCOUNTS_HOME_FIRSTTIME = "../home/src/main/resources/rdf/accessControl/firsttime/";
 
-    public static final String USER_ACCOUNTS_HOME_EVERYTIME = USER_ACCOUNTS_HOME_FIRSTTIME;
-
     protected static final String ROLE_ADMIN_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
     protected static final String ROLE_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
     protected static final String ROLE_SELF_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR";
     protected static final String ROLE_CURATOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR";
     protected static final String ROLE_PUBLIC_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
 
-    public static final String ONTOLOGY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "ontology.n3";
-    public static final String ATTRIBUTES_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "attributes.n3";
-    public static final String OPERATIONS_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "operations.n3";
-    public static final String OPERATION_GROUPS = USER_ACCOUNTS_HOME_EVERYTIME + "operation_groups.n3";
-    public static final String SUBJECT_TYPES = USER_ACCOUNTS_HOME_EVERYTIME + "subject_types.n3";
-    public static final String OBJECT_TYPES = USER_ACCOUNTS_HOME_EVERYTIME + "object_types.n3";
-    public static final String ATTRIBUTE_TYPES_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "attribute_types.n3";
-    public static final String OPERATORS_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "operators.n3";
-    public static final String TEST_VALUES_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "test_values.n3";
-    public static final String TEST_DECISIONS = USER_ACCOUNTS_HOME_EVERYTIME + "decisions.n3";
-
-    public static final String ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ONTOLOGY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "ontology.n3";
+    public static final String ATTRIBUTES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "attributes.n3";
+    public static final String OPERATIONS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "operations.n3";
+    public static final String OPERATION_GROUPS = USER_ACCOUNTS_HOME_FIRSTTIME + "operation_groups.n3";
+    public static final String SUBJECT_TYPES = USER_ACCOUNTS_HOME_FIRSTTIME + "subject_types.n3";
+    public static final String OBJECT_TYPES = USER_ACCOUNTS_HOME_FIRSTTIME + "object_types.n3";
+    public static final String ATTRIBUTE_TYPES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "attribute_types.n3";
+    public static final String OPERATORS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "operators.n3";
+    public static final String TEST_VALUES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "test_values.n3";
+    public static final String TEST_DECISIONS = USER_ACCOUNTS_HOME_FIRSTTIME + "decisions.n3";
+
+    public static final String ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_display_object_property.n3";
-    public static final String ADMIN_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_display_data_property.n3";
-    public static final String ADMIN_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_display_class.n3";
 
-    public static final String CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_display_object_property.n3";
-    public static final String CURATOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_display_data_property.n3";
-    public static final String CURATOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_display_class.n3";
 
-    public static final String PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_public_display_object_property.n3";
-    public static final String PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_public_display_data_property.n3";
-    public static final String PUBLIC_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String PUBLIC_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_public_display_class.n3";
 
-    public static final String SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_display_object_property.n3";
-    public static final String SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_display_data_property.n3";
-    public static final String SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_display_class.n3";
 
-    public static final String EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_display_object_property.n3";
-    public static final String EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_display_data_property.n3";
-    public static final String EDITOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_display_class.n3";
     // Update
-    public static final String ADMIN_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_update_object_property.n3";
-    public static final String ADMIN_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_update_data_property.n3";
-    public static final String ADMIN_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_update_class.n3";
 
-    public static final String CURATOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_update_object_property.n3";
-    public static final String CURATOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_update_data_property.n3";
-    public static final String CURATOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_update_class.n3";
 
-    public static final String PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_public_update_object_property.n3";
-    public static final String PUBLIC_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String PUBLIC_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_public_update_data_property.n3";
-    public static final String PUBLIC_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String PUBLIC_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_public_update_class.n3";
 
-    public static final String SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_update_object_property.n3";
-    public static final String SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_update_data_property.n3";
-    public static final String SELF_EDITOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_update_class.n3";
 
-    public static final String EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_update_object_property.n3";
-    public static final String EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_update_data_property.n3";
-    public static final String EDITOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_update_class.n3";
     // Publish
-    public static final String ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_publish_object_property.n3";
-    public static final String ADMIN_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_publish_data_property.n3";
-    public static final String ADMIN_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_publish_class.n3";
 
-    public static final String CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_publish_object_property.n3";
-    public static final String CURATOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_publish_data_property.n3";
-    public static final String CURATOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_publish_class.n3";
 
-    public static final String SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_publish_object_property.n3";
-    public static final String SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_publish_data_property.n3";
-    public static final String SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_publish_class.n3";
 
-    public static final String EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_publish_object_property.n3";
-    public static final String EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_publish_data_property.n3";
-    public static final String EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_publish_class.n3";
 
-    public static final String ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_display_faux_object_property.n3";
-    public static final String CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_display_faux_object_property.n3";
-    public static final String EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_display_faux_object_property.n3";
-    public static final String SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_display_faux_object_property.n3";
-    public static final String PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_public_display_faux_object_property.n3";
 
-    public static final String ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_publish_faux_object_property.n3";
-    public static final String CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_publish_faux_object_property.n3";
-    public static final String EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_publish_faux_object_property.n3";
-    public static final String SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_publish_faux_object_property.n3";
 
-    public static final String ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_update_faux_object_property.n3";
-    public static final String CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_update_faux_object_property.n3";
-    public static final String EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_update_faux_object_property.n3";
-    public static final String SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_update_faux_object_property.n3";
 
-    public static final String ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_display_faux_data_property.n3";
-    public static final String CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_display_faux_data_property.n3";
-    public static final String EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_display_faux_data_property.n3";
-    public static final String SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_display_faux_data_property.n3";
-    public static final String PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_public_display_faux_data_property.n3";
 
-    public static final String ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_publish_faux_data_property.n3";
-    public static final String CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_publish_faux_data_property.n3";
-    public static final String EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_publish_faux_data_property.n3";
-    public static final String SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_publish_faux_data_property.n3";
 
-    public static final String ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_update_faux_data_property.n3";
-    public static final String CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_update_faux_data_property.n3";
-    public static final String EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_update_faux_data_property.n3";
-    public static final String SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME
+    public static final String SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_update_faux_data_property.n3";
 
     protected static final String RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
index 53381ea68b..85144c7fd6 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
@@ -9,7 +9,7 @@
 
 public class RootUserPolicyTest extends PolicyTest {
 
-    public static final String ROOT_POLICY_PATH = USER_ACCOUNTS_HOME_EVERYTIME + "policy_root_user.n3";
+    public static final String ROOT_POLICY_PATH = PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + "policy_root_user.n3";
 
     @Test
     public void testLoadRootUserPolicy() {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
index e9601d71ad..8c63611a37 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
@@ -13,18 +13,20 @@
 
 public class SimplePermissionPolicyTest extends PolicyTest {
 
-    public static final String ADMIN_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_admin_simple_permissions";
-    public static final String CURATOR_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_curator_simple_permissions";
-    public static final String EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_editor_simple_permissions";
-    public static final String SELF_EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_self_editor_simple_permissions";
-    public static final String PUBLIC_SIMPLE_PERMISSIONS_POLICY_PATH = "policy_public_simple_permissions";
+    public static final String ADMIN_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_admin_simple_permissions_dataset";
+    public static final String CURATOR_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_curator_simple_permissions_dataset";
+    public static final String EDITOR_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_editor_simple_permissions_dataset";
+    public static final String SELF_EDITOR_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_self_editor_simple_permissions_dataset";
+    public static final String PUBLIC_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_public_simple_permissions_dataset";
+    public static final String SIMPLE_PERMISSIONS_POLICY_PATH = "policy_simple_permissions";
 
     @Test
     public void testAdminSimplePermissionPolicy() {
-        load(USER_ACCOUNTS_HOME_EVERYTIME + ADMIN_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
-        load(USER_ACCOUNTS_HOME_FIRSTTIME + ADMIN_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/AdminSimplePermissionsPolicy";
-        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + ADMIN_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SimplePermissionTemplatePolicy";
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/AdminSimplePermissionDataSet";
+        DynamicPolicy policy = loader.loadPolicyWithDataSet(policyUri, dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
@@ -41,10 +43,11 @@ public void testAdminSimplePermissionPolicy() {
 
     @Test
     public void testCuratorSimplePermissionPolicy() {
-        load(USER_ACCOUNTS_HOME_EVERYTIME + CURATOR_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
-        load(USER_ACCOUNTS_HOME_FIRSTTIME + CURATOR_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/CuratorSimplePermissionsPolicy";
-        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + CURATOR_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SimplePermissionTemplatePolicy";
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/CuratorSimplePermissionDataSet";
+        DynamicPolicy policy = loader.loadPolicyWithDataSet(policyUri, dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
@@ -61,10 +64,11 @@ public void testCuratorSimplePermissionPolicy() {
 
     @Test
     public void testEditorSimplePermissionPolicy() {
-        load(USER_ACCOUNTS_HOME_EVERYTIME + EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
-        load(USER_ACCOUNTS_HOME_FIRSTTIME + EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/EditorSimplePermissionsPolicy";
-        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + EDITOR_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SimplePermissionTemplatePolicy";
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/EditorSimplePermissionDataSet";
+        DynamicPolicy policy = loader.loadPolicyWithDataSet(policyUri, dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
@@ -81,10 +85,11 @@ public void testEditorSimplePermissionPolicy() {
 
     @Test
     public void testSelfEditorSimplePermissionPolicy() {
-        load(USER_ACCOUNTS_HOME_EVERYTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
-        load(USER_ACCOUNTS_HOME_FIRSTTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SelfEditorSimplePermissionsPolicy";
-        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SimplePermissionTemplatePolicy";
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SelfEditorSimplePermissionDataSet";
+        DynamicPolicy policy = loader.loadPolicyWithDataSet(policyUri, dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
@@ -101,10 +106,11 @@ public void testSelfEditorSimplePermissionPolicy() {
 
     @Test
     public void testPublicSimplePermissionPolicy() {
-        load(USER_ACCOUNTS_HOME_EVERYTIME + PUBLIC_SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
-        load(USER_ACCOUNTS_HOME_FIRSTTIME + PUBLIC_SIMPLE_PERMISSIONS_POLICY_PATH + DATASET + EXT);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/PublicSimplePermissionsPolicy";
-        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + PUBLIC_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SimplePermissionTemplatePolicy";
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/PublicSimplePermissionDataSet";
+        DynamicPolicy policy = loader.loadPolicyWithDataSet(policyUri, dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3 b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
index d13ab7789c..4363b5d24f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
@@ -13,6 +13,9 @@
 
 #### Classes
 
+ao:PolicyTemplate rdf:type owl:Class ;
+     rdfs:label "Access rule policy template"@en-US .
+
 ao:Policy rdf:type owl:Class ;
      rdfs:label "Access rule policy"@en-US .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
index 92767d3174..51365f8684 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
@@ -8,46 +8,46 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ai:AdminPublishDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminPublishDataPropertyRuleSet ;
-          ao:testDatasets ai:AdminPublishDataPropertyTestDatasets ;
-          ao:policyKey ai:AdminPublishDataPropertyPolicyKey .
+     ao:rules ai:AdminPublishDataPropertyRuleSet ;
+     ao:testDatasets ai:AdminPublishDataPropertyTestDatasets ;
+     ao:policyKey ai:AdminPublishDataPropertyPolicyKey .
 
 ai:AdminPublishDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminPublishDataPropertyStatementRule ;
-          ao:rule ai:AllowAdminPublishDataPropertyRule .
+     ao:rule ai:AllowAdminPublishDataPropertyStatementRule ;
+     ao:rule ai:AllowAdminPublishDataPropertyRule .
 
 ai:AdminPublishDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminPublishDataPropertyDataset .
+     ao:testDataset ai:AdminPublishDataPropertyDataset .
 
 ai:AdminPublishDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:AdminPublishDataPropertyTestData .
-          
+     ao:testData ai:AdminPublishDataPropertyTestData .
+     
 ai:AdminPublishDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:PublishOperationGroup .
+     ao:keyComponent ai:DataPropertyAccesObject ;
+     ao:keyComponent auth:ADMIN ;
+     ao:keyComponent ai:PublishOperationGroup .
 
 ai:AllowAdminPublishDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:AdminPublishDataPropertyAttribute .
+     ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+     ao:attribute ai:PublishOperationAttribute ;
+     ao:attribute ai:DataPropertyTypeAttribute ;
+     ao:attribute ai:AdminPublishDataPropertyAttribute .
 
 ai:AllowAdminPublishDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminPublishDataPropertyStatementAttribute .
-         
+     ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
+     ao:attribute ai:PublishOperationAttribute ;
+     ao:attribute ai:DataPropertyStatementTypeAttribute ;
+     ao:attribute ai:AdminPublishDataPropertyStatementAttribute .
+    
 ai:AdminPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:AdminPublishDataPropertyTestData .
+    ao:operator ai:OneOf ;
+    ao:type ai:StatementPredicateUri ;
+    ao:setValue ai:AdminPublishDataPropertyTestData .
 
 ai:AdminPublishDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminPublishDataPropertyTestData .
-         
+    ao:operator ai:OneOf ;
+    ao:type ai:AccessObjectUri ;
+    ao:setValue ai:AdminPublishDataPropertyTestData .
+    
 ai:AdminPublishDataPropertyTestData rdf:type ao:TestData ;
    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3
deleted file mode 100644
index dea0f48e88..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions.n3
+++ /dev/null
@@ -1,37 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
-
-ai:AdminSimplePermissionsPolicy rdf:type ao:Policy ;
-        ao:priority 1000 ;
-        ao:testDatasets ai:AdminSimplePermissionsDatasets ;
-        ao:rules ai:AdminSimplePermissionsRuleSet .
-
-ai:AdminSimplePermissionsDatasets rdf:type ao:TestDatasets ;
-        ao:testDataset ai:AdminSimplePermissionsDataset .
-          
-ai:AdminSimplePermissionsDataset rdf:type ao:TestDataSet ;
-        ao:testData ai:AdminSimplePermissionsTestData .
-
-ai:AdminSimplePermissionsRuleSet rdf:type ao:Rules ;
-        ao:rule ai:AllowAdminSimplePermissions .
-          
-ai:AllowAdminSimplePermissions rdf:type ao:Rule;
-        ao:attribute ai:NamedObjectTypeAttribute ;
-        ao:attribute ai:PermissionNameInAdminAllowed ;
-        ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute .
-          
-ai:PermissionNameInAdminAllowed rdf:type ao:Attribute ;
-        ao:operator ai:OneOf ;
-        ao:type ai:AccessObjectUri ;
-        ao:setValue ai:AdminSimplePermissionsTestData .
-
-ai:AdminSimplePermissionsTestData rdf:type ao:TestData ;
-        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions_dataset.n3
index e960a63705..2963e086ae 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions_dataset.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions_dataset.n3
@@ -9,7 +9,7 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 
-ai:AdminSimplePermissionsTestData 
+ai:AdminSimplePermissionValueContainer
         ao:dataValue simplePermission:AccessSpecialDataModels ;
         ao:dataValue simplePermission:EnableDeveloperPanel ;
         ao:dataValue simplePermission:LoginDuringMaintenance ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3
deleted file mode 100644
index 8af148658a..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions.n3
+++ /dev/null
@@ -1,37 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
-
-ai:CuratorSimplePermissionsPolicy rdf:type ao:Policy ;
-        ao:priority 1000 ;
-        ao:testDatasets ai:CuratorSimplePermissionsDatasets ;
-        ao:rules ai:CuratorSimplePermissionsRuleSet .
-
-ai:CuratorSimplePermissionsDatasets rdf:type ao:TestDatasets ;
-        ao:testDataset ai:CuratorSimplePermissionsDataset .
-          
-ai:CuratorSimplePermissionsDataset rdf:type ao:TestDataSet ;
-        ao:testData ai:CuratorSimplePermissionsTestData .
-
-ai:CuratorSimplePermissionsRuleSet rdf:type ao:Rules ;
-        ao:rule ai:AllowCuratorSimplePermissions .
-          
-ai:AllowCuratorSimplePermissions rdf:type ao:Rule;
-        ao:attribute ai:NamedObjectTypeAttribute ;
-        ao:attribute ai:PermissionNameInCuratorAllowed ;
-        ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute .
-          
-ai:PermissionNameInCuratorAllowed rdf:type ao:Attribute ;
-        ao:operator ai:OneOf ;
-        ao:type ai:AccessObjectUri ;
-        ao:setValue ai:CuratorSimplePermissionsTestData .
-
-ai:CuratorSimplePermissionsTestData rdf:type ao:TestData ;
-        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions_dataset.n3
index eccedf576f..14739614ad 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions_dataset.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions_dataset.n3
@@ -9,7 +9,7 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 
-ai:CuratorSimplePermissionsTestData
+ai:CuratorSimplePermissionValueContainer
     ao:dataValue simplePermission:EditOntology ;
     ao:dataValue simplePermission:EditSiteInformation ;
     ao:dataValue simplePermission:SeeVerbosePropertyInformation ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3
deleted file mode 100644
index 6f3e17dd19..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions.n3
+++ /dev/null
@@ -1,37 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
-
-ai:EditorSimplePermissionsPolicy rdf:type ao:Policy ;
-        ao:priority 1000 ;
-        ao:testDatasets ai:EditorSimplePermissionsDatasets ;
-        ao:rules ai:EditorSimplePermissionsRuleSet .
-
-ai:EditorSimplePermissionsDatasets rdf:type ao:TestDatasets ;
-        ao:testDataset ai:EditorSimplePermissionsDataset .
-          
-ai:EditorSimplePermissionsDataset rdf:type ao:TestDataSet ;
-        ao:testData ai:EditorSimplePermissionsTestData .
-
-ai:EditorSimplePermissionsRuleSet rdf:type ao:Rules ;
-        ao:rule ai:AllowEditorSimplePermissions .
-          
-ai:AllowEditorSimplePermissions rdf:type ao:Rule;
-        ao:attribute ai:NamedObjectTypeAttribute ;
-        ao:attribute ai:PermissionNameInEditorAllowed ;
-        ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute .
-          
-ai:PermissionNameInEditorAllowed rdf:type ao:Attribute ;
-        ao:operator ai:OneOf ;
-        ao:type ai:AccessObjectUri ;
-        ao:setValue ai:EditorSimplePermissionsTestData .
-
-ai:EditorSimplePermissionsTestData rdf:type ao:TestData ;
-        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions_dataset.n3
index 10b9609284..044a14a282 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions_dataset.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions_dataset.n3
@@ -9,7 +9,7 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 
-ai:EditorSimplePermissionsTestData  
+ai:EditorSimplePermissionValueContainer
     # permissions for EDITOR and above.
     ao:dataValue simplePermission:DoBackEndEditing ;
     ao:dataValue simplePermission:SeeIndividualEditingPanel ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3
deleted file mode 100644
index 7664a59eb3..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions.n3
+++ /dev/null
@@ -1,37 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
-
-ai:PublicSimplePermissionsPolicy rdf:type ao:Policy ;
-        ao:priority 1000 ;
-        ao:testDatasets ai:PublicSimplePermissionsDatasets ;
-        ao:rules ai:PublicSimplePermissionsRuleSet .
-
-ai:PublicSimplePermissionsDatasets rdf:type ao:TestDatasets ;
-        ao:testDataset ai:PublicSimplePermissionsDataset .
-          
-ai:PublicSimplePermissionsDataset rdf:type ao:TestDataSet ;
-        ao:testData ai:PublicSimplePermissionsTestData .
-
-ai:PublicSimplePermissionsRuleSet rdf:type ao:Rules ;
-        ao:rule ai:AllowPublicSimplePermissions .
-          
-ai:AllowPublicSimplePermissions rdf:type ao:Rule;
-        ao:attribute ai:NamedObjectTypeAttribute ;
-        ao:attribute ai:PermissionNameInPublicAllowed ;
-        ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute .
-          
-ai:PermissionNameInPublicAllowed rdf:type ao:Attribute ;
-        ao:operator ai:OneOf ;
-        ao:type ai:AccessObjectUri ;
-        ao:setValue ai:PublicSimplePermissionsTestData .
-
-ai:PublicSimplePermissionsTestData rdf:type ao:TestData ;
-        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions_dataset.n3
index abe82d727d..54f7c8dff4 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions_dataset.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions_dataset.n3
@@ -9,7 +9,7 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 
-ai:PublicSimplePermissionsTestData  
+ai:PublicSimplePermissionValueContainer  
         # permissions for ANY user, even if they are not logged in.
         ao:dataValue simplePermission:QueryFullModel ;
         ao:dataValue simplePermission:PageViewablePublic ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3
deleted file mode 100644
index 2d79e79145..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions.n3
+++ /dev/null
@@ -1,37 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
-
-ai:SelfEditorSimplePermissionsPolicy rdf:type ao:Policy ;
-        ao:priority 1000 ;
-        ao:testDatasets ai:SelfEditorSimplePermissionsDatasets ;
-        ao:rules ai:SelfEditorSimplePermissionsRuleSet .
-
-ai:SelfEditorSimplePermissionsDatasets rdf:type ao:TestDatasets ;
-        ao:testDataset ai:SelfEditorSimplePermissionsDataset .
-          
-ai:SelfEditorSimplePermissionsDataset rdf:type ao:TestDataSet ;
-        ao:testData ai:SelfEditorSimplePermissionsTestData .
-
-ai:SelfEditorSimplePermissionsRuleSet rdf:type ao:Rules ;
-        ao:rule ai:AllowSelfEditorSimplePermissions .
-          
-ai:AllowSelfEditorSimplePermissions rdf:type ao:Rule;
-        ao:attribute ai:NamedObjectTypeAttribute ;
-        ao:attribute ai:PermissionNameInSelfEditorAllowed ;
-        ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute .
-          
-ai:PermissionNameInSelfEditorAllowed rdf:type ao:Attribute ;
-        ao:operator ai:OneOf ;
-        ao:type ai:AccessObjectUri ;
-        ao:setValue ai:SelfEditorSimplePermissionsTestData .
-
-ai:SelfEditorSimplePermissionsTestData rdf:type ao:TestData ;
-        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions_dataset.n3
index 39f148534d..43ee4e2872 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions_dataset.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions_dataset.n3
@@ -9,7 +9,7 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 
-ai:SelfEditorSimplePermissionsTestData 
+ai:SelfEditorSimplePermissionValueContainer
         # permissions for ANY logged-in user.
         ao:dataValue simplePermission:DoFrontEndEditing ;
         ao:dataValue simplePermission:EditOwnAccount ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_simple_permissions.n3
new file mode 100644
index 0000000000..2883fad107
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_simple_permissions.n3
@@ -0,0 +1,138 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+
+ai:SimplePermissionTemplatePolicy a ao:PolicyTemplate ;
+    ao:priority 1000 ;
+    ao:policyDataSets ai:SimplePermissionDataSets ;
+    ao:rules ai:SimplePermissionRuleSet .
+
+ai:SimplePermissionDataSets a ao:PolicyDataSets ;
+    ao:policyDataSetTemplate ai:SimplePermissionDataSetTemplate ;
+    ao:policyDataSet ai:PublicSimplePermissionDataSet ;
+    ao:policyDataSet ai:SelfEditorSimplePermissionDataSet ;
+    ao:policyDataSet ai:EditorSimplePermissionDataSet ;
+    ao:policyDataSet ai:CuratorSimplePermissionDataSet ;
+    ao:policyDataSet ai:AdminSimplePermissionDataSet .
+
+ai:SimplePermissionDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetKeyTemplate ai:SimplePermissionDataSetKeyTemplate ;
+    ao:testDataTemplate ai:SimplePermissionRoleTestDataTemplate ;
+    ao:testDataTemplate ai:SimplePermissionTypesTestDataTemplate .  
+
+ai:SimplePermissionDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+ai:SimplePermissionRoleTestDataTemplate a ao:TestDataTemplate ;
+    ao:usedInAttributeValueSet ai:SimplePermissionRoleValueSet;
+    ao:dataValueTemplate ai:SubjectRole .
+
+ai:SimplePermissionTypesTestDataTemplate a ao:TestDataTemplate ;
+    ao:usedInAttributeValueSet ai:SimplePermissionTypeValueSet;
+    ao:dataValueTemplate ai:NamedObject .
+
+ai:PublicSimplePermissionDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey ai:PublicSimplePermissionDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:PublicSimplePermissionValueContainer .
+
+ai:PublicSimplePermissionDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponent auth:PUBLIC .
+
+ai:SelfEditorSimplePermissionDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey ai:SelfEditorSimplePermissionDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:SelfEditorSimplePermissionValueContainer .
+
+ai:SelfEditorSimplePermissionDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponent auth:SELF_EDITOR .
+
+ai:EditorSimplePermissionDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey ai:EditorSimplePermissionDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:EditorSimplePermissionValueContainer .
+
+ai:EditorSimplePermissionDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponent auth:EDITOR .
+
+ai:CuratorSimplePermissionDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey ai:CuratorSimplePermissionDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:CuratorSimplePermissionValueContainer .
+
+ai:CuratorSimplePermissionDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponent auth:CURATOR .
+
+ai:AdminSimplePermissionDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey ai:AdminSimplePermissionDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:AdminSimplePermissionValueContainer .
+
+ai:AdminSimplePermissionDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponent auth:ADMIN .
+
+ai:SimplePermissionRuleSet a ao:Rules ;
+    ao:rule ai:AllowSimplePermission .
+      
+ai:AllowSimplePermission a ao:Rule;
+    ao:attribute ai:NamedObjectTypeAttribute ;
+    ao:attribute ai:PermissionNameAllowed ;
+    ao:attribute ai:SubjectRoleEqualsRoleAttribute .
+      
+ai:PermissionNameAllowed a ao:Attribute ;
+    ao:operator ai:OneOf ;
+    ao:type ai:AccessObjectUri ;
+    ao:templateValue ai:SimplePermissionTypeValueSet .
+
+ai:SimplePermissionTypeValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:PublicSimplePermissionValueContainer ;
+    ao:attributeValue ai:SelfEditorSimplePermissionValueContainer ;
+    ao:attributeValue ai:EditorSimplePermissionValueContainer ;
+    ao:attributeValue ai:CuratorSimplePermissionValueContainer ;
+    ao:attributeValue ai:AdminSimplePermissionValueContainer .
+
+ai:PublicSimplePermissionValueContainer a ao:ValueContainer .
+ai:SelfEditorSimplePermissionValueContainer a ao:ValueContainer .
+ai:EditorSimplePermissionValueContainer a ao:ValueContainer .
+ai:CuratorSimplePermissionValueContainer a ao:ValueContainer .
+ai:AdminSimplePermissionValueContainer a ao:ValueContainer .
+
+ai:SubjectRoleEqualsRoleAttribute a ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:SubjectRole ;
+    ao:templateValue ai:SimplePermissionRoleValueSet .
+
+ai:SimplePermissionRoleValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:PublicRoleValueContainer ;
+    ao:attributeValue ai:SelfEditorRoleValueContainer ;
+    ao:attributeValue ai:EditorRoleValueContainer ;
+    ao:attributeValue ai:CuratorRoleValueContainer ;
+    ao:attributeValue ai:AdminRoleValueContainer .
+
+ai:PublicRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:PUBLIC .
+
+ai:SelfEditorRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:SELF_EDITOR .
+
+ai:EditorRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:EDITOR .
+
+ai:CuratorRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:CURATOR .
+
+ai:AdminRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:ADMIN .

From e9bafe05dc24837e9cf9f1fb08d2c049f57fc2a9 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 17 Oct 2023 08:55:25 +0200
Subject: [PATCH 052/148] renamed variables

---
 .../individual/DataPropertyStatementTemplateModel.java    | 8 ++++----
 .../individual/ObjectPropertyStatementTemplateModel.java  | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java
index 2e49c7c671..1342cc0289 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java
@@ -47,14 +47,14 @@ public DataPropertyStatementTemplateModel(String subjectUri, Property property,
 	private String makeDeleteUrl() {
         // Determine whether the statement can be deleted
 		DataPropertyStatement dps = makeStatement();
-        AccessObject action;
+        AccessObject ao;
         if (isFaux()) {
-            action = new FauxDataPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, fauxProperty, literalValue.getLexicalForm());
+            ao = new FauxDataPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, fauxProperty, literalValue.getLexicalForm());
         } else {
-            action = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), dps);
+            ao = new DataPropertyStatementAccessObject(vreq.getJenaOntModel(), dps);
         }
         
-        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.DROP) ) {
+        if ( ! PolicyHelper.isAuthorizedForActions(vreq, ao, AccessOperation.DROP) ) {
             return "";
         }
         
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
index c3d800c9d2..6606dd1885 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
@@ -52,9 +52,9 @@ private String makeDeleteUrl() {
     	}
 
         // Determine whether the statement can be deleted
-		AccessObject action = new ObjectPropertyStatementAccessObject(
+		AccessObject ao = new ObjectPropertyStatementAccessObject(
 				vreq.getJenaOntModel(), subjectUri, property, objectUri);
-        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.DROP) ) {
+        if ( ! PolicyHelper.isAuthorizedForActions(vreq, ao, AccessOperation.DROP) ) {
             return "";
         }
 
@@ -109,8 +109,8 @@ private String makeEditUrl() {
     	}
 
        // Determine whether the statement can be edited
-        AccessObject action =  new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, property, objectUri);
-        if ( ! PolicyHelper.isAuthorizedForActions(vreq, action, AccessOperation.EDIT) ) {
+        AccessObject ao =  new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, property, objectUri);
+        if ( ! PolicyHelper.isAuthorizedForActions(vreq, ao, AccessOperation.EDIT) ) {
             return "";
         }
 

From 1c53dd1bba94414edec67baaf4685bc4729e98f7 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 19 Oct 2023 10:44:23 +0200
Subject: [PATCH 053/148] created policy templates for: simple permissions,
 simple entity policies for matching properties and classes

---
 .../vedit/controller/OperationController.java |   2 +-
 .../auth/policy/EntityPolicyController.java   |  13 +-
 .../webapp/auth/policy/PolicyLoader.java      | 194 ++++--
 .../webapp/migration/auth/ArmMigrator.java    |   2 +-
 .../webapp/auth/policy/BasicPolicyTest.java   |  18 +-
 .../policy/EntityPolicyControllerTest.java    |  12 +-
 .../webapp/auth/policy/EntityPolicyTests.java | 257 ++------
 ...MatchAllowedClassesPolicyTemplateTest.java |  78 +++
 ...chAllowedPropertiesPolicyTemplateTest.java | 118 ++++
 .../vitro/webapp/auth/policy/PolicyTest.java  | 196 ++----
 .../webapp/auth/policy/ProximityTest.java     |   4 +-
 .../policy/SimplePermissionPolicyTest.java    |  27 +-
 .../migration/auth/ArmMigratorTest.java       |   2 +-
 .../auth/rules/proximity_test_policy.n3       |   2 +-
 .../webapp/auth/rules/test_policy_broken5.n3  |  12 +-
 .../auth/rules/test_policy_broken_set.n3      |  78 +--
 .../auth/rules/test_policy_valid_set.n3       | 100 +--
 .../accessControl/firsttime/object_types.n3   |  29 +
 .../rdf/accessControl/firsttime/ontology.n3   |  82 +--
 .../rdf/accessControl/firsttime/operations.n3 |  40 +-
 .../firsttime/policy_admin_display_class.n3   |  41 --
 .../policy_admin_display_data_property.n3     |  53 --
 ...policy_admin_display_faux_data_property.n3 |  53 --
 ...licy_admin_display_faux_object_property.n3 |  53 --
 .../policy_admin_display_object_property.n3   |  53 --
 .../firsttime/policy_admin_publish_class.n3   |  41 --
 .../policy_admin_publish_data_property.n3     |  53 --
 ...policy_admin_publish_faux_data_property.n3 |  53 --
 ...licy_admin_publish_faux_object_property.n3 |  53 --
 .../policy_admin_publish_object_property.n3   |  53 --
 .../firsttime/policy_admin_update_class.n3    |  41 --
 .../policy_admin_update_data_property.n3      |   8 +-
 .../policy_admin_update_faux_data_property.n3 |   8 +-
 ...olicy_admin_update_faux_object_property.n3 |   8 +-
 .../policy_admin_update_object_property.n3    |   8 +-
 .../firsttime/policy_curator_display_class.n3 |  41 --
 .../policy_curator_display_data_property.n3   |  53 --
 ...licy_curator_display_faux_data_property.n3 |  53 --
 ...cy_curator_display_faux_object_property.n3 |  53 --
 .../policy_curator_display_object_property.n3 |  53 --
 .../firsttime/policy_curator_publish_class.n3 |  41 --
 .../policy_curator_publish_data_property.n3   |  53 --
 ...licy_curator_publish_faux_data_property.n3 |  53 --
 ...cy_curator_publish_faux_object_property.n3 |  53 --
 .../policy_curator_publish_object_property.n3 |  53 --
 .../firsttime/policy_curator_update_class.n3  |  41 --
 .../policy_curator_update_data_property.n3    |   8 +-
 ...olicy_curator_update_faux_data_property.n3 |   8 +-
 ...icy_curator_update_faux_object_property.n3 |   8 +-
 .../policy_curator_update_object_property.n3  |   8 +-
 .../firsttime/policy_editable_pages.n3        |  54 +-
 .../firsttime/policy_editor_display_class.n3  |  41 --
 .../policy_editor_display_data_property.n3    |  53 --
 ...olicy_editor_display_faux_data_property.n3 |  53 --
 ...icy_editor_display_faux_object_property.n3 |  53 --
 .../policy_editor_display_object_property.n3  |  53 --
 .../firsttime/policy_editor_publish_class.n3  |  41 --
 .../policy_editor_publish_data_property.n3    |  53 --
 ...olicy_editor_publish_faux_data_property.n3 |  53 --
 ...icy_editor_publish_faux_object_property.n3 |  53 --
 .../policy_editor_publish_object_property.n3  |  53 --
 ...olicy_editor_simple_permissions_dataset.n3 |   2 +-
 .../firsttime/policy_editor_update_class.n3   |  41 --
 .../policy_editor_update_data_property.n3     |   8 +-
 ...policy_editor_update_faux_data_property.n3 |   8 +-
 ...licy_editor_update_faux_object_property.n3 |   8 +-
 .../policy_editor_update_object_property.n3   |   8 +-
 .../policy_not_modifiable_statements.n3       | 186 +++---
 ...olicy_not_modifiable_statements_dataset.n3 |  32 +-
 .../firsttime/policy_public_display_class.n3  |  41 --
 .../policy_public_display_data_property.n3    |  53 --
 ...olicy_public_display_faux_data_property.n3 |  53 --
 ...icy_public_display_faux_object_property.n3 |  53 --
 .../policy_public_display_object_property.n3  |  53 --
 .../firsttime/policy_public_update_class.n3   |  41 --
 .../policy_public_update_data_property.n3     |   8 +-
 .../policy_public_update_object_property.n3   |   8 +-
 .../policy_self_editor_display_class.n3       |  41 --
 ...olicy_self_editor_display_data_property.n3 |   8 +-
 ..._self_editor_display_faux_data_property.n3 |   8 +-
 ...elf_editor_display_faux_object_property.n3 |   8 +-
 ...icy_self_editor_display_object_property.n3 |   8 +-
 .../policy_self_editor_publish_class.n3       |  41 --
 ...olicy_self_editor_publish_data_property.n3 |   8 +-
 ..._self_editor_publish_faux_data_property.n3 |   8 +-
 ...elf_editor_publish_faux_object_property.n3 |   8 +-
 ...icy_self_editor_publish_object_property.n3 |   8 +-
 .../policy_self_editor_update_class.n3        |  41 --
 ...policy_self_editor_update_data_property.n3 |   8 +-
 ...y_self_editor_update_faux_data_property.n3 |   8 +-
 ...self_editor_update_faux_object_property.n3 |   8 +-
 ...licy_self_editor_update_object_property.n3 |   8 +-
 .../firsttime/policy_simple_permissions.n3    | 138 ----
 .../firsttime/template_match_allowed_class.n3 | 336 ++++++++++
 .../template_match_allowed_property.n3        | 590 ++++++++++++++++++
 .../firsttime/template_simple_permissions.n3  | 131 ++++
 .../accessControl/firsttime/test_values.n3    | 164 ++---
 97 files changed, 2074 insertions(+), 3091 deletions(-)
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedClassesPolicyTemplateTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedPropertiesPolicyTemplateTest.java
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_simple_permissions.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_class.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3

diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
index c8120dd7ef..8e0af91d51 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
@@ -160,7 +160,7 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
                         if (selectedRoles == null) {
                             selectedRoles = new String[0];
                         }
-                        EntityPolicyController.updateEntityPolicy(entityUri, AccessObjectType.valueOf(entityType), og, Arrays.asList(selectedRoles), roleUris);
+                        EntityPolicyController.updateEntityPolicyDataSet(entityUri, AccessObjectType.valueOf(entityType), og, Arrays.asList(selectedRoles), roleUris);
                     }
                 }
             }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index a2da431225..35ee96d269 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -29,7 +29,7 @@ public class EntityPolicyController {
      * @param selectedRoles - list of roles to assign
      * @param allRoles - list of all available roles
      */
-    public static void updateEntityPolicy(String entityUri, AccessObjectType aot, OperationGroup og,
+    public static void updateEntityPolicyDataSet(String entityUri, AccessObjectType aot, OperationGroup og,
             List<String> selectedRoles, List<String> allRoles) {
         if (StringUtils.isBlank(entityUri)) {
             return;
@@ -39,19 +39,20 @@ public static void updateEntityPolicy(String entityUri, AccessObjectType aot, Op
             boolean isInDataSet = isUriInTestDataset(entityUri, og, aot, role);
             boolean isSelected = selectedSet.contains(role);
             final PolicyLoader loader = PolicyLoader.getInstance();
-            final String policyUri = loader.getPolicyUriByKey(og, aot, role);
-            if (policyUri == null) {
+            final String dataSetUri = loader.getDataSetUriByKey(og, aot, role);
+
+            if (dataSetUri == null) {
                 log.debug(
                         String.format("Policy wasn't found by key:\n%s\n%s\n%s", og.toString(), aot.toString(), role));
                 continue;
             }
             if (isSelected && !isInDataSet) {
                 loader.addEntityToPolicyDataSet(entityUri, aot, og, role);
-                DynamicPolicy policy = loader.loadPolicy(policyUri);
+                DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
                 PolicyStore.getInstance().add(policy);
             } else if (!isSelected && isInDataSet) {
                 loader.removeEntityFromPolicyDataSet(entityUri, aot, og, role);
-                DynamicPolicy policy = loader.loadPolicy(policyUri);
+                DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
                 PolicyStore.getInstance().add(policy);
             }
         }
@@ -103,7 +104,7 @@ public static void insertedEntityEvent(Property newObj) {
     }
 
     private static boolean isUriInTestDataset(String entityUri, OperationGroup og, AccessObjectType aot, String role) {
-        Set<String> values = PolicyLoader.getInstance().getPolicyDataSetValues(og, aot, role);
+        Set<String> values = PolicyLoader.getInstance().getDataSetValues(og, aot, role);
         return values.contains(entityUri);
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 4e73acba09..4c2cd3d725 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -12,6 +12,7 @@
 import java.util.List;
 import java.util.Set;
 
+import arq.query;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
@@ -70,6 +71,26 @@ public class PolicyLoader {
             + "    BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n"
             + "  }\n"
             + "} ORDER BY ?" + PRIORITY;
+    
+
+    private static final String DATASET_PRIORITY_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
+            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
+            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "SELECT DISTINCT ?" + PRIORITY + " \n"
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "    ?policy ao:priority ?set_priority .\n"
+            + "    ?policy ao:policyDataSets ?dataSets .\n"
+            + "    ?dataSets ao:policyDataSet ?dataSet .\n"
+            + "    OPTIONAL {?policy ao:priority ?policyPriority" + " . }\n"
+            + "    OPTIONAL {?dataSet ao:priority ?dataSetPriority" + " . }\n"
+            + "    BIND(COALESCE(?dataSetPriority, ?policyPriority, 0 ) as ?" + PRIORITY + " ) .\n"
+            + "  }\n"
+            + "} ORDER BY ?" + PRIORITY;
 
     private static final String DATASET_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
             + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
@@ -80,9 +101,9 @@ public class PolicyLoader {
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?dataSet \n" + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "       ?policy ao:testDatasets ?dataSets .\n"
-            + "       ?policy rdf:type ao:Policy .\n"
-            + "       ?dataSets ao:testDataset ?dataSet .\n"
+            + "       ?policy a ao:PolicyTemplate .\n"
+            + "       ?policy ao:policyDataSets ?dataSets .\n"
+            + "       ?dataSets ao:policyDataSet ?dataSet .\n"
             + "  }\n"
             + "} ORDER BY ?dataSet";
 
@@ -93,7 +114,7 @@ public class PolicyLoader {
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id \n" + "WHERE {\n"
+            + "SELECT DISTINCT ?policyUri ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id \n" + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "?policy rdf:type ao:Policy .\n"
             + "?policy ao:rules ?rules . \n"
@@ -118,6 +139,7 @@ public class PolicyLoader {
             + "?attribute ao:value ?value . \n"
             + "OPTIONAL {?value ao:id ?lit_value . }\n"
             + "  }\n"
+            + "BIND(?policy as ?policyUri)\n"
             + "} ORDER BY ?rule ?attribute";
 
     private static final String DATASET_RULES_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
@@ -127,11 +149,13 @@ public class PolicyLoader {
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "SELECT DISTINCT ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id ?dataSetUri \n"
+            + "SELECT DISTINCT ?policyUri ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id ?dataSetUri \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?policy a ao:PolicyTemplate .\n"
             + "    ?policy ao:rules ?rules .\n"
+            + "    ?policy ao:policyDataSets ?policyDataSets .\n"
+            + "    ?policyDataSets ao:policyDataSet ?dataSet .\n"
             + "    ?rules rdf:type ao:Rules .\n"
             + "    ?rules ao:rule ?rule .\n"
             + "    ?rule ao:attribute ?attribute .\n"
@@ -165,6 +189,7 @@ public class PolicyLoader {
             + "       OPTIONAL {?value ao:id ?lit_value . }\n"
             + "    }\n" 
             + "    BIND(?dataSet as ?dataSetUri)\n"
+            + "    BIND(?policy as ?policyUri)\n"
             + "  }\n"
             + "} ORDER BY ?rule ?attribute";
 
@@ -177,19 +202,21 @@ public class PolicyLoader {
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?"
-            + POLICY + "?testData ?value ?valueId ( COUNT(?key) AS ?keySize ) \n"
+            + POLICY + " ?dataSet ?testData ?value ?valueId ( COUNT(?key) AS ?keySize ) \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n"
-            + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
-            + "  ?testDataSets ao:testDataset ?dataSet . \n"
-            + "  ?dataSet ao:testData ?testData . \n"
-            + "  OPTIONAL { ?testData ao:dataValue ?value . \n"
-            + "    OPTIONAL { ?value ao:id ?valueId . } \n"
-            + "  }"
-            + "  ?policyKeyUri ao:keyComponent ?key .\n";
+            + "  ?" + POLICY + " ao:policyDataSets ?policyDataSets .\n"
+            + "  ?policyDataSets ao:policyDataSet ?dataSet .\n"
+            + "  ?dataSet ao:dataSetKey ?dataSetKeyUri .\n"
+            + "  ?dataSet ao:dataSetValues ?dataSetValues .\n"
+            + "  ?dataSetValues ao:containerType ?containerType .\n"
+            + "  ?containerType ao:id ?containerId .\n"
+            + "  OPTIONAL { ?dataSetValues ao:dataValue ?value .\n"
+            + "    OPTIONAL { ?value ao:id ?valueId . }\n"
+            + "  }\n"
+            + "  ?dataSetKeyUri ao:keyComponent ?key .\n";
 
-    private static final String policyKeyTemplateSuffix = "}} GROUP BY ?" + POLICY + " ?value ?valueId ?testData";
+    private static final String policyKeyTemplateSuffix = "}} GROUP BY ?" + POLICY + " ?dataSet ?value ?valueId ?testData";
 
     private static final String policyStatementByKeyTemplatePrefix =
               "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
@@ -200,14 +227,16 @@ public class PolicyLoader {
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "CONSTRUCT { \n"
-            + "  ?testData ao:dataValue <%s> .\n"
+            + "  ?valueContainer ao:dataValue <%s> .\n"
             + "}\n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "  ?" + POLICY + " ao:policyKey ?policyKeyUri .\n"
-            + "  ?" + POLICY + " ao:testDatasets ?testDataSets .\n"
-            + "  ?testDataSets ao:testDataset ?dataSet . \n"
-            + "  ?dataSet ao:testData ?testData . \n";
+            + "  ?dataSet ao:dataSetKey ?dataSetKeyUri .\n"
+            + "  ?" + POLICY + " ao:policyDataSets ?policyDataSets .\n"
+            + "  ?policyDataSets ao:policyDataSet ?dataSet . \n"
+            + "  ?dataSet ao:dataSetValues ?valueContainer . \n"
+            + "  ?valueContainer ao:containerType ?containerTypeUri . \n"
+            + "  ?containerTypeUri ao:id ?containerType . \n";
 
     private static final String policyStatementByKeyTemplateSuffix = "}}";
 
@@ -277,7 +306,7 @@ public DynamicPolicy loadPolicy(String uri) {
                 loadRulesWithoutDataSet(uri, rules);
             } else {
                 for (String dataSetName : dataSetNames) {
-                    loadRulesForDataSet(uri, rules, dataSetName);
+                    loadRulesForDataSet(rules, dataSetName);
                 }
             }
         } catch (Exception e) {
@@ -291,15 +320,11 @@ public DynamicPolicy loadPolicy(String uri) {
         return policy;
     }
     
-    public DynamicPolicy loadPolicyWithDataSet(String uri, String dataSetUri) {
+    public DynamicPolicy loadPolicyFromTemplateDataSet(String dataSetUri) {
         Set<AccessRule> rules = new HashSet<>();
-        long priority = getPriority(uri);
+        long priority = getPriorityFromDataSet(dataSetUri);
         try {
-            if (dataSetUri == null) {
-                loadRulesWithoutDataSet(uri, rules);
-            } else {
-                loadRulesForDataSet(uri, rules, dataSetUri);
-            }
+            loadRulesForDataSet(rules, dataSetUri);
         } catch (Exception e) {
             log.error(e, e);
             return null;
@@ -307,20 +332,41 @@ public DynamicPolicy loadPolicyWithDataSet(String uri, String dataSetUri) {
         if (rules.isEmpty()) {
             return null;
         }
-        String policyUri = uri;
-        if (dataSetUri != null) {
-            policyUri += "+" + dataSetUri;
-        }
-        DynamicPolicy policy = new DynamicPolicy(policyUri, priority);
+        DynamicPolicy policy = new DynamicPolicy(dataSetUri, priority);
         policy.addRules(rules);
         return policy;
     }
 
-    public Set<String> getPolicyDataSetValues(OperationGroup og, AccessObjectType aot, String role) {
+    private long getPriorityFromDataSet(String dataSetUri) {
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(DATASET_PRIORITY_QUERY);
+        pss.setIri("dataSet", dataSetUri);
+        debug("Get priority for dataset uri %s query:\n %s", dataSetUri, pss.toString());
+        long[] priority = new long[1];
+        try {
+            rdfService.sparqlSelectQuery(pss.toString(), new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (!qs.contains(PRIORITY) || !qs.get(PRIORITY).isLiteral()) {
+                        priority[0] = 0L;
+                        return;
+                    }
+                    priority[0] = qs.getLiteral(PRIORITY).getLong();
+                }
+            });
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+        return priority[0];
+    }
+
+    public Set<String> getDataSetValues(OperationGroup og, AccessObjectType aot, String role) {
         Set<String> values = new HashSet<>();
         long expectedSize = 3;
-        final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
+        String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
                 new String[] { og.toString(), aot.toString() });
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(queryText);
+        pss.setLiteral("containerId", aot.toString());
+        queryText = pss.toString();
         debug("SPARQL Query to get policy data set values:\n %s", queryText);
         try {
             rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
@@ -351,7 +397,7 @@ protected void processQuerySolution(QuerySolution qs) {
         return values;
     }
 
-    public String getPolicyUriByKey(OperationGroup og, AccessObjectType aot, String role) {
+    public String getPolicyUriByDataSetKey(OperationGroup og, AccessObjectType aot, String role) {
         long expectedSize = 3;
         final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
                 new String[] { og.toString(), aot.toString() });
@@ -408,8 +454,11 @@ protected void processQuerySolution(QuerySolution qs) {
 
     public void modifyPolicyDataSetValue(String entityUri, OperationGroup og, AccessObjectType aot, String role,
             boolean isAdd) {
-        final String queryText = getPolicyDataSetValueStatementByKeyQuery(entityUri, new String[] { role },
+        String queryText = getPolicyDataSetValueStatementByKeyQuery(entityUri, new String[] { role },
                 new String[] { og.toString(), aot.toString() });
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(queryText);
+        pss.setLiteral("containerType", aot.toString());
+        queryText = pss.toString();
         debug("SPARQL Query to get policy data set values:\n %s", queryText);
         Model m = VitroModelFactory.createModel();
         try {
@@ -457,11 +506,11 @@ private static String getPolicyDataSetValueStatementByKeyQuery(String entityUri,
         StringBuilder query = new StringBuilder();
         query.append(String.format(policyStatementByKeyTemplatePrefix, entityUri));
         for (String uri : uris) {
-            query.append(String.format("  ?policyKeyUri ao:keyComponent <%s> . \n", uri));
+            query.append(String.format("  ?dataSetKeyUri ao:keyComponent <%s> . \n", uri));
         }
         int i = 0;
         for (String id : ids) {
-            query.append(String.format("  ?policyKeyUri ao:keyComponent ?uri%d . ?uri%d ao:id \"%s\" . \n", i, i, id));
+            query.append(String.format("  ?dataSetKeyUri ao:keyComponent ?uri%d . ?uri%d ao:id \"%s\" . \n", i, i, id));
             i++;
         }
         query.append(policyStatementByKeyTemplateSuffix);
@@ -471,11 +520,11 @@ private static String getPolicyDataSetValueStatementByKeyQuery(String entityUri,
     private static String getPolicyTestValuesByKeyQuery(String[] uris, String[] ids) {
         StringBuilder query = new StringBuilder(policyKeyTemplatePrefix);
         for (String uri : uris) {
-            query.append(String.format("  ?policyKeyUri ao:keyComponent <%s> . \n", uri));
+            query.append(String.format("  ?dataSetKeyUri ao:keyComponent <%s> . \n", uri));
         }
         int i = 0;
         for (String id : ids) {
-            query.append(String.format("  ?policyKeyUri ao:keyComponent ?uri%d . ?uri%d ao:id \"%s\" . \n", i, i, id));
+            query.append(String.format("  ?dataSetKeyUri ao:keyComponent ?uri%d .\n ?uri%d ao:id \"%s\" . \n", i, i, id));
             i++;
         }
         query.append(policyKeyTemplateSuffix);
@@ -515,7 +564,7 @@ private void loadRulesWithoutDataSet(String policyUri, Set<AccessRule> rules) th
                 @Override
                 protected void processQuerySolution(QuerySolution qs) {
                     try {
-                        if (isInvalidPolicySolution(policyUri, qs)) {
+                        if (isInvalidPolicySolution(qs)) {
                             throw new Exception();
                         }
                         if (isRuleContinues(rule[0], qs)) {
@@ -545,10 +594,9 @@ protected void processQuerySolution(QuerySolution qs) {
         }
     }
 
-    private void loadRulesForDataSet(String policyUri, Set<AccessRule> rules, String dataSetName) throws Exception {
+    private void loadRulesForDataSet(Set<AccessRule> rules, String dataSetUri) throws Exception {
         ParameterizedSparqlString pss = new ParameterizedSparqlString(DATASET_RULES_QUERY);
-        pss.setIri(POLICY, policyUri);
-        pss.setIri("dataSet", dataSetName);
+        pss.setIri("dataSet", dataSetUri);
         debug(pss.toString());
         AccessRule rule[] = new AccessRule[1];
         Exception ex[] = new Exception[1];
@@ -557,7 +605,7 @@ private void loadRulesForDataSet(String policyUri, Set<AccessRule> rules, String
                 @Override
                 protected void processQuerySolution(QuerySolution qs) {
                     try {
-                        if (isInvalidPolicySolution(policyUri, qs)) {
+                        if (isInvalidPolicySolution(qs)) {
                             throw new Exception();
                         }
                         if (isRuleContinues(rule[0], qs)) {
@@ -581,9 +629,9 @@ protected void processQuerySolution(QuerySolution qs) {
         }
         if (rule[0] != null) {
             rules.add(rule[0]);
-            debug("\nLoaded %s rules for %s policy", rules.size(), policyUri);
+            debug("\nLoaded %s rules for %s dataset", rules.size(), dataSetUri);
         } else {
-            debug("\nNo rules loaded from the user accounts model for %s policy.", policyUri);
+            debug("\nNo rules loaded from access control model for %s dataset.", dataSetUri);
         }
     }
 
@@ -643,25 +691,36 @@ private static void populateRule(AccessRule ar, QuerySolution qs) throws Excepti
         }
     }
 
-    private static boolean isInvalidPolicySolution(String uri, QuerySolution qs) {
+    private static boolean isInvalidPolicySolution(QuerySolution qs) {
+        if (!qs.contains("policyUri") || !qs.get("policyUri").isResource()) {
+            log.error("Query solution doesn't contain policy uri");
+            return true;
+        }
+        String policy = qs.get("policyUri").asResource().getURI();
         if (!qs.contains("rules") || !qs.get("rules").isResource()) {
-            debug("Policy <%s> solution doesn't contain rules uri", uri);
+            log.error(String.format("Query solution for policy <%s> doesn't contain rules uri", policy));
             return true;
         }
         if (!qs.contains("rule") || !qs.get("rule").isResource()) {
-            debug("Policy <%s> solution doesn't contain rule uri", uri);
+            log.error(String.format("Query solution for policy <%s> doesn't contain rule uri", policy));
             return true;
         }
+        String rule = qs.get("rule").asResource().getLocalName();
+        if (!qs.contains("attribute") || !qs.get("attribute").isResource()) {
+            log.error(String.format("Query solution for policy <%s> doesn't contain attribute uri", policy));
+            return true;
+        }
+        String attribute = qs.get("attribute").asResource().getLocalName();
         if (!qs.contains("value")) {
-            debug("Policy <%s> solution doesn't contain value", uri);
+            log.error(String.format("Query solution for policy <%s> rule %s attribute %s doesn't contain value", policy, rule, attribute));
             return true;
         }
         if (!qs.contains("typeId") || !qs.get("typeId").isLiteral()) {
-            debug("Policy <%s> solution doesn't contain attribute type id", uri);
+            log.error(String.format("Query solution for policy <%s> doesn't contain attribute type id", policy));
             return true;
         }
         if (!qs.contains("testId") || !qs.get("testId").isLiteral()) {
-            debug("Policy <%s> solution doesn't contain attribute test id", uri);
+            log.error(String.format("Query solution for policy <%s> doesn't contain attribute test id", policy));
             return true;
         }
         return false;
@@ -687,4 +746,31 @@ private ChangeSet makeChangeSet() {
         cs.addPostChangeEvent(new BulkUpdateEvent(null, false));
         return cs;
     }
+
+    public String getDataSetUriByKey(OperationGroup og, AccessObjectType aot, String role) {
+        long expectedSize = 3;
+        final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
+                new String[] { og.toString(), aot.toString() });
+        debug("SPARQL Query to get policy data set values:\n %s", queryText);
+        String[] uri = new String[1];
+        try {
+            rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (!qs.contains("dataSet") || !qs.get("dataSet").isResource() || !qs.contains("keySize")
+                            || !qs.get("keySize").isLiteral()) {
+                        return;
+                    }
+                    long keySize = qs.getLiteral("keySize").getLong();
+                    if (expectedSize != keySize) {
+                        return;
+                    }
+                    uri[0] = qs.getResource("dataSet").getURI();
+                }
+            });
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+        return uri[0];
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
index 9236b6ac98..a3d765498b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
@@ -92,7 +92,7 @@ protected StringBuilder getStatementsToRemove() {
             for (String operation : armOperations) {
                 OperationGroup og = operationMap.get(operation);
                 for (AccessObjectType aot : entityTypes) {
-                    Set<String> entityUris = PolicyLoader.getInstance().getPolicyDataSetValues(og, aot, newRole);
+                    Set<String> entityUris = PolicyLoader.getInstance().getDataSetValues(og, aot, newRole);
                     for (String entityUri : entityUris) {
                         EntityPolicyController.getDataValueStatements(entityUri, aot, og,
                                 Collections.singleton(newRole), removals);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
index d9bf63a1e9..d5c3a58ea3 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
@@ -13,11 +13,11 @@
 
 public class BasicPolicyTest extends PolicyTest {
 
-    public static final String BROKEN_POLICY_BROKEN_TEST = RESOURCES_PREFIX + "test_policy_broken1.n3";
-    public static final String BROKEN_POLICY_BROKEN_TYPE = RESOURCES_PREFIX + "test_policy_broken2.n3";
-    public static final String BROKEN_POLICY_BROKEN_TEST_ID = RESOURCES_PREFIX + "test_policy_broken3.n3";
-    public static final String BROKEN_POLICY_BROKEN_TYPE_ID = RESOURCES_PREFIX + "test_policy_broken4.n3";
-    public static final String BROKEN_POLICY_BROKEN_ATTRIBUTE_VALUES = RESOURCES_PREFIX + "test_policy_broken5.n3";
+    public static final String BROKEN_POLICY_BROKEN_TEST = RESOURCES_RULES_PREFIX + "test_policy_broken1.n3";
+    public static final String BROKEN_POLICY_BROKEN_TYPE = RESOURCES_RULES_PREFIX + "test_policy_broken2.n3";
+    public static final String BROKEN_POLICY_BROKEN_TEST_ID = RESOURCES_RULES_PREFIX + "test_policy_broken3.n3";
+    public static final String BROKEN_POLICY_BROKEN_TYPE_ID = RESOURCES_RULES_PREFIX + "test_policy_broken4.n3";
+    public static final String BROKEN_POLICY_BROKEN_ATTRIBUTE_VALUES = RESOURCES_RULES_PREFIX + "test_policy_broken5.n3";
 
     @Test
     public void testGetPolicyUris() {
@@ -32,8 +32,8 @@ public void testValidPolicy() {
     }
 
     @Test
-    public void testValidPolicyWithSet() {
-        load(VALID_POLICY_WITH_SET);
+    public void testValidPolicyTemplate() {
+        load(VALID_POLICY_TEMPLATE);
         DynamicPolicy policy = loader
                 .loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/ValidTestSetPolicy");
         countRulesAndAttributes(policy, 2, Collections.singleton(2));
@@ -80,8 +80,8 @@ public void testBrokenAttributeValue() {
     }
 
     @Test
-    public void testBrokenSet() {
-        load(BROKEN_POLICY_WITH_SET);
+    public void testBrokenPolicyTemplate() {
+        load(BROKEN_POLICY_TEMPLATE);
         DynamicPolicy policy = loader
                 .loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
         assertTrue(policy == null);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
index 9c25fa2823..dfe100f5c5 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
@@ -14,10 +14,10 @@ public class EntityPolicyControllerTest extends PolicyTest {
 
     @Test
     public void testGetGrantedRoles() {
-        load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
-        load(SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH);
+        //load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
+        //load(SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH);
         List<String> allowedRoles = Arrays.asList(ROLE_ADMIN_URI, ROLE_SELF_EDITOR_URI);
-        EntityPolicyController.updateEntityPolicy("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
+        EntityPolicyController.updateEntityPolicyDataSet("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
                 allowedRoles, ROLE_LIST);
         List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP,
                 AccessObjectType.CLASS, ROLE_LIST);
@@ -28,14 +28,14 @@ public void testGetGrantedRoles() {
 
     @Test
     public void testPolicyDataSetModification() {
-        load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
-        EntityPolicyController.updateEntityPolicy("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
+       // load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
+        EntityPolicyController.updateEntityPolicyDataSet("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
                 Arrays.asList(ROLE_ADMIN_URI), ROLE_LIST);
         List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP,
                 AccessObjectType.CLASS, ROLE_LIST);
         assertEquals(1, roles.size());
         roles.contains(ROLE_ADMIN_URI);
-        EntityPolicyController.updateEntityPolicy("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
+        EntityPolicyController.updateEntityPolicyDataSet("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
                 Collections.emptyList(), ROLE_LIST);
         roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP,
                 AccessObjectType.CLASS, ROLE_LIST);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
index 5396d19a83..61c486bd14 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
@@ -1,6 +1,5 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.CLASS;
 import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.DATA_PROPERTY;
 import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_DATA_PROPERTY;
 import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_OBJECT_PROPERTY;
@@ -22,238 +21,100 @@
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 
-
 @RunWith(Parameterized.class)
 public class EntityPolicyTests extends PolicyTest {
+    private static final String TEMPLATE_SIMPLE_MATCH_PROPERTY = "template/simple-match-allowed-property/PolicyTemplate";
+    private static final String TEMPLATE_SIMPLE_MATCH_CLASS = "template/simple-match-allowed-class/PolicyTemplate";
+
+    private static final String TEMPLATE_MATCH_ALLOWED_DATASET =
+            RESOURCES_PREFIX + "policy_template_match_allowed_dataset.n3";
+    private static final String TEMPLATE_PROPERTY_PREFIX =
+            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-match-allowed-property/";
+    private static final String TEMPLATE_CLASS_PREFIX =
+            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-match-allowed-class/";
+
     @org.junit.runners.Parameterized.Parameter(0)
-    public String filePath;
+    public String policyFilePath;
 
     @org.junit.runners.Parameterized.Parameter(1)
-    public String uri;
+    public String testDataSetPath;
 
     @org.junit.runners.Parameterized.Parameter(2)
-    public OperationGroup group;
+    public String uri;
 
     @org.junit.runners.Parameterized.Parameter(3)
-    public AccessObjectType type;
+    public String dataSetUri;
 
     @org.junit.runners.Parameterized.Parameter(4)
-    public String roleUri;
+    public OperationGroup group;
 
     @org.junit.runners.Parameterized.Parameter(5)
-    public int rulesCount;
+    public AccessObjectType type;
 
     @org.junit.runners.Parameterized.Parameter(6)
+    public String roleUri;
+
+    @org.junit.runners.Parameterized.Parameter(7)
+    public int rulesCount;
+
+    @org.junit.runners.Parameterized.Parameter(8)
     public Set<Integer> attrCount;
 
     @Test
     public void testPolicy() {
-        load(filePath);
+        load(policyFilePath);
+        load(testDataSetPath);
         String policyUri = PREFIX + uri;
-        EntityPolicyController.updateEntityPolicy("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
-        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        DynamicPolicy policy = null;
+        if (dataSetUri != null) {
+            policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
+        } else {
+            policy = loader.loadPolicy(policyUri);
+        }
         countRulesAndAttributes(policy, rulesCount, attrCount);
-        Set<String> values = loader.getPolicyDataSetValues(group, type, roleUri);
+        Set<String> values = loader.getDataSetValues(group, type, roleUri);
         assertFalse(values.isEmpty());
     }
 
     @Parameterized.Parameters
     public static Collection<Object[]> requests() {
         return Arrays.asList(new Object[][] {
-            { EDITOR_DISPLAY_CLASS_POLICY_PATH, "EditorDisplayClassPolicy", DISPLAY_GROUP,
-                CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
-            { EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, "EditorDisplayDataPropertyPolicy", DISPLAY_GROUP,
-                DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            { EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, "EditorDisplayObjectPropertyPolicy",
-                DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
-                Collections.singleton(4) },
-
-            { SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH, "SelfEditorDisplayClassPolicy", DISPLAY_GROUP,
-                CLASS, ROLE_SELF_EDITOR_URI, 1, Collections.singleton(4) },
-            { SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, "SelfEditorDisplayDataPropertyPolicy",
-                DISPLAY_GROUP, DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
-                Collections.singleton(4) },
-            { SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, "SelfEditorDisplayObjectPropertyPolicy",
-                DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
-                Collections.singleton(4) },
-
-            { PUBLIC_DISPLAY_CLASS_POLICY_PATH, "PublicDisplayClassPolicy", DISPLAY_GROUP,
-                CLASS, ROLE_PUBLIC_URI, 1, Collections.singleton(4) },
-            { PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH, "PublicDisplayDataPropertyPolicy", DISPLAY_GROUP,
-                DATA_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
-            { PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH, "PublicDisplayObjectPropertyPolicy",
-                DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2,
-                Collections.singleton(4) },
-
-            { CURATOR_DISPLAY_CLASS_POLICY_PATH, "CuratorDisplayClassPolicy", DISPLAY_GROUP,
-                CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
-            { CURATOR_DISPLAY_DATA_PROP_POLICY_PATH, "CuratorDisplayDataPropertyPolicy",
-                DISPLAY_GROUP, DATA_PROPERTY, ROLE_CURATOR_URI, 2,
-                Collections.singleton(4) },
-            { CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH, "CuratorDisplayObjectPropertyPolicy",
-                DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
-                Collections.singleton(4) },
-
-            { ADMIN_DISPLAY_CLASS_POLICY_PATH, "AdminDisplayClassPolicy", DISPLAY_GROUP,
-                CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
-            { ADMIN_DISPLAY_DATA_PROP_POLICY_PATH, "AdminDisplayDataPropertyPolicy", DISPLAY_GROUP,
-                DATA_PROPERTY, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
-            { ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH, "AdminDisplayObjectPropertyPolicy", DISPLAY_GROUP,
-                OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-
-            { EDITOR_PUBLISH_CLASS_POLICY_PATH, "EditorPublishClassPolicy", PUBLISH_GROUP,
-                CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
-            { EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, "EditorPublishDataPropertyPolicy", PUBLISH_GROUP,
-                DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            { EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, "EditorPublishObjectPropertyPolicy",
-                PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
-                Collections.singleton(4) },
-
-            { SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH, "SelfEditorPublishClassPolicy", PUBLISH_GROUP,
-                CLASS, ROLE_SELF_EDITOR_URI, 1, Collections.singleton(4) },
-            { SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, "SelfEditorPublishDataPropertyPolicy",
-                PUBLISH_GROUP, DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
-                Collections.singleton(4) },
-            { SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, "SelfEditorPublishObjectPropertyPolicy",
-                PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
-                Collections.singleton(4) },
-
-            { CURATOR_PUBLISH_CLASS_POLICY_PATH, "CuratorPublishClassPolicy", PUBLISH_GROUP,
-                CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
-            { CURATOR_PUBLISH_DATA_PROP_POLICY_PATH, "CuratorPublishDataPropertyPolicy",
-                PUBLISH_GROUP, DATA_PROPERTY, ROLE_CURATOR_URI, 2,
-                Collections.singleton(4) },
-            { CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH, "CuratorPublishObjectPropertyPolicy",
-                PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
-                Collections.singleton(4) },
-
-            { ADMIN_PUBLISH_CLASS_POLICY_PATH, "AdminPublishClassPolicy", PUBLISH_GROUP,
-                CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
-            { ADMIN_PUBLISH_DATA_PROP_POLICY_PATH, "AdminPublishDataPropertyPolicy", PUBLISH_GROUP,
-                DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            { ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH, "AdminPublishObjectPropertyPolicy", PUBLISH_GROUP,
-                OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-
-            { EDITOR_UPDATE_CLASS_POLICY_PATH, "EditorUpdateClassPolicy", UPDATE_GROUP,
-                CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
-            { EDITOR_UPDATE_DATA_PROP_POLICY_PATH, "EditorUpdateDataPropertyPolicy", UPDATE_GROUP,
-                DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-            { EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, "EditorUpdateObjectPropertyPolicy", UPDATE_GROUP,
-                OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-
-            { SELF_EDITOR_UPDATE_CLASS_POLICY_PATH, "SelfEditorUpdateClassPolicy", UPDATE_GROUP,
-                CLASS, ROLE_SELF_EDITOR_URI, 1, Collections.singleton(4) },
-            { SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH, "SelfEditorUpdateDataPropertyPolicy",
-                UPDATE_GROUP, DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
-                new HashSet<>(Arrays.asList(4, 5)) },
-            { SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, "SelfEditorUpdateObjectPropertyPolicy",
-                UPDATE_GROUP, OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
-                new HashSet<>(Arrays.asList(4, 5)) },
-
-            { PUBLIC_UPDATE_CLASS_POLICY_PATH, "PublicUpdateClassPolicy", UPDATE_GROUP,
-                CLASS, ROLE_PUBLIC_URI, 1, Collections.singleton(4) },
-            { PUBLIC_UPDATE_DATA_PROP_POLICY_PATH, "PublicUpdateDataPropertyPolicy", UPDATE_GROUP,
-                DATA_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
-            { PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH, "PublicUpdateObjectPropertyPolicy", UPDATE_GROUP,
-                OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
+                { SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorDisplayDataPropertyPolicy", null, DISPLAY_GROUP, DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
+                { SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorDisplayObjectPropertyPolicy", null, DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
+                { SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorPublishDataPropertyPolicy", null, PUBLISH_GROUP, DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
+                { SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorPublishObjectPropertyPolicy", null, PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
 
-            { CURATOR_UPDATE_CLASS_POLICY_PATH, "CuratorUpdateClassPolicy", UPDATE_GROUP,
-                CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
-            { CURATOR_UPDATE_DATA_PROP_POLICY_PATH, "CuratorUpdateDataPropertyPolicy", UPDATE_GROUP,
-                DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-            { CURATOR_UPDATE_OBJ_PROP_POLICY_PATH, "CuratorUpdateObjectPropertyPolicy", UPDATE_GROUP,
-                OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+                { EDITOR_UPDATE_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "EditorUpdateDataPropertyPolicy", null, UPDATE_GROUP, DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+                { EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "EditorUpdateObjectPropertyPolicy", null, UPDATE_GROUP, OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
 
-            { ADMIN_UPDATE_CLASS_POLICY_PATH, "AdminUpdateClassPolicy", UPDATE_GROUP,
-                CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
-            { ADMIN_UPDATE_DATA_PROP_POLICY_PATH, "AdminUpdateDataPropertyPolicy", UPDATE_GROUP,
-                DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-            { ADMIN_UPDATE_OBJ_PROP_POLICY_PATH, "AdminUpdateObjectPropertyPolicy", UPDATE_GROUP,
-                OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+                { SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorUpdateDataPropertyPolicy", null, UPDATE_GROUP, DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4, 5)) },
+                { SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorUpdateObjectPropertyPolicy", null, UPDATE_GROUP, OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4, 5)) },
 
-            { ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "AdminDisplayFauxObjectPropertyPolicy",
-                DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
-                Collections.singleton(4) },
-            { CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "CuratorDisplayFauxObjectPropertyPolicy",
-                DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
-                Collections.singleton(4) },
-            { EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "EditorDisplayFauxObjectPropertyPolicy",
-                DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
-                Collections.singleton(4) },
-            { SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "SelfEditorDisplayFauxObjectPropertyPolicy",
-                DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
-                Collections.singleton(4) },
-            { PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, "PublicDisplayFauxObjectPropertyPolicy",
-                DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2,
-                Collections.singleton(4) },
+                { PUBLIC_UPDATE_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "PublicUpdateDataPropertyPolicy", null, UPDATE_GROUP, DATA_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
+                { PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "PublicUpdateObjectPropertyPolicy", null, UPDATE_GROUP, OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
 
-            { ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "AdminPublishFauxObjectPropertyPolicy",
-                PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
-                Collections.singleton(4) },
-            { CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "CuratorPublishFauxObjectPropertyPolicy",
-                PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
-                Collections.singleton(4) },
-            { EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "EditorPublishFauxObjectPropertyPolicy",
-                PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
-                Collections.singleton(4) },
-            { SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, "SelfEditorPublishFauxObjectPropertyPolicy",
-                PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
-                Collections.singleton(4) },
+                { CURATOR_UPDATE_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "CuratorUpdateDataPropertyPolicy", null, UPDATE_GROUP, DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+                { CURATOR_UPDATE_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "CuratorUpdateObjectPropertyPolicy", null, UPDATE_GROUP, OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
 
-            { ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "AdminUpdateFauxObjectPropertyPolicy",
-                UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
-                Collections.singleton(4) },
-            { CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "CuratorUpdateFauxObjectPropertyPolicy",
-                UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
-                Collections.singleton(4) },
-            { EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "EditorUpdateFauxObjectPropertyPolicy",
-                UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
-                Collections.singleton(4) },
-            { SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, "SelfEditorUpdateFauxObjectPropertyPolicy",
-                UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
-                new HashSet<>(Arrays.asList(4, 5)) },
+                { ADMIN_UPDATE_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "AdminUpdateDataPropertyPolicy", null, UPDATE_GROUP, DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+                { ADMIN_UPDATE_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "AdminUpdateObjectPropertyPolicy", null, UPDATE_GROUP, OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+                
+                { SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorDisplayFauxObjectPropertyPolicy", null, DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
+                { SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, TEMPLATE_SIMPLE_MATCH_PROPERTY, TEMPLATE_PROPERTY_PREFIX + "SelfEditorPublishFauxObjectPropertyDataSet", PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
 
-            { ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "AdminDisplayFauxDataPropertyPolicy",
-                DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2,
-                Collections.singleton(4) },
-            { CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "CuratorDisplayFauxDataPropertyPolicy",
-                DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2,
-                Collections.singleton(4) },
-            { EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "EditorDisplayFauxDataPropertyPolicy",
-                DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2,
-                Collections.singleton(4) },
-            { SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "SelfEditorDisplayFauxDataPropertyPolicy",
-                DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
-                Collections.singleton(4) },
-            { PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, "PublicDisplayFauxDataPropertyPolicy",
-                DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_PUBLIC_URI, 2,
-                Collections.singleton(4) },
+                { ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "AdminUpdateFauxObjectPropertyPolicy", null, UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+                { CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "CuratorUpdateFauxObjectPropertyPolicy", null, UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+                { EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "EditorUpdateFauxObjectPropertyPolicy", null, UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+                { SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorUpdateFauxObjectPropertyPolicy", null, UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4, 5)) },
 
-            { ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "AdminPublishFauxDataPropertyPolicy",
-                PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2,
-                Collections.singleton(4) },
-            { CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "CuratorPublishFauxDataPropertyPolicy",
-                PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2,
-                Collections.singleton(4) },
-            { EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "EditorPublishFauxDataPropertyPolicy",
-                PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2,
-                Collections.singleton(4) },
-            { SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, "SelfEditorPublishFauxDataPropertyPolicy",
-                PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
-                Collections.singleton(4) },
+                { SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorDisplayFauxDataPropertyPolicy", null, DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
+                { SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorPublishFauxDataPropertyPolicy", null, PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
 
-            { ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "AdminUpdateFauxDataPropertyPolicy",
-                UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2,
-                Collections.singleton(4) },
-            { CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "CuratorUpdateFauxDataPropertyPolicy",
-                UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2,
-                Collections.singleton(4) },
-            { EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "EditorUpdateFauxDataPropertyPolicy",
-                UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2,
-                Collections.singleton(4) },
-            { SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, "SelfEditorUpdateFauxDataPropertyPolicy",
-                UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2,
-                new HashSet<>(Arrays.asList(4, 5)) },
+                { ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "AdminUpdateFauxDataPropertyPolicy", null, UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
+                { CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "CuratorUpdateFauxDataPropertyPolicy", null, UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
+                { EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "EditorUpdateFauxDataPropertyPolicy", null, UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
+                { SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorUpdateFauxDataPropertyPolicy", null, UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4, 5)) },
 
         });
     }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedClassesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedClassesPolicyTemplateTest.java
new file mode 100644
index 0000000000..af960ae48e
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedClassesPolicyTemplateTest.java
@@ -0,0 +1,78 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.CLASS;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.DISPLAY_GROUP;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.PUBLISH_GROUP;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.UPDATE_GROUP;
+import static org.junit.Assert.assertFalse;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+@RunWith(Parameterized.class)
+public class MatchAllowedClassesPolicyTemplateTest extends PolicyTest {
+    private static final String TEMPLATE_CLASS_PREFIX =
+            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-match-allowed-class/";
+
+    @org.junit.runners.Parameterized.Parameter(0)
+    public String dataSetUri;
+
+    @org.junit.runners.Parameterized.Parameter(1)
+    public OperationGroup group;
+
+    @org.junit.runners.Parameterized.Parameter(2)
+    public AccessObjectType type;
+
+    @org.junit.runners.Parameterized.Parameter(3)
+    public String roleUri;
+
+    @org.junit.runners.Parameterized.Parameter(4)
+    public int rulesCount;
+
+    @org.junit.runners.Parameterized.Parameter(5)
+    public Set<Integer> attrCount;
+
+    @Test
+    public void testPolicy() {
+        load(POLICY_TEMPLATE_MATCH_CLASS_PATH);
+        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        DynamicPolicy policy = null;
+        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_CLASS_PREFIX + dataSetUri);
+        countRulesAndAttributes(policy, rulesCount, attrCount);
+        Set<String> values = loader.getDataSetValues(group, type, roleUri);
+        assertFalse(values.isEmpty());
+    }
+
+    @Parameterized.Parameters
+    public static Collection<Object[]> requests() {
+        return Arrays.asList(new Object[][] {
+                { "EditorDisplayClassUriDataSet", DISPLAY_GROUP, CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
+                { "PublicDisplayClassUriDataSet", DISPLAY_GROUP, CLASS, ROLE_PUBLIC_URI, 1, Collections.singleton(4) },
+                { "EditorUpdateClassUriDataSet", UPDATE_GROUP, CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
+                { "SelfEditorDisplayClassUriDataSet", DISPLAY_GROUP, CLASS, ROLE_SELF_EDITOR_URI, 1,
+                        Collections.singleton(4) },
+                { "CuratorDisplayClassUriDataSet", DISPLAY_GROUP, CLASS, ROLE_CURATOR_URI, 1,
+                        Collections.singleton(4) },
+                { "AdminDisplayClassUriDataSet", DISPLAY_GROUP, CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
+                { "EditorPublishClassUriDataSet", PUBLISH_GROUP, CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
+                { "SelfEditorPublishClassUriDataSet", PUBLISH_GROUP, CLASS, ROLE_SELF_EDITOR_URI, 1,
+                        Collections.singleton(4) },
+                { "CuratorPublishClassUriDataSet", PUBLISH_GROUP, CLASS, ROLE_CURATOR_URI, 1,
+                        Collections.singleton(4) },
+                { "AdminPublishClassUriDataSet", PUBLISH_GROUP, CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
+                { "SelfEditorUpdateClassUriDataSet", UPDATE_GROUP, CLASS, ROLE_SELF_EDITOR_URI, 1,
+                        Collections.singleton(4) },
+                { "PublicUpdateClassUriDataSet", UPDATE_GROUP, CLASS, ROLE_PUBLIC_URI, 1, Collections.singleton(4) },
+                { "CuratorUpdateClassUriDataSet", UPDATE_GROUP, CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
+                { "AdminUpdateClassUriDataSet", UPDATE_GROUP, CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) }, });
+    }
+
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedPropertiesPolicyTemplateTest.java
new file mode 100644
index 0000000000..cf0a9ac20d
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedPropertiesPolicyTemplateTest.java
@@ -0,0 +1,118 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.DATA_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_DATA_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_OBJECT_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.OBJECT_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.DISPLAY_GROUP;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.PUBLISH_GROUP;
+import static org.junit.Assert.assertFalse;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+@RunWith(Parameterized.class)
+public class MatchAllowedPropertiesPolicyTemplateTest extends PolicyTest {
+    private static final String TEMPLATE_PROPERTY_PREFIX =
+            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-match-allowed-property/";
+
+    @org.junit.runners.Parameterized.Parameter(0)
+    public String dataSetUri;
+
+    @org.junit.runners.Parameterized.Parameter(1)
+    public OperationGroup group;
+
+    @org.junit.runners.Parameterized.Parameter(2)
+    public AccessObjectType type;
+
+    @org.junit.runners.Parameterized.Parameter(3)
+    public String roleUri;
+
+    @org.junit.runners.Parameterized.Parameter(4)
+    public int rulesCount;
+
+    @org.junit.runners.Parameterized.Parameter(5)
+    public Set<Integer> attrCount;
+
+    @Test
+    public void testPolicy() {
+        load(POLICY_TEMPLATE_MATCH_PROPERTY_PATH);
+        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        DynamicPolicy policy = null;
+        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_PROPERTY_PREFIX + dataSetUri);
+        countRulesAndAttributes(policy, rulesCount, attrCount);
+        Set<String> values = loader.getDataSetValues(group, type, roleUri);
+        assertFalse(values.isEmpty());
+    }
+
+    @Parameterized.Parameters
+    public static Collection<Object[]> requests() {
+        return Arrays.asList(new Object[][] {
+                { "EditorDisplayDataPropertyDataSet", DISPLAY_GROUP, DATA_PROPERTY, ROLE_EDITOR_URI, 2,
+                        Collections.singleton(4) },
+                { "EditorDisplayObjectPropertyDataSet", DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
+                        Collections.singleton(4) },
+                { "PublicDisplayDataPropertyDataSet", DISPLAY_GROUP, DATA_PROPERTY, ROLE_PUBLIC_URI, 2,
+                        Collections.singleton(4) },
+                { "PublicDisplayObjectPropertyDataSet", DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2,
+                        Collections.singleton(4) },
+                { "CuratorDisplayDataPropertyDataSet", DISPLAY_GROUP, DATA_PROPERTY, ROLE_CURATOR_URI, 2,
+                        Collections.singleton(4) },
+                { "CuratorDisplayObjectPropertyDataSet", DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
+                        Collections.singleton(4) },
+                { "AdminDisplayDataPropertyDataSet", DISPLAY_GROUP, DATA_PROPERTY, ROLE_ADMIN_URI, 2,
+                        Collections.singleton(4) },
+                { "AdminDisplayObjectPropertyDataSet", DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
+                        Collections.singleton(4) },
+                { "EditorPublishDataPropertyDataSet", PUBLISH_GROUP, DATA_PROPERTY, ROLE_EDITOR_URI, 2,
+                        Collections.singleton(4) },
+                { "EditorPublishObjectPropertyDataSet", PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
+                        Collections.singleton(4) },
+                { "CuratorPublishDataPropertyDataSet", PUBLISH_GROUP, DATA_PROPERTY, ROLE_CURATOR_URI, 2,
+                        Collections.singleton(4) },
+                { "CuratorPublishObjectPropertyDataSet", PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
+                        Collections.singleton(4) },
+                { "AdminPublishDataPropertyDataSet", PUBLISH_GROUP, DATA_PROPERTY, ROLE_ADMIN_URI, 2,
+                        Collections.singleton(4) },
+                { "AdminPublishObjectPropertyDataSet", PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
+                        Collections.singleton(4) },
+                { "AdminDisplayFauxObjectPropertyDataSet", DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
+                        Collections.singleton(4) },
+                { "CuratorDisplayFauxObjectPropertyDataSet", DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
+                        Collections.singleton(4) },
+                { "EditorDisplayFauxObjectPropertyDataSet", DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
+                        Collections.singleton(4) },
+                { "PublicDisplayFauxObjectPropertyDataSet", DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2,
+                        Collections.singleton(4) },
+                { "AdminPublishFauxObjectPropertyDataSet", PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
+                        Collections.singleton(4) },
+                { "CuratorPublishFauxObjectPropertyDataSet", PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
+                        Collections.singleton(4) },
+                { "EditorPublishFauxObjectPropertyDataSet", PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
+                        Collections.singleton(4) },
+                { "AdminDisplayFauxDataPropertyDataSet", DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2,
+                        Collections.singleton(4) },
+                { "CuratorDisplayFauxDataPropertyDataSet", DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2,
+                        Collections.singleton(4) },
+                { "EditorDisplayFauxDataPropertyDataSet", DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2,
+                        Collections.singleton(4) },
+                { "PublicDisplayFauxDataPropertyDataSet", DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_PUBLIC_URI, 2,
+                        Collections.singleton(4) },
+                { "AdminPublishFauxDataPropertyDataSet", PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2,
+                        Collections.singleton(4) },
+                { "CuratorPublishFauxDataPropertyDataSet", PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2,
+                        Collections.singleton(4) },
+                { "EditorPublishFauxDataPropertyDataSet", PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2,
+                        Collections.singleton(4) },
+        });
+    }
+
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 525c22751a..43218a7f18 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -42,121 +42,53 @@ public class PolicyTest {
     public static final String TEST_VALUES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "test_values.n3";
     public static final String TEST_DECISIONS = USER_ACCOUNTS_HOME_FIRSTTIME + "decisions.n3";
 
-    public static final String ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_display_object_property.n3";
-    public static final String ADMIN_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_display_data_property.n3";
-    public static final String ADMIN_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_display_class.n3";
-
-    public static final String CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_display_object_property.n3";
-    public static final String CURATOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_display_data_property.n3";
-    public static final String CURATOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_display_class.n3";
-
-    public static final String PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_public_display_object_property.n3";
-    public static final String PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_public_display_data_property.n3";
-    public static final String PUBLIC_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_public_display_class.n3";
-
+    public static final String POLICY_TEMPLATE_MATCH_PROPERTY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
+            + "template_match_allowed_property.n3";
+    
+    public static final String POLICY_TEMPLATE_MATCH_CLASS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
+            + "template_match_allowed_class.n3";
+    
     public static final String SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_display_object_property.n3";
     public static final String SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_display_data_property.n3";
-    public static final String SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_display_class.n3";
-
-    public static final String EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_display_object_property.n3";
-    public static final String EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_display_data_property.n3";
-    public static final String EDITOR_DISPLAY_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_display_class.n3";
+
     // Update
     public static final String ADMIN_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_update_object_property.n3";
     public static final String ADMIN_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_admin_update_data_property.n3";
-    public static final String ADMIN_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_update_class.n3";
 
     public static final String CURATOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_update_object_property.n3";
     public static final String CURATOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_curator_update_data_property.n3";
-    public static final String CURATOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_update_class.n3";
 
     public static final String PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_public_update_object_property.n3";
     public static final String PUBLIC_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_public_update_data_property.n3";
-    public static final String PUBLIC_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_public_update_class.n3";
 
     public static final String SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_update_object_property.n3";
     public static final String SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_update_data_property.n3";
-    public static final String SELF_EDITOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_update_class.n3";
 
     public static final String EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_update_object_property.n3";
     public static final String EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_editor_update_data_property.n3";
-    public static final String EDITOR_UPDATE_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_update_class.n3";
+
     // Publish
-    public static final String ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_publish_object_property.n3";
-    public static final String ADMIN_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_publish_data_property.n3";
-    public static final String ADMIN_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_publish_class.n3";
-
-    public static final String CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_publish_object_property.n3";
-    public static final String CURATOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_publish_data_property.n3";
-    public static final String CURATOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_publish_class.n3";
 
     public static final String SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_publish_object_property.n3";
     public static final String SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_publish_data_property.n3";
-    public static final String SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_publish_class.n3";
-
-    public static final String EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_publish_object_property.n3";
-    public static final String EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_publish_data_property.n3";
-    public static final String EDITOR_PUBLISH_CLASS_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_publish_class.n3";
-
-    public static final String ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_display_faux_object_property.n3";
-    public static final String CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_display_faux_object_property.n3";
-    public static final String EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_display_faux_object_property.n3";
+
     public static final String SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_display_faux_object_property.n3";
-    public static final String PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_public_display_faux_object_property.n3";
-
-    public static final String ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_publish_faux_object_property.n3";
-    public static final String CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_publish_faux_object_property.n3";
-    public static final String EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_publish_faux_object_property.n3";
+
     public static final String SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_publish_faux_object_property.n3";
 
@@ -169,23 +101,9 @@ public class PolicyTest {
     public static final String SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_update_faux_object_property.n3";
 
-    public static final String ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_display_faux_data_property.n3";
-    public static final String CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_display_faux_data_property.n3";
-    public static final String EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_display_faux_data_property.n3";
     public static final String SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_display_faux_data_property.n3";
-    public static final String PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_public_display_faux_data_property.n3";
-
-    public static final String ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_publish_faux_data_property.n3";
-    public static final String CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_publish_faux_data_property.n3";
-    public static final String EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_publish_faux_data_property.n3";
+
     public static final String SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_publish_faux_data_property.n3";
 
@@ -198,12 +116,13 @@ public class PolicyTest {
     public static final String SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "policy_self_editor_update_faux_data_property.n3";
 
-    protected static final String RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
+    protected static final String RESOURCES_RULES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
+    protected static final String RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/";
 
-    public static final String VALID_POLICY = RESOURCES_PREFIX + "test_policy_valid.n3";
-    public static final String VALID_POLICY_WITH_SET = RESOURCES_PREFIX + "test_policy_valid_set.n3";
-    public static final String BROKEN_POLICY_WITH_SET = RESOURCES_PREFIX + "test_policy_broken_set.n3";
-    public static final String POLICY_KEY_TEST = RESOURCES_PREFIX + "test_policy_key.n3";
+    public static final String VALID_POLICY = RESOURCES_RULES_PREFIX + "test_policy_valid.n3";
+    public static final String VALID_POLICY_TEMPLATE = RESOURCES_RULES_PREFIX + "test_policy_valid_set.n3";
+    public static final String BROKEN_POLICY_TEMPLATE = RESOURCES_RULES_PREFIX + "test_policy_broken_set.n3";
+    public static final String POLICY_KEY_TEST = RESOURCES_RULES_PREFIX + "test_policy_key.n3";
 
     protected static final List<String> ROLE_LIST = Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI,
             ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI);
@@ -213,59 +132,34 @@ public class PolicyTest {
 
     private static final Log log = LogFactory.getLog(PolicyTest.class);
 
-    protected static final List<String> entityPolicies = Arrays.asList(ADMIN_DISPLAY_OBJ_PROP_POLICY_PATH,
-            ADMIN_DISPLAY_DATA_PROP_POLICY_PATH, ADMIN_DISPLAY_CLASS_POLICY_PATH,
-
-            CURATOR_DISPLAY_OBJ_PROP_POLICY_PATH, CURATOR_DISPLAY_DATA_PROP_POLICY_PATH,
-            CURATOR_DISPLAY_CLASS_POLICY_PATH,
-
-            PUBLIC_DISPLAY_OBJ_PROP_POLICY_PATH, PUBLIC_DISPLAY_DATA_PROP_POLICY_PATH, PUBLIC_DISPLAY_CLASS_POLICY_PATH,
-
-            SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH,
-            SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH,
-
-            EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, EDITOR_DISPLAY_CLASS_POLICY_PATH,
-
-            ADMIN_UPDATE_OBJ_PROP_POLICY_PATH, ADMIN_UPDATE_DATA_PROP_POLICY_PATH, ADMIN_UPDATE_CLASS_POLICY_PATH,
-
-            CURATOR_UPDATE_OBJ_PROP_POLICY_PATH, CURATOR_UPDATE_DATA_PROP_POLICY_PATH, CURATOR_UPDATE_CLASS_POLICY_PATH,
-
-            PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH, PUBLIC_UPDATE_DATA_PROP_POLICY_PATH, PUBLIC_UPDATE_CLASS_POLICY_PATH,
-
-            SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH,
-            SELF_EDITOR_UPDATE_CLASS_POLICY_PATH,
-
-            EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, EDITOR_UPDATE_DATA_PROP_POLICY_PATH, EDITOR_UPDATE_CLASS_POLICY_PATH,
-
-            ADMIN_PUBLISH_OBJ_PROP_POLICY_PATH, ADMIN_PUBLISH_DATA_PROP_POLICY_PATH, ADMIN_PUBLISH_CLASS_POLICY_PATH,
-
-            CURATOR_PUBLISH_OBJ_PROP_POLICY_PATH, CURATOR_PUBLISH_DATA_PROP_POLICY_PATH,
-            CURATOR_PUBLISH_CLASS_POLICY_PATH,
-
-            SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH,
-            SELF_EDITOR_PUBLISH_CLASS_POLICY_PATH,
-
-            EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, EDITOR_PUBLISH_CLASS_POLICY_PATH,
-
-            ADMIN_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, CURATOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            PUBLIC_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-
-            ADMIN_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, CURATOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-
-            ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-
-            ADMIN_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, CURATOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
-            EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
-            PUBLIC_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
-
-            ADMIN_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, CURATOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
-            EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
-
-            ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
-            EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH);
+    protected static final List<String> entityPolicies = Arrays.asList(
+            SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH,
+            SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH,
+
+            ADMIN_UPDATE_OBJ_PROP_POLICY_PATH,
+            ADMIN_UPDATE_DATA_PROP_POLICY_PATH,
+            CURATOR_UPDATE_OBJ_PROP_POLICY_PATH,
+            CURATOR_UPDATE_DATA_PROP_POLICY_PATH,
+            PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH,
+            PUBLIC_UPDATE_DATA_PROP_POLICY_PATH,
+            SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH,
+            SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH,
+            EDITOR_UPDATE_OBJ_PROP_POLICY_PATH,
+            EDITOR_UPDATE_DATA_PROP_POLICY_PATH,
+            SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH,
+            SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH,
+            SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
+            SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
+            SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
+            ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
+            CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
+            EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
+            SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH);
 
     protected Model accessControlModel;
     protected PolicyLoader loader;
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
index be6034bbc3..4bc9b08f12 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
@@ -18,8 +18,8 @@
 
 public class ProximityTest extends PolicyTest {
 
-    private static final String PROXIMITY_POLICY_PATH = RESOURCES_PREFIX + "proximity_test_policy.n3";
-    private static final String PROXIMITY_DATA_PATH = RESOURCES_PREFIX + "proximity_test_data.n3";
+    private static final String PROXIMITY_POLICY_PATH = RESOURCES_RULES_PREFIX + "proximity_test_policy.n3";
+    private static final String PROXIMITY_DATA_PATH = RESOURCES_RULES_PREFIX + "proximity_test_data.n3";
 
     @Test
     public void testProximityPolicy() {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
index 8c63611a37..111442c302 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
@@ -18,15 +18,14 @@ public class SimplePermissionPolicyTest extends PolicyTest {
     public static final String EDITOR_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_editor_simple_permissions_dataset";
     public static final String SELF_EDITOR_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_self_editor_simple_permissions_dataset";
     public static final String PUBLIC_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_public_simple_permissions_dataset";
-    public static final String SIMPLE_PERMISSIONS_POLICY_PATH = "policy_simple_permissions";
+    public static final String SIMPLE_PERMISSIONS_POLICY_PATH = "template_simple_permissions";
 
     @Test
     public void testAdminSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + ADMIN_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SimplePermissionTemplatePolicy";
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/AdminSimplePermissionDataSet";
-        DynamicPolicy policy = loader.loadPolicyWithDataSet(policyUri, dataSetUri);
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/AdminSimplePermissionDataSet";
+        DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
@@ -45,9 +44,8 @@ public void testAdminSimplePermissionPolicy() {
     public void testCuratorSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + CURATOR_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SimplePermissionTemplatePolicy";
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/CuratorSimplePermissionDataSet";
-        DynamicPolicy policy = loader.loadPolicyWithDataSet(policyUri, dataSetUri);
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/CuratorSimplePermissionDataSet";
+        DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
@@ -66,9 +64,8 @@ public void testCuratorSimplePermissionPolicy() {
     public void testEditorSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + EDITOR_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SimplePermissionTemplatePolicy";
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/EditorSimplePermissionDataSet";
-        DynamicPolicy policy = loader.loadPolicyWithDataSet(policyUri, dataSetUri);
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/EditorSimplePermissionDataSet";
+        DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
@@ -87,9 +84,8 @@ public void testEditorSimplePermissionPolicy() {
     public void testSelfEditorSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SimplePermissionTemplatePolicy";
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SelfEditorSimplePermissionDataSet";
-        DynamicPolicy policy = loader.loadPolicyWithDataSet(policyUri, dataSetUri);
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/SelfEditorSimplePermissionDataSet";
+        DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
@@ -108,9 +104,8 @@ public void testSelfEditorSimplePermissionPolicy() {
     public void testPublicSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + PUBLIC_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/SimplePermissionTemplatePolicy";
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/PublicSimplePermissionDataSet";
-        DynamicPolicy policy = loader.loadPolicyWithDataSet(policyUri, dataSetUri);
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/PublicSimplePermissionDataSet";
+        DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index 778614a181..8c9702d405 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -74,7 +74,7 @@ public void getEntityMapTest() {
     public void getStatementsToRemoveTest() {
         StringBuilder removals = armMigrator.getStatementsToRemove();
         assertTrue(StringUtils.isBlank(removals.toString()));
-        EntityPolicyController.updateEntityPolicy("test:entity", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
+        EntityPolicyController.updateEntityPolicyDataSet("test:entity", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
                 ROLE_LIST, ROLE_LIST);
         removals = armMigrator.getStatementsToRemove();
         assertEquals(5, getCount("\n", removals.toString()));
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
index a574bf9a9b..380380784a 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
@@ -22,7 +22,7 @@ ai:PublicationInProximityAttribute rdf:type ao:Attribute ;
          ao:type ai:StatementSubjectUri ;
          ao:value ai:PublicationProximityToPerson .
 
-ai:PublicationProximityToPerson rdf:type ao:TestData ;
+ai:PublicationProximityToPerson rdf:type ao:ValueContainer ;
         ao:id """
         SELECT ?resourceUri WHERE {
                   ?personUri <test:has_publication> ?resourceUri .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index f2426d9a8a..eb8d433153 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -9,7 +9,7 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ai:BrokenTestSetPolicy rdf:type ao:Policy ;
-          ao:testDatasets ai:testDataSets ;
+          ao:policyDataSets ai:testDataSets ;
           ao:rules ai:BrokenRuleSet .
 
 ai:BrokenRuleSet rdf:type ao:Rules ;
@@ -29,13 +29,13 @@ ai:BrokenAttribute2 rdf:type ao:Attribute ;
          ao:type ai:ObjectUri ;
          ao:setValue ai:valueSet2 .
 
-ai:testDataSets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:testDataSet1 .
+ai:testDataSets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:testDataSet1 .
 
-ai:testDataSet1 rdf:type ao:TestDataSet ;
-          ao:testData ai:valueSet1 .
+ai:testDataSet1 rdf:type ao:PolicyDataSet ;
+          ao:dataSetValues ai:valueSet1 .
 
-ai:valueSet1 rdf:type ao:TestData ;
+ai:valueSet1 rdf:type ao:ValueContainer ;
         ao:dataValue <test:value1> ;
         ao:dataValue <test:value2> ;
         .        
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index 9a359400a4..3e7adc4805 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -9,44 +9,52 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ai:BrokenTestSetPolicy rdf:type ao:Policy ;
-          ao:testDatasets ai:testDataSets ;
-          ao:rules ai:BrokenRuleSet .
+    ao:policyDataSets ai:testDataSets ;
+    ao:rules ai:BrokenRuleSet .
 
 ai:BrokenRuleSet rdf:type ao:Rules ;
-          ao:rule ai:BrokenRule .
-          
+    ao:rule ai:BrokenRule .
+    
 ai:BrokenRule rdf:type ao:Rule ;
-          ao:attribute ai:BrokenSetAttribute1 ;
-          ao:attribute ai:BrokenSetAttribute2 .
-          
+    ao:attribute ai:BrokenSetAttribute1 ;
+    ao:attribute ai:BrokenSetAttribute2 .
+    
 ai:BrokenSetAttribute1 rdf:type ao:Attribute ;
-         ao:operator ai:NotOneOf ;
-         ao:type ai:ObjectUri ;
-         ao:setValue ai:valueSet1 .
-         
+    ao:operator ai:NotOneOf ;
+    ao:type ai:ObjectUri ;
+    ao:templateValue ai:AttributeValueSet1 ;
+    .
+    
 ai:BrokenSetAttribute2 rdf:type ao:Attribute ;
-         ao:operator ai:NotOneOf ;
-         ao:type ai:ObjectUri ;
-         ao:setValue ai:valueSet2 .
-
-ai:testDataSets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:testDataSet1 ;
-          ao:testDataset ai:testDataSet2 .
-
-ai:testDataSet1 rdf:type ao:TestDataSet ;
-          ao:testData ai:valueSet1 .
-
-ai:testDataSet2 rdf:type ao:TestDataSet ;
-          ao:testData ai:valueSet2 .
-
-ai:valueSet1 rdf:type ao:TestData ;
-        ao:dataValue <test:value1> ;
-        ao:dataValue <test:value2> ;
-        .
-        
-ai:valueSet2 rdf:type ao:TestData ;
-        ao:dataValue <test:value3> ;
-        ao:dataValue <test:value4> ;
-        .
-        
+    ao:operator ai:NotOneOf ;
+    ao:type ai:ObjectUri ;
+    ao:templateValue ai:AttributeValueSet2 .
+
+ai:testDataSets rdf:type ao:PolicyDataSets ;
+    ao:policyDataSet ai:testDataSet1 ;
+    ao:policyDataSet ai:testDataSet2 .
+
+ai:testDataSet1 rdf:type ao:PolicyDataSet ;
+    ao:dataSetValues ai:valueSet1 .
+
+ai:testDataSet2 rdf:type ao:PolicyDataSet ;
+    ao:dataSetValues ai:valueSet2 .
+
+ai:AttributeValueSet1 a ao:AttributeValueSet  ;
+    ao:attributeValue ai:valueSet1 ;
+    .
+
+ai:AttributeValueSet2 a ao:AttributeValueSet  ;
+    ao:attributeValue ai:valueSet2 ;
+    .
+
+ai:valueSet1 rdf:type ao:ValueContainer ;
+    ao:dataValue <test:value1> ;
+    ao:dataValue <test:value2> ;
+    .
+    
+ai:valueSet2 rdf:type ao:ValueContainer ;
+    ao:dataValue <test:value3> ;
+    ao:dataValue <test:value4> ;
+    .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index c98fb481c3..5d9c04208e 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -8,53 +8,63 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:ValidTestSetPolicy rdf:type ao:Policy ;
-          ao:testDatasets ai:testDataSets1 ;
-          ao:rules ai:ValidRuleSet .
+ai:ValidTestSetPolicy rdf:type ao:PolicyTemplate ;
+      ao:policyDataSets ai:testDataSets1 ;
+      ao:rules ai:ValidRuleSet .
 
 ai:ValidRuleSet rdf:type ao:Rules ;
-          ao:rule ai:ValidRule .
-          
+      ao:rule ai:ValidRule .
+      
 ai:ValidRule rdf:type ao:Rule ;
-          ao:attribute ai:ValidAttribute1 ;
-          ao:attribute ai:ValidAttribute2 .
-          
+      ao:attribute ai:ValidAttribute1 ;
+      ao:attribute ai:ValidAttribute2 .
+      
 ai:ValidAttribute1 rdf:type ao:Attribute ;
-         ao:operator ai:Equals ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:valueSet3 ;
-         ao:setValue ai:valueSet1 .
-         
+     ao:operator ai:Equals ;
+     ao:type ai:AccessObjectUri ;
+     ao:templateValue ai:AttributeValueSet1 ;
+     .
+
+ai:AttributeValueSet1 a ao:AttributeValueSet  ;
+     ao:attributeValue ai:valueSet1 ;
+     ao:attributeValue ai:valueSet3 ;
+     .
+     
 ai:ValidAttribute2 rdf:type ao:Attribute ;
-         ao:operator ai:Equals ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:valueSet4 ;
-         ao:setValue ai:valueSet2 .
-
-ai:testDataSets1 rdf:type ao:TestDatasets ;
-         ao:testDataset ai:testDataSet2 ;
-         ao:testDataset ai:testDataSet1 .
-
-ai:testDataSet1 rdf:type ao:TestDataSet ;
-         ao:testData ai:valueSet2 ;
-         ao:testData ai:valueSet1 .
-         
-ai:testDataSet2 rdf:type ao:TestDataSet ;
-         ao:testData ai:valueSet3 ;
-         ao:testData ai:valueSet4 .
-
-ai:valueSet1 rdf:type ao:TestData ;
-         ao:dataValue <test:value1> ;
-         .
-        
-ai:valueSet2 rdf:type ao:TestData ;
-         ao:dataValue <test:value2> ;
-         .
-         
-ai:valueSet3 rdf:type ao:TestData ;
-         ao:dataValue <test:value3> ;
-         .
-        
-ai:valueSet4 rdf:type ao:TestData ;
-         ao:dataValue <test:value4> ;
-         .
+     ao:operator ai:Equals ;
+     ao:type ai:AccessObjectUri ;
+     ao:templateValue ai:AttributeValueSet2 ;
+     .
+
+ai:AttributeValueSet2 a ao:AttributeValueSet  ;
+     ao:attributeValue ai:valueSet4 ;
+     ao:attributeValue ai:valueSet2 ;
+     .
+
+ai:testDataSets1 rdf:type ao:PolicyDataSets ;
+     ao:policyDataSet ai:testDataSet2 ;
+     ao:policyDataSet ai:testDataSet1 .
+
+ai:testDataSet1 rdf:type ao:PolicyDataSet ;
+     ao:dataSetValues ai:valueSet2 ;
+     ao:dataSetValues ai:valueSet1 .
+     
+ai:testDataSet2 rdf:type ao:PolicyDataSet ;
+     ao:dataSetValues ai:valueSet3 ;
+     ao:dataSetValues ai:valueSet4 .
+
+ai:valueSet1 rdf:type ao:ValueContainer ;
+     ao:dataValue <test:value1> ;
+     .
+    
+ai:valueSet2 rdf:type ao:ValueContainer ;
+     ao:dataValue <test:value2> ;
+     .
+     
+ai:valueSet3 rdf:type ao:ValueContainer ;
+     ao:dataValue <test:value3> ;
+     .
+    
+ai:valueSet4 rdf:type ao:ValueContainer ;
+     ao:dataValue <test:value4> ;
+     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
index 23fba2ca73..d7c03b062a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
@@ -37,3 +37,32 @@ ai:Class rdf:type ao:ObjectType ;
      
 ai:NamedObject rdf:type ao:ObjectType ;
      ao:id "NAMED_OBJECT" .
+
+#Object type value containers
+
+ai:ObjectPropertyAccesObjectValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:ObjectPropertyAccesObject .
+
+ai:DataPropertyAccesObjectValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:DataPropertyAccesObject .
+
+ai:FauxObjectPropertyAccesObjectValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:FauxObjectPropertyAccesObject .
+
+ai:FauxDataPropertyAccesObjectValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:FauxDataPropertyAccesObject .
+
+ai:ObjectPropertyStatementAccesObjectValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:ObjectPropertyStatementAccesObject .
+
+ai:DataPropertyStatementAccesObjectValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:DataPropertyStatementAccesObject .
+
+ai:FauxObjectPropertyStatementAccesObjectValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:FauxObjectPropertyStatementAccesObject .
+
+ai:FauxDataPropertyStatementAccesObjectValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:FauxDataPropertyStatementAccesObject .
+
+ai:ClassAccesObjectValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:Class .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3 b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
index 4363b5d24f..ab7b0c066e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
@@ -9,133 +9,133 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ##### Ontology
-<https://vivoweb.org/ontology/vitro-application/auth/vocabulary> rdf:type owl:Ontology .
+<https://vivoweb.org/ontology/vitro-application/auth/vocabulary> a owl:Ontology .
 
 #### Classes
 
-ao:PolicyTemplate rdf:type owl:Class ;
+ao:PolicyTemplate a owl:Class ;
      rdfs:label "Access rule policy template"@en-US .
 
-ao:Policy rdf:type owl:Class ;
+ao:Policy a owl:Class ;
      rdfs:label "Access rule policy"@en-US .
 
-ao:TestDatasets rdf:type owl:Class ;
+ao:PolicyDataSet a owl:Class ;
      rdfs:label "Test datasets"@en-US .
      
-ao:TestDataset rdf:type owl:Class ;
-     rdfs:label "Test dataset"@en-US .
-     
-ao:TestData rdf:type owl:Class ;
+ao:ValueContainer a owl:Class ;
      rdfs:label "Test data"@en-US .
      
-ao:TestValue rdf:type owl:Class ;
+ao:TestValue a owl:Class ;
      rdfs:label "Test value"@en-US .
 
-ao:Rule rdf:type owl:Class ;
+ao:Rule a owl:Class ;
      rdfs:label "Access rule"@en-US .
      
-ao:Rules rdf:type owl:Class ;
+ao:Rules a owl:Class ;
      rdfs:label "Access rule set"@en-US .
      
-ao:PolicyKey rdf:type owl:Class ;
+ao:PolicyKey a owl:Class ;
      rdfs:label "Policy key"@en-US .
 
-ao:Attribute rdf:type owl:Class ;
+ao:Attribute a owl:Class ;
      rdfs:label "Access rule attribute"@en-US .
      
-ao:Operator rdf:type owl:Class ;
+ao:Operator a owl:Class ;
      rdfs:label "Operator"@en-US .
 
-ao:Operation rdf:type owl:Class ;
+ao:Operation a owl:Class ;
      rdfs:label "Operation"@en-US .
 
-ao:OperationGroup rdf:type owl:Class ;
+ao:OperationGroup a owl:Class ;
      rdfs:label "Operation group"@en-US .
 
-ao:ObjectType rdf:type owl:Class ;
+ao:ObjectType a owl:Class ;
      rdfs:label "Object type"@en-US .
      
-ao:SubjectType rdf:type owl:Class ;
+ao:SubjectType a owl:Class ;
      rdfs:label "Subject type"@en-US .
 
-ao:AccesObject rdf:type owl:Class ;
+ao:AccesObject a owl:Class ;
      rdfs:label "Access object"@en-US .
 
-ao:AttributeType rdf:type owl:Class ;
+ao:AttributeType a owl:Class ;
      rdfs:label "Attribute type"@en-US .
      
-ao:Decision rdf:type owl:Class ;
+ao:Decision a owl:Class ;
      rdfs:label "Decision"@en-US .
      
 #### Data properties
 
-ao:attributeName rdf:type owl:DatatypeProperty ,
+ao:attributeName a owl:DatatypeProperty ,
             owl:FunctionalProperty ;
             rdfs:domain ao:Attribute ;
             rdfs:range xsd:string ;
             rdfs:label "Attribute name"@en-US .
 
-ao:id rdf:type owl:DatatypeProperty ,
+ao:id a owl:DatatypeProperty ,
             owl:FunctionalProperty ;
             rdfs:domain ao:AttributeType ;
             rdfs:range xsd:string ;
             rdfs:label "id"@en-US .
 
-ao:stringValue rdf:type owl:DatatypeProperty ,
+ao:stringValue a owl:DatatypeProperty ,
             owl:FunctionalProperty ;
             rdfs:range xsd:string ;
             rdfs:label "id"@en-US .            
 
-ao:priority rdf:type owl:DatatypeProperty ,
+ao:priority a owl:DatatypeProperty ,
             owl:FunctionalProperty ;
             rdfs:range xsd:integer ;
             rdfs:label "priority"@en-US . 
             
 #### Object properties
 
-ao:attribute rdf:type owl:ObjectProperty ;
+ao:attribute a owl:ObjectProperty ;
           rdfs:domain ao:Rule ;
           rdfs:range ao:Attribute .
           
-ao:decision rdf:type owl:ObjectProperty ;
+ao:decision a owl:ObjectProperty ;
           rdfs:domain ao:Rule ;
           rdfs:range ao:Decision .          
           
-ao:rules rdf:type owl:ObjectProperty ;
+ao:rules a owl:ObjectProperty ;
           rdfs:domain ao:Policy ;
           rdfs:range ao:Rules .
 
-ao:testDatasets rdf:type owl:ObjectProperty ;
+ao:policyDataSets a owl:ObjectProperty ;
           rdfs:domain ao:Policy ;
-          rdfs:range ao:TestDatasets .
+          rdfs:range ao:PolicyDataSet .
+
+ao:testData a owl:ObjectProperty ;
+          rdfs:domain ao:PolicyDataSet ;
+          rdfs:range ao:ValueContainer .
 
-ao:testData rdf:type owl:ObjectProperty ;
-          rdfs:domain ao:TestDatasets ;
-          rdfs:range ao:TestData .
+ao:containerType a owl:ObjectProperty ;
+          rdfs:domain ao:ValueContainer .
 
-ao:uri rdf:type owl:ObjectProperty .
+ao:uri a owl:ObjectProperty .
 
-ao:value rdf:type owl:ObjectProperty ;
+ao:value a owl:ObjectProperty ;
           rdfs:domain ao:Attribute .
           
-ao:setValue rdf:type owl:ObjectProperty ;
+ao:setValue a owl:ObjectProperty ;
           rdfs:domain ao:Attribute .          
     
-ao:operation rdf:type owl:ObjectProperty ;
+ao:operation a owl:ObjectProperty ;
           rdfs:domain ao:Rule ;
           rdfs:range ao:Operation .
           
-ao:rule rdf:type owl:ObjectProperty ;
+ao:rule a owl:ObjectProperty ;
           rdfs:domain ao:Policy ;
           rdfs:range ao:Rule .
           
-ao:test rdf:type owl:ObjectProperty ;
+ao:test a owl:ObjectProperty ;
           rdfs:domain ao:Attribute ;
           rdfs:range ao:Operator .
           
-ao:keyComponent rdf:type owl:ObjectProperty .
+ao:keyComponent a owl:ObjectProperty .
           
-ao:policyKey rdf:type owl:ObjectProperty ;
+ao:policyKey a owl:ObjectProperty ;
           rdfs:domain ao:Policy ;
           rdfs:range ao:PolicyKey .            
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/operations.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
index 4a8ee51b30..d596165168 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
@@ -9,23 +9,43 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ai:DisplayOperation rdf:type ao:Operation ;
-         ao:id "DISPLAY" .
-         
+    ao:id "DISPLAY" .
+    
 ai:UpdateOperation rdf:type ao:Operation ;
-         ao:id "UPDATE" .
-         
+    ao:id "UPDATE" .
+    
 ai:PublishOperation rdf:type ao:Operation ;
-         ao:id "PUBLISH" .         
+    ao:id "PUBLISH" .    
 
 ai:AddOperation rdf:type ao:Operation ;
-         ao:id "ADD" .
-         
+    ao:id "ADD" .
+    
 ai:DropOperation rdf:type ao:Operation ;
-         ao:id "DROP" .
+    ao:id "DROP" .
 
 ai:EditOperation rdf:type ao:Operation ;
-         ao:id "EDIT" .
+    ao:id "EDIT" .
 
 ai:ExecuteOperation rdf:type ao:Operation ;
-         ao:id "EXECUTE" .
+    ao:id "EXECUTE" .
 
+ai:DisplayOperationValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:DisplayOperation .
+
+ai:UpdateOperationValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:UpdateOperation .
+
+ai:PublishOperationValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:PublishOperation .
+
+ai:AddOperationValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:AddOperation .
+
+ai:DropOperationValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:DropOperation .
+
+ai:EditOperationValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:EditOperation .
+
+ai:ExecuteOperationValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:ExecuteOperation .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3
deleted file mode 100644
index 71f6399fad..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminDisplayClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminDisplayClassRuleSet ;
-          ao:testDatasets ai:AdminDisplayClassTestDatasets ;
-          ao:policyKey ai:AdminDisplayClassPolicyKey .
-
-ai:AdminDisplayClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminDisplayClassRule .
-
-ai:AdminDisplayClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminDisplayClassDataset .
-
-ai:AdminDisplayClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:AdminDisplayClassTestData .
-          
-ai:AdminDisplayClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowAdminDisplayClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:AdminDisplayClassAttribute .
-         
-ai:AdminDisplayClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminDisplayClassTestData .
-         
-ai:AdminDisplayClassTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
deleted file mode 100644
index 4dcda11577..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminDisplayDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminDisplayDataPropertyRuleSet ;
-          ao:testDatasets ai:AdminDisplayDataPropertyTestDatasets ;
-          ao:policyKey ai:AdminDisplayDataPropertyPolicyKey .
-
-ai:AdminDisplayDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminDisplayDataPropertyStatementRule ;
-          ao:rule ai:AllowAdminDisplayDataPropertyRule .
-
-ai:AdminDisplayDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminDisplayDataPropertyDataset .
-
-ai:AdminDisplayDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:AdminDisplayDataPropertyTestData .
-          
-ai:AdminDisplayDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowAdminDisplayDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:AdminDisplayDataPropertyAttribute .
-
-ai:AllowAdminDisplayDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminDisplayDataPropertyStatementAttribute .
-         
-ai:AdminDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:AdminDisplayDataPropertyTestData .
-
-ai:AdminDisplayDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminDisplayDataPropertyTestData .
-
-ai:AdminDisplayDataPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3
deleted file mode 100644
index f32c6e9706..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminDisplayFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminDisplayFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:AdminDisplayFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:AdminDisplayFauxDataPropertyPolicyKey .
-
-ai:AdminDisplayFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminDisplayFauxDataPropertyStatementRule ;
-          ao:rule ai:AllowAdminDisplayFauxDataPropertyRule .
-
-ai:AdminDisplayFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminDisplayFauxDataPropertyDataset .
-
-ai:AdminDisplayFauxDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:AdminDisplayFauxDataPropertyTestData .
-          
-ai:AdminDisplayFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowAdminDisplayFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:AdminDisplayFauxDataPropertyAttribute .
-
-ai:AllowAdminDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminDisplayFauxDataPropertyStatementAttribute .
-         
-ai:AdminDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:AdminDisplayFauxDataPropertyTestData .
-         
-ai:AdminDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminDisplayFauxDataPropertyTestData .
-         
-ai:AdminDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3
deleted file mode 100644
index ec70040efc..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_faux_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminDisplayFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminDisplayFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:AdminDisplayFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:AdminDisplayFauxObjectPropertyPolicyKey .
-
-ai:AdminDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminDisplayFauxObjectPropertyStatementRule ;
-          ao:rule ai:AllowAdminDisplayFauxObjectPropertyRule .
-
-ai:AdminDisplayFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminDisplayFauxObjectPropertyDataset .
-
-ai:AdminDisplayFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:AdminDisplayFauxObjectPropertyTestData .
-          
-ai:AdminDisplayFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowAdminDisplayFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:AdminDisplayFauxObjectPropertyAttribute .
-
-ai:AllowAdminDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminDisplayFauxObjectPropertyStatementAttribute .
-         
-ai:AdminDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:AdminDisplayFauxObjectPropertyTestData .
-         
-ai:AdminDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminDisplayFauxObjectPropertyTestData .
-         
-ai:AdminDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3
deleted file mode 100644
index 3f90f54d0b..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_display_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminDisplayObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminDisplayObjectPropertyRuleSet ;
-          ao:testDatasets ai:AdminDisplayObjectPropertyTestDatasets ;
-          ao:policyKey ai:AdminDisplayObjectPropertyPolicyKey .
-
-ai:AdminDisplayObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminDisplayObjectPropertyStatementRule ;
-          ao:rule ai:AllowAdminDisplayObjectPropertyRule .
-
-ai:AdminDisplayObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminDisplayObjectPropertyDataset .
-
-ai:AdminDisplayObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:AdminDisplayObjectPropertyTestData .
-          
-ai:AdminDisplayObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowAdminDisplayObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:AdminDisplayObjectPropertyAttribute .
-
-ai:AllowAdminDisplayObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminDisplayObjectPropertyStatementAttribute .
-         
-ai:AdminDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:AdminDisplayObjectPropertyTestData .
-         
-ai:AdminDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminDisplayObjectPropertyTestData .
-         
-ai:AdminDisplayObjectPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3
deleted file mode 100644
index 7afea0994c..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminPublishClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminPublishClassRuleSet ;
-          ao:testDatasets ai:AdminPublishClassTestDatasets ;
-          ao:policyKey ai:AdminPublishClassPolicyKey .
-
-ai:AdminPublishClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminPublishClassRule .
-
-ai:AdminPublishClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminPublishClassDataset .
-
-ai:AdminPublishClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:AdminPublishClassTestData .
-          
-ai:AdminPublishClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowAdminPublishClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:AdminPublishClassAttribute .
-         
-ai:AdminPublishClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminPublishClassTestData .
-         
-ai:AdminPublishClassTestData rdf:type ao:TestData ;
-  .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
deleted file mode 100644
index 51365f8684..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminPublishDataPropertyPolicy rdf:type ao:Policy ;
-     ao:rules ai:AdminPublishDataPropertyRuleSet ;
-     ao:testDatasets ai:AdminPublishDataPropertyTestDatasets ;
-     ao:policyKey ai:AdminPublishDataPropertyPolicyKey .
-
-ai:AdminPublishDataPropertyRuleSet rdf:type ao:Rules ;
-     ao:rule ai:AllowAdminPublishDataPropertyStatementRule ;
-     ao:rule ai:AllowAdminPublishDataPropertyRule .
-
-ai:AdminPublishDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-     ao:testDataset ai:AdminPublishDataPropertyDataset .
-
-ai:AdminPublishDataPropertyDataset rdf:type ao:TestDataSet ;
-     ao:testData ai:AdminPublishDataPropertyTestData .
-     
-ai:AdminPublishDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-     ao:keyComponent ai:DataPropertyAccesObject ;
-     ao:keyComponent auth:ADMIN ;
-     ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowAdminPublishDataPropertyRule rdf:type ao:Rule;
-     ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-     ao:attribute ai:PublishOperationAttribute ;
-     ao:attribute ai:DataPropertyTypeAttribute ;
-     ao:attribute ai:AdminPublishDataPropertyAttribute .
-
-ai:AllowAdminPublishDataPropertyStatementRule rdf:type ao:Rule;
-     ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-     ao:attribute ai:PublishOperationAttribute ;
-     ao:attribute ai:DataPropertyStatementTypeAttribute ;
-     ao:attribute ai:AdminPublishDataPropertyStatementAttribute .
-    
-ai:AdminPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
-    ao:operator ai:OneOf ;
-    ao:type ai:StatementPredicateUri ;
-    ao:setValue ai:AdminPublishDataPropertyTestData .
-
-ai:AdminPublishDataPropertyAttribute rdf:type ao:Attribute ;
-    ao:operator ai:OneOf ;
-    ao:type ai:AccessObjectUri ;
-    ao:setValue ai:AdminPublishDataPropertyTestData .
-    
-ai:AdminPublishDataPropertyTestData rdf:type ao:TestData ;
-   .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3
deleted file mode 100644
index 02140361b7..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminPublishFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminPublishFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:AdminPublishFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:AdminPublishFauxDataPropertyPolicyKey .
-
-ai:AdminPublishFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminPublishFauxDataPropertyStatementRule ;
-          ao:rule ai:AllowAdminPublishFauxDataPropertyRule .
-
-ai:AdminPublishFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminPublishFauxDataPropertyDataset .
-
-ai:AdminPublishFauxDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:AdminPublishFauxDataPropertyTestData .
-          
-ai:AdminPublishFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowAdminPublishFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:AdminPublishFauxDataPropertyAttribute .
-
-ai:AllowAdminPublishFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminPublishFauxDataPropertyStatementAttribute .
-         
-ai:AdminPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:AdminPublishFauxDataPropertyTestData .
-
-ai:AdminPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminPublishFauxDataPropertyTestData .
-         
-ai:AdminPublishFauxDataPropertyTestData rdf:type ao:TestData ;
-   .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3
deleted file mode 100644
index e2fd4043cf..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_faux_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminPublishFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminPublishFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:AdminPublishFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:AdminPublishFauxObjectPropertyPolicyKey .
-
-ai:AdminPublishFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminPublishFauxObjectPropertyStatementRule ;
-          ao:rule ai:AllowAdminPublishFauxObjectPropertyRule .
-
-ai:AdminPublishFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminPublishFauxObjectPropertyDataset .
-
-ai:AdminPublishFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:AdminPublishFauxObjectPropertyTestData .
-          
-ai:AdminPublishFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowAdminPublishFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:AdminPublishFauxObjectPropertyAttribute .
-
-ai:AllowAdminPublishFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminPublishFauxObjectPropertyStatementAttribute .
-         
-ai:AdminPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:AdminPublishFauxObjectPropertyTestData .
-
-ai:AdminPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminPublishFauxObjectPropertyTestData .
-         
-ai:AdminPublishFauxObjectPropertyTestData rdf:type ao:TestData ;
-   .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3
deleted file mode 100644
index 30ae537e20..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_publish_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminPublishObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminPublishObjectPropertyRuleSet ;
-          ao:testDatasets ai:AdminPublishObjectPropertyTestDatasets ;
-          ao:policyKey ai:AdminPublishObjectPropertyPolicyKey .
-
-ai:AdminPublishObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminPublishObjectPropertyStatementRule ;
-          ao:rule ai:AllowAdminPublishObjectPropertyRule .
-
-ai:AdminPublishObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminPublishObjectPropertyDataset .
-
-ai:AdminPublishObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:AdminPublishObjectPropertyTestData .
-          
-ai:AdminPublishObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowAdminPublishObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:AdminPublishObjectPropertyAttribute .
-
-ai:AllowAdminPublishObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminPublishObjectPropertyStatementAttribute .
-         
-ai:AdminPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:AdminPublishObjectPropertyTestData .
-
-ai:AdminPublishObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminPublishObjectPropertyTestData .
-         
-ai:AdminPublishObjectPropertyTestData rdf:type ao:TestData ;
-   .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
deleted file mode 100644
index c302ec3312..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminUpdateClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminUpdateClassRuleSet ;
-          ao:testDatasets ai:AdminUpdateClassTestDatasets ;
-          ao:policyKey ai:AdminUpdateClassPolicyKey .
-
-ai:AdminUpdateClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminUpdateClassRule .
-
-ai:AdminUpdateClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminUpdateClassDataset .
-
-ai:AdminUpdateClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:AdminUpdateClassTestData .
-          
-ai:AdminUpdateClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowAdminUpdateClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:AdminUpdateClassAttribute .
-         
-ai:AdminUpdateClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminUpdateClassTestData .
-         
-ai:AdminUpdateClassTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
index 8c3136f1b5..8c5331550f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
@@ -16,10 +16,10 @@ ai:AdminUpdateDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowAdminUpdateAddEditorDropDataPropertyStatementRule ;
           ao:rule ai:AllowAdminUpdateDataPropertyRule .
 
-ai:AdminUpdateDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminUpdateDataPropertyDataset .
+ai:AdminUpdateDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:AdminUpdateDataPropertyDataset .
 
-ai:AdminUpdateDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:AdminUpdateDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:AdminUpdateDataPropertyTestData .
           
 ai:AdminUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:AdminUpdateDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateDataPropertyTestData .
          
-ai:AdminUpdateDataPropertyTestData rdf:type ao:TestData ;
+ai:AdminUpdateDataPropertyTestData rdf:type ao:ValueContainer ;
         .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
index fa7ea9eadf..402c868a5f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
@@ -16,10 +16,10 @@ ai:AdminUpdateFauxDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowAdminUpdateFauxDataPropertyRule ;
           ao:rule ai:AllowAdminUpdateEditAddDropFauxDataPropertyStatementRule .
 
-ai:AdminUpdateFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminUpdateFauxDataPropertyDataset .
+ai:AdminUpdateFauxDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:AdminUpdateFauxDataPropertyDataset .
 
-ai:AdminUpdateFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:AdminUpdateFauxDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:AdminUpdateFauxDataPropertyTestData .
           
 ai:AdminUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:AdminUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateFauxDataPropertyTestData .
          
-ai:AdminUpdateFauxDataPropertyTestData rdf:type ao:TestData ;
+ai:AdminUpdateFauxDataPropertyTestData rdf:type ao:ValueContainer ;
       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
index ace6d7c6dd..257c0efc62 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
@@ -16,10 +16,10 @@ ai:AdminUpdateFauxObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowAdminUpdateFauxObjectPropertyRule ;
           ao:rule ai:AllowAdminUpdateEditAddDropFauxObjectPropertyStatementRule .
 
-ai:AdminUpdateFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminUpdateFauxObjectPropertyDataset .
+ai:AdminUpdateFauxObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:AdminUpdateFauxObjectPropertyDataset .
 
-ai:AdminUpdateFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:AdminUpdateFauxObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:AdminUpdateFauxObjectPropertyTestData .
           
 ai:AdminUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:AdminUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateFauxObjectPropertyTestData .
          
-ai:AdminUpdateFauxObjectPropertyTestData rdf:type ao:TestData ;
+ai:AdminUpdateFauxObjectPropertyTestData rdf:type ao:ValueContainer ;
       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
index a650863a03..367ec09e29 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
@@ -16,10 +16,10 @@ ai:AdminUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowAdminUpdateObjectPropertyRule ;
           ao:rule ai:AllowAdminUpdateEditAddDropObjectPropertyStatementRule .
 
-ai:AdminUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:AdminUpdateObjectPropertyDataset .
+ai:AdminUpdateObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:AdminUpdateObjectPropertyDataset .
 
-ai:AdminUpdateObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:AdminUpdateObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:AdminUpdateObjectPropertyTestData .
           
 ai:AdminUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:AdminUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:AdminUpdateObjectPropertyTestData .
          
-ai:AdminUpdateObjectPropertyTestData rdf:type ao:TestData ;
+ai:AdminUpdateObjectPropertyTestData rdf:type ao:ValueContainer ;
       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3
deleted file mode 100644
index cfbb3c2c69..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorDisplayClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorDisplayClassRuleSet ;
-          ao:testDatasets ai:CuratorDisplayClassTestDatasets ;
-          ao:policyKey ai:CuratorDisplayClassPolicyKey .
-
-ai:CuratorDisplayClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorDisplayClassRule .
-
-ai:CuratorDisplayClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorDisplayClassDataset .
-
-ai:CuratorDisplayClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:CuratorDisplayClassTestData .
-          
-ai:CuratorDisplayClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowCuratorDisplayClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:CuratorDisplayClassAttribute .
-         
-ai:CuratorDisplayClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorDisplayClassTestData .
-         
-ai:CuratorDisplayClassTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
deleted file mode 100644
index d1aff87316..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorDisplayDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorDisplayDataPropertyRuleSet ;
-          ao:testDatasets ai:CuratorDisplayDataPropertyTestDatasets ;
-          ao:policyKey ai:CuratorDisplayDataPropertyPolicyKey .
-
-ai:CuratorDisplayDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorDisplayDataPropertyStatementRule ;
-          ao:rule ai:AllowCuratorDisplayDataPropertyRule .
-
-ai:CuratorDisplayDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorDisplayDataPropertyDataset .
-
-ai:CuratorDisplayDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:CuratorDisplayDataPropertyTestData .
-          
-ai:CuratorDisplayDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowCuratorDisplayDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:CuratorDisplayDataPropertyAttribute .
-
-ai:AllowCuratorDisplayDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:CuratorDisplayDataPropertyStatementAttribute .
-         
-ai:CuratorDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:CuratorDisplayDataPropertyTestData .
-
-ai:CuratorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorDisplayDataPropertyTestData .
-
-ai:CuratorDisplayDataPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3
deleted file mode 100644
index 8483d07868..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorDisplayFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorDisplayFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:CuratorDisplayFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:CuratorDisplayFauxDataPropertyPolicyKey .
-
-ai:CuratorDisplayFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorDisplayFauxDataPropertyStatementRule ;
-          ao:rule ai:AllowCuratorDisplayFauxDataPropertyRule .
-
-ai:CuratorDisplayFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorDisplayFauxDataPropertyDataset .
-
-ai:CuratorDisplayFauxDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:CuratorDisplayFauxDataPropertyTestData .
-          
-ai:CuratorDisplayFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowCuratorDisplayFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:CuratorDisplayFauxDataPropertyAttribute .
-
-ai:AllowCuratorDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:CuratorDisplayFauxDataPropertyStatementAttribute .
-         
-ai:CuratorDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:CuratorDisplayFauxDataPropertyTestData .
-         
-ai:CuratorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorDisplayFauxDataPropertyTestData .
-         
-ai:CuratorDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3
deleted file mode 100644
index 1346a87775..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_faux_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorDisplayFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorDisplayFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:CuratorDisplayFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:CuratorDisplayFauxObjectPropertyPolicyKey .
-
-ai:CuratorDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorDisplayFauxObjectPropertyStatementRule ;
-          ao:rule ai:AllowCuratorDisplayFauxObjectPropertyRule .
-
-ai:CuratorDisplayFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorDisplayFauxObjectPropertyDataset .
-
-ai:CuratorDisplayFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:CuratorDisplayFauxObjectPropertyTestData .
-          
-ai:CuratorDisplayFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowCuratorDisplayFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:CuratorDisplayFauxObjectPropertyAttribute .
-
-ai:AllowCuratorDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:CuratorDisplayFauxObjectPropertyStatementAttribute .
-         
-ai:CuratorDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:CuratorDisplayFauxObjectPropertyTestData .
-         
-ai:CuratorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorDisplayFauxObjectPropertyTestData .
-         
-ai:CuratorDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3
deleted file mode 100644
index f552741ec3..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_display_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorDisplayObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorDisplayObjectPropertyRuleSet ;
-          ao:testDatasets ai:CuratorDisplayObjectPropertyTestDatasets ;
-          ao:policyKey ai:CuratorDisplayObjectPropertyPolicyKey .
-
-ai:CuratorDisplayObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorDisplayObjectPropertyStatementRule ;
-          ao:rule ai:AllowCuratorDisplayObjectPropertyRule .
-
-ai:CuratorDisplayObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorDisplayObjectPropertyDataset .
-
-ai:CuratorDisplayObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:CuratorDisplayObjectPropertyTestData .
-          
-ai:CuratorDisplayObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowCuratorDisplayObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:CuratorDisplayObjectPropertyAttribute .
-
-ai:AllowCuratorDisplayObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:CuratorDisplayObjectPropertyStatementAttribute .
-         
-ai:CuratorDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:CuratorDisplayObjectPropertyTestData .
-
-ai:CuratorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorDisplayObjectPropertyTestData .
-         
-ai:CuratorDisplayObjectPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3
deleted file mode 100644
index ea40c2311d..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorPublishClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorPublishClassRuleSet ;
-          ao:testDatasets ai:CuratorPublishClassTestDatasets ;
-          ao:policyKey ai:CuratorPublishClassPolicyKey .
-
-ai:CuratorPublishClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorPublishClassRule .
-
-ai:CuratorPublishClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorPublishClassDataset .
-
-ai:CuratorPublishClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:CuratorPublishClassTestData .
-          
-ai:CuratorPublishClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowCuratorPublishClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:CuratorPublishClassAttribute .
-         
-ai:CuratorPublishClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorPublishClassTestData .
-         
-ai:CuratorPublishClassTestData rdf:type ao:TestData ;
-  .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3
deleted file mode 100644
index 82ec422cf9..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorPublishDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorPublishDataPropertyRuleSet ;
-          ao:testDatasets ai:CuratorPublishDataPropertyTestDatasets ;
-          ao:policyKey ai:CuratorPublishDataPropertyPolicyKey .
-
-ai:CuratorPublishDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorPublishDataPropertyStatementRule ;
-          ao:rule ai:AllowCuratorPublishDataPropertyRule .
-
-ai:CuratorPublishDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorPublishDataPropertyDataset .
-
-ai:CuratorPublishDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:CuratorPublishDataPropertyTestData .
-          
-ai:CuratorPublishDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowCuratorPublishDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:CuratorPublishDataPropertyAttribute .
-
-ai:AllowCuratorPublishDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:CuratorPublishDataPropertyStatementAttribute .
-         
-ai:CuratorPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:CuratorPublishDataPropertyTestData .
-
-ai:CuratorPublishDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorPublishDataPropertyTestData .
-         
-ai:CuratorPublishDataPropertyTestData rdf:type ao:TestData ;
-   .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3
deleted file mode 100644
index 8543850023..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorPublishFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorPublishFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:CuratorPublishFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:CuratorPublishFauxDataPropertyPolicyKey .
-
-ai:CuratorPublishFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorPublishFauxDataPropertyStatementRule ;
-          ao:rule ai:AllowCuratorPublishFauxDataPropertyRule .
-
-ai:CuratorPublishFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorPublishFauxDataPropertyDataset .
-
-ai:CuratorPublishFauxDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:CuratorPublishFauxDataPropertyTestData .
-          
-ai:CuratorPublishFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowCuratorPublishFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:CuratorPublishFauxDataPropertyAttribute .
-
-ai:AllowCuratorPublishFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:CuratorPublishFauxDataPropertyStatementAttribute .
-         
-ai:CuratorPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:CuratorPublishFauxDataPropertyTestData .
-         
-ai:CuratorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorPublishFauxDataPropertyTestData .
-         
-ai:CuratorPublishFauxDataPropertyTestData rdf:type ao:TestData ;
-     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3
deleted file mode 100644
index 6ae1a8f3f5..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_faux_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorPublishFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorPublishFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:CuratorPublishFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:CuratorPublishFauxObjectPropertyPolicyKey .
-
-ai:CuratorPublishFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorPublishFauxObjectPropertyStatementRule ;
-          ao:rule ai:AllowCuratorPublishFauxObjectPropertyRule .
-
-ai:CuratorPublishFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorPublishFauxObjectPropertyDataset .
-
-ai:CuratorPublishFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:CuratorPublishFauxObjectPropertyTestData .
-          
-ai:CuratorPublishFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowCuratorPublishFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:CuratorPublishFauxObjectPropertyAttribute .
-
-ai:AllowCuratorPublishFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:CuratorPublishFauxObjectPropertyStatementAttribute .
-         
-ai:CuratorPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:CuratorPublishFauxObjectPropertyTestData .
-         
-ai:CuratorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorPublishFauxObjectPropertyTestData .
-         
-ai:CuratorPublishFauxObjectPropertyTestData rdf:type ao:TestData ;
-     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3
deleted file mode 100644
index 36aecac6ad..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_publish_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorPublishObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorPublishObjectPropertyRuleSet ;
-          ao:testDatasets ai:CuratorPublishObjectPropertyTestDatasets ;
-          ao:policyKey ai:CuratorPublishObjectPropertyPolicyKey .
-
-ai:CuratorPublishObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorPublishObjectPropertyStatementRule ;
-          ao:rule ai:AllowCuratorPublishObjectPropertyRule .
-
-ai:CuratorPublishObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorPublishObjectPropertyDataset .
-
-ai:CuratorPublishObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:CuratorPublishObjectPropertyTestData .
-          
-ai:CuratorPublishObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowCuratorPublishObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:CuratorPublishObjectPropertyAttribute .
-
-ai:AllowCuratorPublishObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:CuratorPublishObjectPropertyStatementAttribute .
-         
-ai:CuratorPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:CuratorPublishObjectPropertyTestData .
-         
-ai:CuratorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorPublishObjectPropertyTestData .
-         
-ai:CuratorPublishObjectPropertyTestData rdf:type ao:TestData ;
-     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
deleted file mode 100644
index b05dd57226..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorUpdateClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorUpdateClassRuleSet ;
-          ao:testDatasets ai:CuratorUpdateClassTestDatasets ;
-          ao:policyKey ai:CuratorUpdateClassPolicyKey .
-
-ai:CuratorUpdateClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorUpdateClassRule .
-
-ai:CuratorUpdateClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorUpdateClassDataset .
-
-ai:CuratorUpdateClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:CuratorUpdateClassTestData .
-          
-ai:CuratorUpdateClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowCuratorUpdateClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsCuratorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:CuratorUpdateClassAttribute .
-         
-ai:CuratorUpdateClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorUpdateClassTestData .
-         
-ai:CuratorUpdateClassTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
index 14ab57c788..42ad95634f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
@@ -16,10 +16,10 @@ ai:CuratorUpdateDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowCuratorUpdateDataPropertyStatementRule ;
           ao:rule ai:AllowCuratorUpdateDataPropertyRule .
 
-ai:CuratorUpdateDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorUpdateDataPropertyDataset .
+ai:CuratorUpdateDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:CuratorUpdateDataPropertyDataset .
 
-ai:CuratorUpdateDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:CuratorUpdateDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:CuratorUpdateDataPropertyTestData .
           
 ai:CuratorUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:CuratorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateDataPropertyTestData .
          
-ai:CuratorUpdateDataPropertyTestData rdf:type ao:TestData ;
+ai:CuratorUpdateDataPropertyTestData rdf:type ao:ValueContainer ;
        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
index 0a674e4e22..59f5072f68 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
@@ -16,10 +16,10 @@ ai:CuratorUpdateFauxDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowCuratorUpdateFauxDataPropertyStatementRule ;
           ao:rule ai:AllowCuratorUpdateFauxDataPropertyRule .
 
-ai:CuratorUpdateFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorUpdateFauxDataPropertyDataset .
+ai:CuratorUpdateFauxDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:CuratorUpdateFauxDataPropertyDataset .
 
-ai:CuratorUpdateFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:CuratorUpdateFauxDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:CuratorUpdateFauxDataPropertyTestData .
           
 ai:CuratorUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:CuratorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateFauxDataPropertyTestData .
          
-ai:CuratorUpdateFauxDataPropertyTestData rdf:type ao:TestData ;
+ai:CuratorUpdateFauxDataPropertyTestData rdf:type ao:ValueContainer ;
       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
index 01b8f8f86c..10dac26ca5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
@@ -16,10 +16,10 @@ ai:CuratorUpdateFauxObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowCuratorUpdateFauxObjectPropertyStatementRule ;
           ao:rule ai:AllowCuratorUpdateFauxObjectPropertyRule .
 
-ai:CuratorUpdateFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorUpdateFauxObjectPropertyDataset .
+ai:CuratorUpdateFauxObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:CuratorUpdateFauxObjectPropertyDataset .
 
-ai:CuratorUpdateFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:CuratorUpdateFauxObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:CuratorUpdateFauxObjectPropertyTestData .
           
 ai:CuratorUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:CuratorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateFauxObjectPropertyTestData .
          
-ai:CuratorUpdateFauxObjectPropertyTestData rdf:type ao:TestData ;
+ai:CuratorUpdateFauxObjectPropertyTestData rdf:type ao:ValueContainer ;
       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
index ac064406b7..7bb0581e58 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
@@ -16,10 +16,10 @@ ai:CuratorUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowCuratorUpdateObjectPropertyStatementRule ;
           ao:rule ai:AllowCuratorUpdateObjectPropertyRule .
 
-ai:CuratorUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:CuratorUpdateObjectPropertyDataset .
+ai:CuratorUpdateObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:CuratorUpdateObjectPropertyDataset .
 
-ai:CuratorUpdateObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:CuratorUpdateObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:CuratorUpdateObjectPropertyTestData .
           
 ai:CuratorUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:CuratorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:CuratorUpdateObjectPropertyTestData .
          
-ai:CuratorUpdateObjectPropertyTestData rdf:type ao:TestData ;
+ai:CuratorUpdateObjectPropertyTestData rdf:type ao:ValueContainer ;
       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index bd0ebe95f9..b6c84a4eb2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -8,39 +8,39 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ai:EditIndividualPagesPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditIndividualPagesRuleSet .
+    ao:rules ai:EditIndividualPagesRuleSet .
 
 ai:EditIndividualPagesRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditRelatedPagesRule ;
-          ao:rule ai:AllowEditIndividualPagesRule .
+    ao:rule ai:AllowEditRelatedPagesRule ;
+    ao:rule ai:AllowEditIndividualPagesRule .
 
 ai:AllowEditIndividualPagesRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleOneOfEditorsAttribute ;
-          ao:attribute ai:AddOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:SomeObjectUriAttribute ;
-          ao:attribute ai:SomePredicateAttribute .
-          
+    ao:attribute ai:SubjectRoleOneOfEditorsAttribute ;
+    ao:attribute ai:AddOperationAttribute ;
+    ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+    ao:attribute ai:SomeObjectUriAttribute ;
+    ao:attribute ai:SomePredicateAttribute .
+
 ai:AllowEditRelatedPagesRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:StatementObjectUriContainsSelfEditorResourceAttribute;
-          ao:attribute ai:AddOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:SomeObjectUriAttribute ;
-          ao:attribute ai:SomePredicateAttribute .
-         
+    ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+    ao:attribute ai:StatementObjectUriContainsSelfEditorResourceAttribute;
+    ao:attribute ai:AddOperationAttribute ;
+    ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+    ao:attribute ai:SomeObjectUriAttribute ;
+    ao:attribute ai:SomePredicateAttribute .
+
 ai:SomePredicateAttribute rdf:type ao:Attribute ;
-         ao:operator ai:Equals ;
-         ao:type ai:StatementPredicateUri ;
-         ao:value ai:SomeUriTestData .
-         
+    ao:operator ai:Equals ;
+    ao:type ai:StatementPredicateUri ;
+    ao:value ai:SomeUriTestData .
+
 ai:SomeObjectUriAttribute rdf:type ao:Attribute ;
-         ao:operator ai:Equals ;
-         ao:type ai:StatementObjectUri ;
-         ao:value ai:SomeUriTestData .
-         
+    ao:operator ai:Equals ;
+    ao:type ai:StatementObjectUri ;
+    ao:value ai:SomeUriTestData .
+
 ai:StatementObjectUriContainsSelfEditorResourceAttribute rdf:type ao:Attribute ;
-         ao:operator ai:SparqlSelectQueryContains ;
-         ao:type ai:StatementSubjectUri ;
-         ao:value ai:PersonProfileProximityToResourceUri .
+    ao:operator ai:SparqlSelectQueryContains ;
+    ao:type ai:StatementSubjectUri ;
+    ao:value ai:PersonProfileProximityToResourceUri .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3
deleted file mode 100644
index 676e03cc17..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorDisplayClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorDisplayClassRuleSet ;
-          ao:testDatasets ai:EditorDisplayClassTestDatasets ;
-          ao:policyKey ai:EditorDisplayClassPolicyKey .
-
-ai:EditorDisplayClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorDisplayClassRule .
-
-ai:EditorDisplayClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorDisplayClassDataset .
-
-ai:EditorDisplayClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:EditorDisplayClassTestData .
-          
-ai:EditorDisplayClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowEditorDisplayClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:EditorDisplayClassAttribute .
-         
-ai:EditorDisplayClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorDisplayClassTestData .
-         
-ai:EditorDisplayClassTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3
deleted file mode 100644
index 4a96cc0c02..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorDisplayDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorDisplayDataPropertyRuleSet ;
-          ao:testDatasets ai:EditorDisplayDataPropertyTestDatasets ;
-          ao:policyKey ai:EditorDisplayDataPropertyPolicyKey .
-
-ai:EditorDisplayDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorDisplayDataPropertyStatementRule ;
-          ao:rule ai:AllowEditorDisplayDataPropertyRule .
-
-ai:EditorDisplayDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorDisplayDataPropertyDataset .
-
-ai:EditorDisplayDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:EditorDisplayDataPropertyTestData .
-          
-ai:EditorDisplayDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowEditorDisplayDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:EditorDisplayDataPropertyAttribute .
-
-ai:AllowEditorDisplayDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:EditorDisplayDataPropertyStatementAttribute .
-         
-ai:EditorDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:EditorDisplayDataPropertyTestData .
-
-ai:EditorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorDisplayDataPropertyTestData .
-         
-ai:EditorDisplayDataPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3
deleted file mode 100644
index 727bb9df05..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorDisplayFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorDisplayFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:EditorDisplayFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:EditorDisplayFauxDataPropertyPolicyKey .
-
-ai:EditorDisplayFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorDisplayFauxDataPropertyStatementRule ;
-          ao:rule ai:AllowEditorDisplayFauxDataPropertyRule .
-
-ai:EditorDisplayFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorDisplayFauxDataPropertyDataset .
-
-ai:EditorDisplayFauxDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:EditorDisplayFauxDataPropertyTestData .
-          
-ai:EditorDisplayFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowEditorDisplayFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:EditorDisplayFauxDataPropertyAttribute .
-
-ai:AllowEditorDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:EditorDisplayFauxDataPropertyStatementAttribute .
-         
-ai:EditorDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:EditorDisplayFauxDataPropertyTestData .
-         
-ai:EditorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorDisplayFauxDataPropertyTestData .
-         
-ai:EditorDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3
deleted file mode 100644
index cd993f47f5..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_faux_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorDisplayFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorDisplayFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:EditorDisplayFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:EditorDisplayFauxObjectPropertyPolicyKey .
-
-ai:EditorDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorDisplayFauxObjectPropertyStatementRule ;
-          ao:rule ai:AllowEditorDisplayFauxObjectPropertyRule .
-
-ai:EditorDisplayFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorDisplayFauxObjectPropertyDataset .
-
-ai:EditorDisplayFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:EditorDisplayFauxObjectPropertyTestData .
-          
-ai:EditorDisplayFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowEditorDisplayFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:EditorDisplayFauxObjectPropertyAttribute .
-
-ai:AllowEditorDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:EditorDisplayFauxObjectPropertyStatementAttribute .
-         
-ai:EditorDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:EditorDisplayFauxObjectPropertyTestData .
-         
-ai:EditorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorDisplayFauxObjectPropertyTestData .
-         
-ai:EditorDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3
deleted file mode 100644
index 4033241819..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_display_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorDisplayObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorDisplayObjectPropertyRuleSet ;
-          ao:testDatasets ai:EditorDisplayObjectPropertyTestDatasets ;
-          ao:policyKey ai:EditorDisplayObjectPropertyPolicyKey .
-
-ai:EditorDisplayObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorDisplayObjectPropertyStatementRule ;
-          ao:rule ai:AllowEditorDisplayObjectPropertyRule .
-
-ai:EditorDisplayObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorDisplayObjectPropertyDataset .
-
-ai:EditorDisplayObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:EditorDisplayObjectPropertyTestData .
-          
-ai:EditorDisplayObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowEditorDisplayObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:EditorDisplayObjectPropertyAttribute .
-
-ai:AllowEditorDisplayObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:EditorDisplayObjectPropertyStatementAttribute .
-         
-ai:EditorDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:EditorDisplayObjectPropertyTestData .
-
-ai:EditorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorDisplayObjectPropertyTestData .
-         
-ai:EditorDisplayObjectPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3
deleted file mode 100644
index e6768450d8..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorPublishClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorPublishClassRuleSet ;
-          ao:testDatasets ai:EditorPublishClassTestDatasets ;
-          ao:policyKey ai:EditorPublishClassPolicyKey .
-
-ai:EditorPublishClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorPublishClassRule .
-
-ai:EditorPublishClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorPublishClassDataset .
-
-ai:EditorPublishClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:EditorPublishClassTestData .
-          
-ai:EditorPublishClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowEditorPublishClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:EditorPublishClassAttribute .
-         
-ai:EditorPublishClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorPublishClassTestData .
-         
-ai:EditorPublishClassTestData rdf:type ao:TestData ;
-    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3
deleted file mode 100644
index e127e13fe3..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorPublishDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorPublishDataPropertyRuleSet ;
-          ao:testDatasets ai:EditorPublishDataPropertyTestDatasets ;
-          ao:policyKey ai:EditorPublishDataPropertyPolicyKey .
-
-ai:EditorPublishDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorPublishDataPropertyStatementRule ;
-          ao:rule ai:AllowEditorPublishDataPropertyRule .
-
-ai:EditorPublishDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorPublishDataPropertyDataset .
-
-ai:EditorPublishDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:EditorPublishDataPropertyTestData .
-          
-ai:EditorPublishDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowEditorPublishDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:EditorPublishDataPropertyAttribute .
-
-ai:AllowEditorPublishDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:EditorPublishDataPropertyStatementAttribute .
-         
-ai:EditorPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:EditorPublishDataPropertyTestData .
-
-ai:EditorPublishDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorPublishDataPropertyTestData .
-         
-ai:EditorPublishDataPropertyTestData rdf:type ao:TestData ;
-  .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3
deleted file mode 100644
index 55564d26e3..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorPublishFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorPublishFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:EditorPublishFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:EditorPublishFauxDataPropertyPolicyKey .
-
-ai:EditorPublishFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorPublishFauxDataPropertyStatementRule ;
-          ao:rule ai:AllowEditorPublishFauxDataPropertyRule .
-
-ai:EditorPublishFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorPublishFauxDataPropertyDataset .
-
-ai:EditorPublishFauxDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:EditorPublishFauxDataPropertyTestData .
-          
-ai:EditorPublishFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowEditorPublishFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:EditorPublishFauxDataPropertyAttribute .
-
-ai:AllowEditorPublishFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:EditorPublishFauxDataPropertyStatementAttribute .
-         
-ai:EditorPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:EditorPublishFauxDataPropertyTestData .
-
-ai:EditorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorPublishFauxDataPropertyTestData .
-         
-ai:EditorPublishFauxDataPropertyTestData rdf:type ao:TestData ;
-      .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3
deleted file mode 100644
index 984041d4bf..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_faux_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorPublishFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorPublishFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:EditorPublishFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:EditorPublishFauxObjectPropertyPolicyKey .
-
-ai:EditorPublishFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorPublishFauxObjectPropertyStatementRule ;
-          ao:rule ai:AllowEditorPublishFauxObjectPropertyRule .
-
-ai:EditorPublishFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorPublishFauxObjectPropertyDataset .
-
-ai:EditorPublishFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:EditorPublishFauxObjectPropertyTestData .
-          
-ai:EditorPublishFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowEditorPublishFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:EditorPublishFauxObjectPropertyAttribute .
-
-ai:AllowEditorPublishFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:EditorPublishFauxObjectPropertyStatementAttribute .
-         
-ai:EditorPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:EditorPublishFauxObjectPropertyTestData .
-
-ai:EditorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorPublishFauxObjectPropertyTestData .
-         
-ai:EditorPublishFauxObjectPropertyTestData rdf:type ao:TestData ;
-      .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3
deleted file mode 100644
index 1e9dd96861..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_publish_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorPublishObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorPublishObjectPropertyRuleSet ;
-          ao:testDatasets ai:EditorPublishObjectPropertyTestDatasets ;
-          ao:policyKey ai:EditorPublishObjectPropertyPolicyKey .
-
-ai:EditorPublishObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorPublishObjectPropertyStatementRule ;
-          ao:rule ai:AllowEditorPublishObjectPropertyRule .
-
-ai:EditorPublishObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorPublishObjectPropertyDataset .
-
-ai:EditorPublishObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:EditorPublishObjectPropertyTestData .
-          
-ai:EditorPublishObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowEditorPublishObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:EditorPublishObjectPropertyAttribute .
-
-ai:AllowEditorPublishObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:EditorPublishObjectPropertyStatementAttribute .
-         
-ai:EditorPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:EditorPublishObjectPropertyTestData .
-
-ai:EditorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorPublishObjectPropertyTestData .
-         
-ai:EditorPublishObjectPropertyTestData rdf:type ao:TestData ;
-      .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions_dataset.n3
index 044a14a282..0cc7f2a2bc 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions_dataset.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions_dataset.n3
@@ -30,4 +30,4 @@ ai:EditorSimplePermissionValueContainer
     # permissions for ANY user, even if they are not logged in.
     ao:dataValue simplePermission:QueryFullModel ;
     ao:dataValue simplePermission:PageViewablePublic ;
-        .
+    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
deleted file mode 100644
index 26ee8ccd50..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorUpdateClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorUpdateClassRuleSet ;
-          ao:testDatasets ai:EditorUpdateClassTestDatasets ;
-          ao:policyKey ai:EditorUpdateClassPolicyKey .
-
-ai:EditorUpdateClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorUpdateClassRule .
-
-ai:EditorUpdateClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorUpdateClassDataset .
-
-ai:EditorUpdateClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:EditorUpdateClassTestData .
-          
-ai:EditorUpdateClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowEditorUpdateClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:EditorUpdateClassAttribute .
-         
-ai:EditorUpdateClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorUpdateClassTestData .
-         
-ai:EditorUpdateClassTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
index c24a0cbe46..147fedab67 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
@@ -16,10 +16,10 @@ ai:EditorUpdateDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowEditorUpdateDataPropertyStatementRule ;
           ao:rule ai:AllowEditorUpdateDataPropertyRule .
 
-ai:EditorUpdateDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorUpdateDataPropertyDataset .
+ai:EditorUpdateDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:EditorUpdateDataPropertyDataset .
 
-ai:EditorUpdateDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:EditorUpdateDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:EditorUpdateDataPropertyTestData .
           
 ai:EditorUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:EditorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateDataPropertyTestData .
          
-ai:EditorUpdateDataPropertyTestData rdf:type ao:TestData ;
+ai:EditorUpdateDataPropertyTestData rdf:type ao:ValueContainer ;
        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
index aadb1d6b69..9e598d0cf2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
@@ -16,10 +16,10 @@ ai:EditorUpdateFauxDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowEditorUpdateFauxDataPropertyStatementRule ;
           ao:rule ai:AllowEditorUpdateFauxDataPropertyRule .
 
-ai:EditorUpdateFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorUpdateFauxDataPropertyDataset .
+ai:EditorUpdateFauxDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:EditorUpdateFauxDataPropertyDataset .
 
-ai:EditorUpdateFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:EditorUpdateFauxDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:EditorUpdateFauxDataPropertyTestData .
           
 ai:EditorUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:EditorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateFauxDataPropertyTestData .
          
-ai:EditorUpdateFauxDataPropertyTestData rdf:type ao:TestData ;
+ai:EditorUpdateFauxDataPropertyTestData rdf:type ao:ValueContainer ;
        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
index 52f010f289..fa25571c66 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
@@ -16,10 +16,10 @@ ai:EditorUpdateFauxObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowEditorUpdateFauxObjectPropertyStatementRule ;
           ao:rule ai:AllowEditorUpdateFauxObjectPropertyRule .
 
-ai:EditorUpdateFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorUpdateFauxObjectPropertyDataset .
+ai:EditorUpdateFauxObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:EditorUpdateFauxObjectPropertyDataset .
 
-ai:EditorUpdateFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:EditorUpdateFauxObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:EditorUpdateFauxObjectPropertyTestData .
           
 ai:EditorUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:EditorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateFauxObjectPropertyTestData .
          
-ai:EditorUpdateFauxObjectPropertyTestData rdf:type ao:TestData ;
+ai:EditorUpdateFauxObjectPropertyTestData rdf:type ao:ValueContainer ;
        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
index e3cb5f90ce..9db85fe74a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
@@ -16,10 +16,10 @@ ai:EditorUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowEditorUpdateObjectPropertyStatementRule ;
           ao:rule ai:AllowEditorUpdateObjectPropertyRule .
 
-ai:EditorUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:EditorUpdateObjectPropertyDataset .
+ai:EditorUpdateObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:EditorUpdateObjectPropertyDataset .
 
-ai:EditorUpdateObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:EditorUpdateObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:EditorUpdateObjectPropertyTestData .
           
 ai:EditorUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:EditorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:EditorUpdateObjectPropertyTestData .
          
-ai:EditorUpdateObjectPropertyTestData rdf:type ao:TestData ;
+ai:EditorUpdateObjectPropertyTestData rdf:type ao:ValueContainer ;
        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
index b1b84e6bf2..17136dc769 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
@@ -8,97 +8,103 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:NotModifiableStatementsPolicy rdf:type ao:Policy ;
-          ao:priority 8000 ;
-          ao:testDatasets ai:NotModifiableStatementsPolicyDataSets ;
-          ao:rules ai:NotModifiableStatementsRuleSet .
-
-ai:NotModifiableStatementsRuleSet rdf:type ao:Rules ;
-          ao:rule ai:RestrictObjectPropertyStatementsWithNotModifiablePredicate ;
-          
-          ao:rule ai:RestrictObjectPropertyStatementsWithNotModifiableSubject ;
-          
-          ao:rule ai:RestrictObjectPropertyStatementsWithNotModifiableObject ;
-          
-          ao:rule ai:RestrictDataPropertyStatementsWithNotModifiableSubject ;
-          
-          ao:rule ai:RestrictDataPropertyStatementsWithNotModifiablePredicate ;
-          .
-
-ai:RestrictObjectPropertyStatementsWithNotModifiableSubject rdf:type ao:Rule ;
-          ao:decision ai:Deny ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute ;
-          ao:attribute ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions .
-
-ai:RestrictObjectPropertyStatementsWithNotModifiablePredicate rdf:type ao:Rule ;
-          ao:decision ai:Deny ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute ;
-          ao:attribute ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions .
-
-ai:RestrictObjectPropertyStatementsWithNotModifiableObject rdf:type ao:Rule ;
-          ao:decision ai:Deny ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute ;
-          ao:attribute ai:PropertyStatementObjectUriEqualsToProhibitedExceptions .
-
-ai:RestrictDataPropertyStatementsWithNotModifiableSubject rdf:type ao:Rule ;
-          ao:decision ai:Deny ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute ;
-          ao:attribute ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions .
-
-ai:RestrictDataPropertyStatementsWithNotModifiablePredicate rdf:type ao:Rule ;
-          ao:decision ai:Deny ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute ;
-          ao:attribute ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions .
+ai:NotModifiableStatementsPolicy a ao:PolicyTemplate ;
+    ao:priority 8000 ;
+    ao:policyDataSets ai:NotModifiableStatementsPolicyDataSets ;
+    ao:rules ai:NotModifiableStatementsRuleSet .
+
+ai:NotModifiableStatementsRuleSet a ao:Rules ;
+    ao:rule ai:RestrictObjectPropertyStatementsWithNotModifiablePredicate ;
+    
+    ao:rule ai:RestrictObjectPropertyStatementsWithNotModifiableSubject ;
+    
+    ao:rule ai:RestrictObjectPropertyStatementsWithNotModifiableObject ;
+    
+    ao:rule ai:RestrictDataPropertyStatementsWithNotModifiableSubject ;
+    
+    ao:rule ai:RestrictDataPropertyStatementsWithNotModifiablePredicate ;
+    .
+
+ai:RestrictObjectPropertyStatementsWithNotModifiableSubject a ao:Rule ;
+    ao:decision ai:Deny ;
+    ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+    ao:attribute ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute ;
+    ao:attribute ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions .
+
+ai:RestrictObjectPropertyStatementsWithNotModifiablePredicate a ao:Rule ;
+    ao:decision ai:Deny ;
+    ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+    ao:attribute ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute ;
+    ao:attribute ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions .
+
+ai:RestrictObjectPropertyStatementsWithNotModifiableObject a ao:Rule ;
+    ao:decision ai:Deny ;
+    ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
+    ao:attribute ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute ;
+    ao:attribute ai:PropertyStatementObjectUriEqualsToProhibitedExceptions .
+
+ai:RestrictDataPropertyStatementsWithNotModifiableSubject a ao:Rule ;
+    ao:decision ai:Deny ;
+    ao:attribute ai:DataPropertyStatementTypeAttribute ;
+    ao:attribute ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute ;
+    ao:attribute ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions .
+
+ai:RestrictDataPropertyStatementsWithNotModifiablePredicate a ao:Rule ;
+    ao:decision ai:Deny ;
+    ao:attribute ai:DataPropertyStatementTypeAttribute ;
+    ao:attribute ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute ;
+    ao:attribute ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions .
 
 ### Not modifiable property statement attributes
-ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute rdf:type ao:Attribute ;
-         ao:operator ai:StartsWith ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:ProhibitedNamespaceTestData .
-
-ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions rdf:type ao:Attribute ;
-         ao:operator ai:NotOneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:ProhibitedNamespaceExceptionsTestData .
-         
-ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute rdf:type ao:Attribute ;
-         ao:operator ai:StartsWith ;
-         ao:type ai:StatementSubjectUri ;
-         ao:setValue ai:ProhibitedNamespaceTestData .
-
-ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions rdf:type ao:Attribute ;
-         ao:operator ai:NotOneOf ;
-         ao:type ai:StatementSubjectUri ;
-         ao:setValue ai:ProhibitedNamespaceExceptionsTestData .         
-         
-ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute rdf:type ao:Attribute ;
-         ao:operator ai:StartsWith ;
-         ao:type ai:StatementObjectUri ;
-         ao:setValue ai:ProhibitedNamespaceTestData .
-
-ai:PropertyStatementObjectUriEqualsToProhibitedExceptions rdf:type ao:Attribute ;
-         ao:operator ai:NotOneOf ;
-         ao:type ai:StatementObjectUri ;
-         ao:setValue ai:ProhibitedNamespaceExceptionsTestData .  
-         
-### Not modifiable data property statement attributes         
+ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute a ao:Attribute ;
+    ao:operator ai:StartsWith ;
+    ao:type ai:StatementPredicateUri ;
+    ao:templateValue ai:ProhibitedNamespaceValueSet .
+
+ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions a ao:Attribute ;
+    ao:operator ai:NotOneOf ;
+    ao:type ai:StatementPredicateUri ;
+    ao:templateValue ai:ProhibitedNamespaceExceptionsValueSet .
+    
+ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute a ao:Attribute ;
+    ao:operator ai:StartsWith ;
+    ao:type ai:StatementSubjectUri ;
+    ao:templateValue ai:ProhibitedNamespaceValueSet .
+
+ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions a ao:Attribute ;
+    ao:operator ai:NotOneOf ;
+    ao:type ai:StatementSubjectUri ;
+    ao:templateValue ai:ProhibitedNamespaceExceptionsValueSet .    
+    
+ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute a ao:Attribute ;
+    ao:operator ai:StartsWith ;
+    ao:type ai:StatementObjectUri ;
+    ao:templateValue ai:ProhibitedNamespaceValueSet .
+
+ai:PropertyStatementObjectUriEqualsToProhibitedExceptions a ao:Attribute ;
+    ao:operator ai:NotOneOf ;
+    ao:type ai:StatementObjectUri ;
+    ao:templateValue ai:ProhibitedNamespaceExceptionsValueSet .  
+    
+### Not modifiable data property statement attributes    
 
 ###DataSets
-ai:NotModifiableStatementsPolicyDataSets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:NotModifiableStatementsPolicyDataSet .
-
-ai:NotModifiableStatementsPolicyDataSet rdf:type ao:TestDataSet ;
-          ao:testData ai:ProhibitedNamespaceExceptionsTestData ;
-          ao:testData ai:ProhibitedNamespaceTestData .
-         
-ai:ProhibitedNamespaceExceptionsTestData rdf:type ao:TestData ;
-        .
-        
-ai:ProhibitedNamespaceTestData rdf:type ao:TestData ;
-        .
-        
+ai:NotModifiableStatementsPolicyDataSets a ao:PolicyDataSets ;
+    ao:policyDataSet ai:NotModifiableStatementsPolicyDataSet .
+
+ai:NotModifiableStatementsPolicyDataSet a ao:PolicyDataSet ;
+    ao:dataSetValues ai:ProhibitedNamespaceExceptionsValueContainer ;
+    ao:dataSetValues ai:ProhibitedNamespaceValueContainer .
+
+ai:ProhibitedNamespaceValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:ProhibitedNamespaceValueContainer .
+
+ai:ProhibitedNamespaceExceptionsValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:ProhibitedNamespaceExceptionsValueContainer .
+
+ai:ProhibitedNamespaceExceptionsValueContainer a ao:ValueContainer ;
+    .
+    
+ai:ProhibitedNamespaceValueContainer a ao:ValueContainer ;
+    .
+    
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3
index ac5deffc55..c15da5f8c3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3
@@ -8,20 +8,20 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:ProhibitedNamespaceExceptionsTestData 
-        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#moniker> ;
-        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime> ;
-        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/public#mainImage> ;
-        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Link> ;
-        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#primaryLink> ;
-        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#additionalLink> ;
-        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkAnchor> ;
-        ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkURL> ;
-        .
-        
-ai:ProhibitedNamespaceTestData
-        ao:dataValue  ai:prohibitedNamespacePrefix ; 
-        .
-        
+ai:ProhibitedNamespaceExceptionsValueContainer
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#moniker> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/public#mainImage> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Link> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#primaryLink> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#additionalLink> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkAnchor> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkURL> ;
+    .
+
+ai:ProhibitedNamespaceValueContainer
+    ao:dataValue  ai:prohibitedNamespacePrefix ; 
+    .
+
 ai:prohibitedNamespacePrefix rdf:type ao:TestValue ;
-        ao:id "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#" ;
+    ao:id "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#" ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3
deleted file mode 100644
index f1064a3ee7..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:PublicDisplayClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:PublicDisplayClassRuleSet ;
-          ao:testDatasets ai:PublicDisplayClassTestDatasets ;
-          ao:policyKey ai:PublicDisplayClassPolicyKey .
-
-ai:PublicDisplayClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowPublicDisplayClassRule .
-
-ai:PublicDisplayClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:PublicDisplayClassDataset .
-
-ai:PublicDisplayClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:PublicDisplayClassTestData .
-          
-ai:PublicDisplayClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:PUBLIC ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowPublicDisplayClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:PublicDisplayClassAttribute .
-         
-ai:PublicDisplayClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:PublicDisplayClassTestData .
-         
-ai:PublicDisplayClassTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3
deleted file mode 100644
index 5b98dff828..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:PublicDisplayDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:PublicDisplayDataPropertyRuleSet ;
-          ao:testDatasets ai:PublicDisplayDataPropertyTestDatasets ;
-          ao:policyKey ai:PublicDisplayDataPropertyPolicyKey .
-
-ai:PublicDisplayDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowPublicDisplayDataPropertyStatementRule ;
-          ao:rule ai:AllowPublicDisplayDataPropertyRule .
-
-ai:PublicDisplayDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:PublicDisplayDataPropertyDataset .
-
-ai:PublicDisplayDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:PublicDisplayDataPropertyTestData .
-          
-ai:PublicDisplayDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:PUBLIC ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowPublicDisplayDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:PublicDisplayDataPropertyAttribute .
-
-ai:AllowPublicDisplayDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:PublicDisplayDataPropertyStatementAttribute .
-         
-ai:PublicDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:PublicDisplayDataPropertyTestData .
-         
-ai:PublicDisplayDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:PublicDisplayDataPropertyTestData .
-         
-ai:PublicDisplayDataPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3
deleted file mode 100644
index 39162c5d7a..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:PublicDisplayFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:PublicDisplayFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:PublicDisplayFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:PublicDisplayFauxDataPropertyPolicyKey .
-
-ai:PublicDisplayFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowPublicDisplayFauxDataPropertyStatementRule ;
-          ao:rule ai:AllowPublicDisplayFauxDataPropertyRule .
-
-ai:PublicDisplayFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:PublicDisplayFauxDataPropertyDataset .
-
-ai:PublicDisplayFauxDataPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:PublicDisplayFauxDataPropertyTestData .
-          
-ai:PublicDisplayFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:PUBLIC ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowPublicDisplayFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:PublicDisplayFauxDataPropertyAttribute .
-
-ai:AllowPublicDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:PublicDisplayFauxDataPropertyStatementAttribute .
-         
-ai:PublicDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:PublicDisplayFauxDataPropertyTestData .
-         
-ai:PublicDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:PublicDisplayFauxDataPropertyTestData .
-         
-ai:PublicDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3
deleted file mode 100644
index 8242a3b776..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_faux_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:PublicDisplayFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:PublicDisplayFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:PublicDisplayFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:PublicDisplayFauxObjectPropertyPolicyKey .
-
-ai:PublicDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowPublicDisplayFauxObjectPropertyStatementRule ;
-          ao:rule ai:AllowPublicDisplayFauxObjectPropertyRule .
-
-ai:PublicDisplayFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:PublicDisplayFauxObjectPropertyDataset .
-
-ai:PublicDisplayFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:PublicDisplayFauxObjectPropertyTestData .
-          
-ai:PublicDisplayFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:PUBLIC ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowPublicDisplayFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:PublicDisplayFauxObjectPropertyAttribute .
-
-ai:AllowPublicDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:PublicDisplayFauxObjectPropertyStatementAttribute .
-         
-ai:PublicDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:PublicDisplayFauxObjectPropertyTestData .
-         
-ai:PublicDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:PublicDisplayFauxObjectPropertyTestData .
-         
-ai:PublicDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3
deleted file mode 100644
index 425fc95a77..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_display_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:PublicDisplayObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:PublicDisplayObjectPropertyRuleSet ;
-          ao:testDatasets ai:PublicDisplayObjectPropertyTestDatasets ;
-          ao:policyKey ai:PublicDisplayObjectPropertyPolicyKey .
-
-ai:PublicDisplayObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowPublicDisplayObjectPropertyStatementRule ;
-          ao:rule ai:AllowPublicDisplayObjectPropertyRule .
-
-ai:PublicDisplayObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:PublicDisplayObjectPropertyDataset .
-
-ai:PublicDisplayObjectPropertyDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:PublicDisplayObjectPropertyTestData .
-          
-ai:PublicDisplayObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:PUBLIC ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowPublicDisplayObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:PublicDisplayObjectPropertyAttribute .
-
-ai:AllowPublicDisplayObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:PublicDisplayObjectPropertyStatementAttribute .
-         
-ai:PublicDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:PublicDisplayObjectPropertyTestData .
-
-ai:PublicDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:PublicDisplayObjectPropertyTestData .
-         
-ai:PublicDisplayObjectPropertyTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
deleted file mode 100644
index b2e774fd4c..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:PublicUpdateClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:PublicUpdateClassRuleSet ;
-          ao:testDatasets ai:PublicUpdateClassTestDatasets ;
-          ao:policyKey ai:PublicUpdateClassPolicyKey .
-
-ai:PublicUpdateClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowPublicUpdateClassRule .
-
-ai:PublicUpdateClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:PublicUpdateClassDataset .
-
-ai:PublicUpdateClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:PublicUpdateClassTestData .
-          
-ai:PublicUpdateClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:PUBLIC ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowPublicUpdateClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:PublicUpdateClassAttribute .
-         
-ai:PublicUpdateClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:PublicUpdateClassTestData .
-         
-ai:PublicUpdateClassTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
index 3dfe9fe0ce..92e83b0984 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
@@ -16,10 +16,10 @@ ai:PublicUpdateDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowPublicUpdateDataPropertyStatementRule ;
           ao:rule ai:AllowPublicUpdateDataPropertyRule .
 
-ai:PublicUpdateDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:PublicUpdateDataPropertyDataset .
+ai:PublicUpdateDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:PublicUpdateDataPropertyDataset .
 
-ai:PublicUpdateDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:PublicUpdateDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:PublicUpdateDataPropertyTestData .
           
 ai:PublicUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:PublicUpdateDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicUpdateDataPropertyTestData .
          
-ai:PublicUpdateDataPropertyTestData rdf:type ao:TestData ;
+ai:PublicUpdateDataPropertyTestData rdf:type ao:ValueContainer ;
        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
index 10840c2a91..796e86cce9 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
@@ -16,10 +16,10 @@ ai:PublicUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowPublicUpdateObjectPropertyStatementRule ;
           ao:rule ai:AllowPublicUpdateObjectPropertyRule .
 
-ai:PublicUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:PublicUpdateObjectPropertyDataset .
+ai:PublicUpdateObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:PublicUpdateObjectPropertyDataset .
 
-ai:PublicUpdateObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:PublicUpdateObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:PublicUpdateObjectPropertyTestData .
           
 ai:PublicUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:PublicUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:PublicUpdateObjectPropertyTestData .
          
-ai:PublicUpdateObjectPropertyTestData rdf:type ao:TestData ;
+ai:PublicUpdateObjectPropertyTestData rdf:type ao:ValueContainer ;
         .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3
deleted file mode 100644
index 72740ab636..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorDisplayClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorDisplayClassRuleSet ;
-          ao:testDatasets ai:SelfEditorDisplayClassTestDatasets ;
-          ao:policyKey ai:SelfEditorDisplayClassPolicyKey .
-
-ai:SelfEditorDisplayClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorDisplayClassRule .
-
-ai:SelfEditorDisplayClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorDisplayClassDataset .
-
-ai:SelfEditorDisplayClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:SelfEditorDisplayClassTestData .
-          
-ai:SelfEditorDisplayClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowSelfEditorDisplayClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:SelfEditorDisplayClassAttribute .
-         
-ai:SelfEditorDisplayClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorDisplayClassTestData .
-         
-ai:SelfEditorDisplayClassTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
index 35b58f65bf..6219f39073 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
@@ -16,10 +16,10 @@ ai:SelfEditorDisplayDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowSelfEditorDisplayDataPropertyStatementRule ;
           ao:rule ai:AllowSelfEditorDisplayDataPropertyRule .
 
-ai:SelfEditorDisplayDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorDisplayDataPropertyDataset .
+ai:SelfEditorDisplayDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:SelfEditorDisplayDataPropertyDataset .
 
-ai:SelfEditorDisplayDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:SelfEditorDisplayDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:SelfEditorDisplayDataPropertyTestData .
           
 ai:SelfEditorDisplayDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:SelfEditorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayDataPropertyTestData .
          
-ai:SelfEditorDisplayDataPropertyTestData rdf:type ao:TestData ;
+ai:SelfEditorDisplayDataPropertyTestData rdf:type ao:ValueContainer ;
        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
index 477193a0c2..9324253f56 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
@@ -16,10 +16,10 @@ ai:SelfEditorDisplayFauxDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowSelfEditorDisplayFauxDataPropertyStatementRule ;
           ao:rule ai:AllowSelfEditorDisplayFauxDataPropertyRule .
 
-ai:SelfEditorDisplayFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorDisplayFauxDataPropertyDataset .
+ai:SelfEditorDisplayFauxDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:SelfEditorDisplayFauxDataPropertyDataset .
 
-ai:SelfEditorDisplayFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:SelfEditorDisplayFauxDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:SelfEditorDisplayFauxDataPropertyTestData .
           
 ai:SelfEditorDisplayFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:SelfEditorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayFauxDataPropertyTestData .
          
-ai:SelfEditorDisplayFauxDataPropertyTestData rdf:type ao:TestData ;
+ai:SelfEditorDisplayFauxDataPropertyTestData rdf:type ao:ValueContainer ;
        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
index 869bbe5a66..477f7d127d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
@@ -16,10 +16,10 @@ ai:SelfEditorDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowSelfEditorDisplayFauxObjectPropertyStatementRule ;
           ao:rule ai:AllowSelfEditorDisplayFauxObjectPropertyRule .
 
-ai:SelfEditorDisplayFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorDisplayFauxObjectPropertyDataset .
+ai:SelfEditorDisplayFauxObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:SelfEditorDisplayFauxObjectPropertyDataset .
 
-ai:SelfEditorDisplayFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:SelfEditorDisplayFauxObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:SelfEditorDisplayFauxObjectPropertyTestData .
           
 ai:SelfEditorDisplayFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:SelfEditorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayFauxObjectPropertyTestData .
          
-ai:SelfEditorDisplayFauxObjectPropertyTestData rdf:type ao:TestData ;
+ai:SelfEditorDisplayFauxObjectPropertyTestData rdf:type ao:ValueContainer ;
        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
index e01be6e5e0..2d522432e0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
@@ -16,10 +16,10 @@ ai:SelfEditorDisplayObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowSelfEditorDisplayObjectPropertyStatementRule ;
           ao:rule ai:AllowSelfEditorDisplayObjectPropertyRule .
 
-ai:SelfEditorDisplayObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorDisplayObjectPropertyDataset .
+ai:SelfEditorDisplayObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:SelfEditorDisplayObjectPropertyDataset .
 
-ai:SelfEditorDisplayObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:SelfEditorDisplayObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:SelfEditorDisplayObjectPropertyTestData .
           
 ai:SelfEditorDisplayObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:SelfEditorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorDisplayObjectPropertyTestData .
          
-ai:SelfEditorDisplayObjectPropertyTestData rdf:type ao:TestData ;
+ai:SelfEditorDisplayObjectPropertyTestData rdf:type ao:ValueContainer ;
        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3
deleted file mode 100644
index 74e7031e49..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorPublishClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorPublishClassRuleSet ;
-          ao:testDatasets ai:SelfEditorPublishClassTestDatasets ;
-          ao:policyKey ai:SelfEditorPublishClassPolicyKey .
-
-ai:SelfEditorPublishClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorPublishClassRule .
-
-ai:SelfEditorPublishClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorPublishClassDataset .
-
-ai:SelfEditorPublishClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:SelfEditorPublishClassTestData .
-          
-ai:SelfEditorPublishClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowSelfEditorPublishClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:SelfEditorPublishClassAttribute .
-         
-ai:SelfEditorPublishClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorPublishClassTestData .
-         
-ai:SelfEditorPublishClassTestData rdf:type ao:TestData ;
-    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
index 64500feb0a..d37d735830 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
@@ -16,10 +16,10 @@ ai:SelfEditorPublishDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowSelfEditorPublishDataPropertyStatementRule ;
           ao:rule ai:AllowSelfEditorPublishDataPropertyRule .
 
-ai:SelfEditorPublishDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorPublishDataPropertyDataset .
+ai:SelfEditorPublishDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:SelfEditorPublishDataPropertyDataset .
 
-ai:SelfEditorPublishDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:SelfEditorPublishDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:SelfEditorPublishDataPropertyTestData .
           
 ai:SelfEditorPublishDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:SelfEditorPublishDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishDataPropertyTestData .
          
-ai:SelfEditorPublishDataPropertyTestData rdf:type ao:TestData ;
+ai:SelfEditorPublishDataPropertyTestData rdf:type ao:ValueContainer ;
     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
index 87885afbce..8ff4ebd7c4 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
@@ -16,10 +16,10 @@ ai:SelfEditorPublishFauxDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowSelfEditorPublishFauxDataPropertyStatementRule ;
           ao:rule ai:AllowSelfEditorPublishFauxDataPropertyRule .
 
-ai:SelfEditorPublishFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorPublishFauxDataPropertyDataset .
+ai:SelfEditorPublishFauxDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:SelfEditorPublishFauxDataPropertyDataset .
 
-ai:SelfEditorPublishFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:SelfEditorPublishFauxDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:SelfEditorPublishFauxDataPropertyTestData .
           
 ai:SelfEditorPublishFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:SelfEditorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishFauxDataPropertyTestData .
          
-ai:SelfEditorPublishFauxDataPropertyTestData rdf:type ao:TestData ;
+ai:SelfEditorPublishFauxDataPropertyTestData rdf:type ao:ValueContainer ;
    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
index 562cb1578f..af5a4ee45d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
@@ -16,10 +16,10 @@ ai:SelfEditorPublishFauxObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowSelfEditorPublishFauxObjectPropertyStatementRule ;
           ao:rule ai:AllowSelfEditorPublishFauxObjectPropertyRule .
 
-ai:SelfEditorPublishFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorPublishFauxObjectPropertyDataset .
+ai:SelfEditorPublishFauxObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:SelfEditorPublishFauxObjectPropertyDataset .
 
-ai:SelfEditorPublishFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:SelfEditorPublishFauxObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:SelfEditorPublishFauxObjectPropertyTestData .
           
 ai:SelfEditorPublishFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:SelfEditorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishFauxObjectPropertyTestData .
          
-ai:SelfEditorPublishFauxObjectPropertyTestData rdf:type ao:TestData ;
+ai:SelfEditorPublishFauxObjectPropertyTestData rdf:type ao:ValueContainer ;
    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
index 0069b71171..8ab77f6c44 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
@@ -16,10 +16,10 @@ ai:SelfEditorPublishObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowSelfEditorPublishObjectPropertyStatementRule ;
           ao:rule ai:AllowSelfEditorPublishObjectPropertyRule .
 
-ai:SelfEditorPublishObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorPublishObjectPropertyDataset .
+ai:SelfEditorPublishObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:SelfEditorPublishObjectPropertyDataset .
 
-ai:SelfEditorPublishObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:SelfEditorPublishObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:SelfEditorPublishObjectPropertyTestData .
           
 ai:SelfEditorPublishObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -49,5 +49,5 @@ ai:SelfEditorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorPublishObjectPropertyTestData .
          
-ai:SelfEditorPublishObjectPropertyTestData rdf:type ao:TestData ;
+ai:SelfEditorPublishObjectPropertyTestData rdf:type ao:ValueContainer ;
    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
deleted file mode 100644
index 14b73548a3..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_class.n3
+++ /dev/null
@@ -1,41 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorUpdateClassPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorUpdateClassRuleSet ;
-          ao:testDatasets ai:SelfEditorUpdateClassTestDatasets ;
-          ao:policyKey ai:SelfEditorUpdateClassPolicyKey .
-
-ai:SelfEditorUpdateClassRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorUpdateClassRule .
-
-ai:SelfEditorUpdateClassTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorUpdateClassDataset .
-
-ai:SelfEditorUpdateClassDataset rdf:type ao:TestDataSet ;
-          ao:testData ai:SelfEditorUpdateClassTestData .
-          
-ai:SelfEditorUpdateClassPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:Class ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowSelfEditorUpdateClassRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ClassTypeAttribute ;
-          ao:attribute ai:SelfEditorUpdateClassAttribute .
-         
-ai:SelfEditorUpdateClassAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorUpdateClassTestData .
-         
-ai:SelfEditorUpdateClassTestData rdf:type ao:TestData ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
index 2c4578287b..16f9c2427b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
@@ -16,10 +16,10 @@ ai:SelfEditorUpdateDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowSelfEditorUpdateDataPropertyStatementRule ;
           ao:rule ai:AllowSelfEditorUpdateDataPropertyRule .
 
-ai:SelfEditorUpdateDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorUpdateDataPropertyDataset .
+ai:SelfEditorUpdateDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:SelfEditorUpdateDataPropertyDataset .
 
-ai:SelfEditorUpdateDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:SelfEditorUpdateDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:SelfEditorUpdateDataPropertyTestData .
           
 ai:SelfEditorUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -50,5 +50,5 @@ ai:SelfEditorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateDataPropertyTestData .
          
-ai:SelfEditorUpdateDataPropertyTestData rdf:type ao:TestData ;
+ai:SelfEditorUpdateDataPropertyTestData rdf:type ao:ValueContainer ;
        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
index c026a711f8..0db3176116 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
@@ -16,10 +16,10 @@ ai:SelfEditorUpdateFauxDataPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowSelfEditorUpdateFauxDataPropertyStatementRule ;
           ao:rule ai:AllowSelfEditorUpdateFauxDataPropertyRule .
 
-ai:SelfEditorUpdateFauxDataPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorUpdateFauxDataPropertyDataset .
+ai:SelfEditorUpdateFauxDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:SelfEditorUpdateFauxDataPropertyDataset .
 
-ai:SelfEditorUpdateFauxDataPropertyDataset rdf:type ao:TestDataSet ;
+ai:SelfEditorUpdateFauxDataPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:SelfEditorUpdateFauxDataPropertyTestData .
           
 ai:SelfEditorUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -50,6 +50,6 @@ ai:SelfEditorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateFauxDataPropertyTestData .
          
-ai:SelfEditorUpdateFauxDataPropertyTestData rdf:type ao:TestData ;
+ai:SelfEditorUpdateFauxDataPropertyTestData rdf:type ao:ValueContainer ;
        .
        
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
index af1e8cfe19..6a47deb871 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
@@ -16,10 +16,10 @@ ai:SelfEditorUpdateFauxObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowSelfEditorUpdateFauxObjectPropertyStatementRule ;
           ao:rule ai:AllowSelfEditorUpdateFauxObjectPropertyRule .
 
-ai:SelfEditorUpdateFauxObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorUpdateFauxObjectPropertyDataset .
+ai:SelfEditorUpdateFauxObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:SelfEditorUpdateFauxObjectPropertyDataset .
 
-ai:SelfEditorUpdateFauxObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:SelfEditorUpdateFauxObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:SelfEditorUpdateFauxObjectPropertyTestData .
           
 ai:SelfEditorUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -50,6 +50,6 @@ ai:SelfEditorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateFauxObjectPropertyTestData .
          
-ai:SelfEditorUpdateFauxObjectPropertyTestData rdf:type ao:TestData ;
+ai:SelfEditorUpdateFauxObjectPropertyTestData rdf:type ao:ValueContainer ;
        .
        
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
index ac7e2908b8..e7b1617bf3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
@@ -16,10 +16,10 @@ ai:SelfEditorUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowSelfEditorUpdateObjectPropertyStatementRule ;
           ao:rule ai:AllowSelfEditorUpdateObjectPropertyRule .
 
-ai:SelfEditorUpdateObjectPropertyTestDatasets rdf:type ao:TestDatasets ;
-          ao:testDataset ai:SelfEditorUpdateObjectPropertyDataset .
+ai:SelfEditorUpdateObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
+          ao:policyDataSet ai:SelfEditorUpdateObjectPropertyDataset .
 
-ai:SelfEditorUpdateObjectPropertyDataset rdf:type ao:TestDataSet ;
+ai:SelfEditorUpdateObjectPropertyDataset rdf:type ao:PolicyDataSet ;
           ao:testData ai:SelfEditorUpdateObjectPropertyTestData .
           
 ai:SelfEditorUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
@@ -50,6 +50,6 @@ ai:SelfEditorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectUri ;
          ao:setValue ai:SelfEditorUpdateObjectPropertyTestData .
          
-ai:SelfEditorUpdateObjectPropertyTestData rdf:type ao:TestData ;
+ai:SelfEditorUpdateObjectPropertyTestData rdf:type ao:ValueContainer ;
        .
        
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_simple_permissions.n3
deleted file mode 100644
index 2883fad107..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_simple_permissions.n3
+++ /dev/null
@@ -1,138 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
-
-ai:SimplePermissionTemplatePolicy a ao:PolicyTemplate ;
-    ao:priority 1000 ;
-    ao:policyDataSets ai:SimplePermissionDataSets ;
-    ao:rules ai:SimplePermissionRuleSet .
-
-ai:SimplePermissionDataSets a ao:PolicyDataSets ;
-    ao:policyDataSetTemplate ai:SimplePermissionDataSetTemplate ;
-    ao:policyDataSet ai:PublicSimplePermissionDataSet ;
-    ao:policyDataSet ai:SelfEditorSimplePermissionDataSet ;
-    ao:policyDataSet ai:EditorSimplePermissionDataSet ;
-    ao:policyDataSet ai:CuratorSimplePermissionDataSet ;
-    ao:policyDataSet ai:AdminSimplePermissionDataSet .
-
-ai:SimplePermissionDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetKeyTemplate ai:SimplePermissionDataSetKeyTemplate ;
-    ao:testDataTemplate ai:SimplePermissionRoleTestDataTemplate ;
-    ao:testDataTemplate ai:SimplePermissionTypesTestDataTemplate .  
-
-ai:SimplePermissionDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponentTemplate ai:SubjectRole .
-
-ai:SimplePermissionRoleTestDataTemplate a ao:TestDataTemplate ;
-    ao:usedInAttributeValueSet ai:SimplePermissionRoleValueSet;
-    ao:dataValueTemplate ai:SubjectRole .
-
-ai:SimplePermissionTypesTestDataTemplate a ao:TestDataTemplate ;
-    ao:usedInAttributeValueSet ai:SimplePermissionTypeValueSet;
-    ao:dataValueTemplate ai:NamedObject .
-
-ai:PublicSimplePermissionDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey ai:PublicSimplePermissionDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:PublicSimplePermissionValueContainer .
-
-ai:PublicSimplePermissionDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent auth:PUBLIC .
-
-ai:SelfEditorSimplePermissionDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey ai:SelfEditorSimplePermissionDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:SelfEditorSimplePermissionValueContainer .
-
-ai:SelfEditorSimplePermissionDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent auth:SELF_EDITOR .
-
-ai:EditorSimplePermissionDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey ai:EditorSimplePermissionDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:EditorSimplePermissionValueContainer .
-
-ai:EditorSimplePermissionDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent auth:EDITOR .
-
-ai:CuratorSimplePermissionDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey ai:CuratorSimplePermissionDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:CuratorSimplePermissionValueContainer .
-
-ai:CuratorSimplePermissionDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent auth:CURATOR .
-
-ai:AdminSimplePermissionDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey ai:AdminSimplePermissionDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:AdminSimplePermissionValueContainer .
-
-ai:AdminSimplePermissionDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent auth:ADMIN .
-
-ai:SimplePermissionRuleSet a ao:Rules ;
-    ao:rule ai:AllowSimplePermission .
-      
-ai:AllowSimplePermission a ao:Rule;
-    ao:attribute ai:NamedObjectTypeAttribute ;
-    ao:attribute ai:PermissionNameAllowed ;
-    ao:attribute ai:SubjectRoleEqualsRoleAttribute .
-      
-ai:PermissionNameAllowed a ao:Attribute ;
-    ao:operator ai:OneOf ;
-    ao:type ai:AccessObjectUri ;
-    ao:templateValue ai:SimplePermissionTypeValueSet .
-
-ai:SimplePermissionTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:PublicSimplePermissionValueContainer ;
-    ao:attributeValue ai:SelfEditorSimplePermissionValueContainer ;
-    ao:attributeValue ai:EditorSimplePermissionValueContainer ;
-    ao:attributeValue ai:CuratorSimplePermissionValueContainer ;
-    ao:attributeValue ai:AdminSimplePermissionValueContainer .
-
-ai:PublicSimplePermissionValueContainer a ao:ValueContainer .
-ai:SelfEditorSimplePermissionValueContainer a ao:ValueContainer .
-ai:EditorSimplePermissionValueContainer a ao:ValueContainer .
-ai:CuratorSimplePermissionValueContainer a ao:ValueContainer .
-ai:AdminSimplePermissionValueContainer a ao:ValueContainer .
-
-ai:SubjectRoleEqualsRoleAttribute a ao:Attribute ;
-    ao:operator ai:Equals ;
-    ao:type ai:SubjectRole ;
-    ao:templateValue ai:SimplePermissionRoleValueSet .
-
-ai:SimplePermissionRoleValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:PublicRoleValueContainer ;
-    ao:attributeValue ai:SelfEditorRoleValueContainer ;
-    ao:attributeValue ai:EditorRoleValueContainer ;
-    ao:attributeValue ai:CuratorRoleValueContainer ;
-    ao:attributeValue ai:AdminRoleValueContainer .
-
-ai:PublicRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:PUBLIC .
-
-ai:SelfEditorRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:SELF_EDITOR .
-
-ai:EditorRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:EDITOR .
-
-ai:CuratorRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:CURATOR .
-
-ai:AdminRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:ADMIN .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_class.n3
new file mode 100644
index 0000000000..49623095c3
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_class.n3
@@ -0,0 +1,336 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-match-allowed-class/> .
+
+:PolicyTemplate a ao:PolicyTemplate ;
+    ao:rules :RuleSet ;
+    ao:policyDataSets :DataSets .
+
+:DataSets a ao:PolicyDataSets ;
+    ao:policyDataSet :PublicDisplayClassUriDataSet ;
+    ao:policyDataSet :SelfEditorDisplayClassUriDataSet ;
+    ao:policyDataSet :EditorDisplayClassUriDataSet ;
+    ao:policyDataSet :CuratorDisplayClassUriDataSet ;
+    ao:policyDataSet :AdminDisplayClassUriDataSet ;
+
+    ao:policyDataSet :PublicUpdateClassUriDataSet ;
+    ao:policyDataSet :SelfEditorUpdateClassUriDataSet ;
+    ao:policyDataSet :EditorUpdateClassUriDataSet ;
+    ao:policyDataSet :CuratorUpdateClassUriDataSet ;
+    ao:policyDataSet :AdminUpdateClassUriDataSet ;
+
+    ao:policyDataSet :SelfEditorPublishClassUriDataSet ;
+    ao:policyDataSet :EditorPublishClassUriDataSet ;
+    ao:policyDataSet :CuratorPublishClassUriDataSet ;
+    ao:policyDataSet :AdminPublishClassUriDataSet ;
+    .
+
+### Public display class uri data sets
+
+:PublicDisplayClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDisplayClassUriDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:PublicDisplayClassValueContainer .
+    
+:PublicDisplayClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+### Self editor display class uri data sets
+
+:SelfEditorDisplayClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorDisplayClassUriDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorDisplayClassValueContainer .
+    
+:SelfEditorDisplayClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+### Editor display class uri data sets
+
+:EditorDisplayClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDisplayClassUriDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:EditorDisplayClassValueContainer .
+    
+:EditorDisplayClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+### Curator display class uri data sets
+
+:CuratorDisplayClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDisplayClassUriDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDisplayClassValueContainer .
+    
+:CuratorDisplayClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+### Admin display class uri data sets
+
+:AdminDisplayClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDisplayClassUriDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:AdminDisplayClassValueContainer .
+    
+:AdminDisplayClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+### Public update class uri data sets
+
+:PublicUpdateClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicUpdateClassUriDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:UpdateOperationValueContainer ;
+    ao:dataSetValues ai:PublicUpdateClassValueContainer .
+    
+:PublicUpdateClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:UpdateOperationGroup .
+
+### Self editor update class uri data sets
+
+:SelfEditorUpdateClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorUpdateClassUriDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:UpdateOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorUpdateClassValueContainer .
+    
+:SelfEditorUpdateClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:UpdateOperationGroup .
+
+### Editor update class uri data sets
+
+:EditorUpdateClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorUpdateClassUriDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:UpdateOperationValueContainer ;
+    ao:dataSetValues ai:EditorUpdateClassValueContainer .
+    
+:EditorUpdateClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:UpdateOperationGroup .
+
+### Curator update class uri data sets
+
+:CuratorUpdateClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorUpdateClassUriDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:UpdateOperationValueContainer ;
+    ao:dataSetValues ai:CuratorUpdateClassValueContainer .
+    
+:CuratorUpdateClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:UpdateOperationGroup .
+
+### Admin update class uri data sets
+
+:AdminUpdateClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminUpdateClassUriDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:UpdateOperationValueContainer ;
+    ao:dataSetValues ai:AdminUpdateClassValueContainer .
+    
+:AdminUpdateClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:UpdateOperationGroup .
+
+### Self editor publish class uri data sets
+
+:SelfEditorPublishClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorPublishClassUriDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorPublishClassValueContainer .
+    
+:SelfEditorPublishClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+### Editor publish class uri data sets
+
+:EditorPublishClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorPublishClassUriDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:EditorPublishClassValueContainer .
+    
+:EditorPublishClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+### Curator publish class uri data sets
+
+:CuratorPublishClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorPublishClassUriDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:CuratorPublishClassValueContainer .
+    
+:CuratorPublishClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+### Admin publish class uri data sets
+
+:AdminPublishClassUriDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminPublishClassUriDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:AdminPublishClassValueContainer .
+    
+:AdminPublishClassUriDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+### Rules
+
+:RuleSet a ao:Rules ;
+    ao:rule :AllowMatchingClass .
+
+:AllowMatchingClass a ao:Rule;
+    ao:attribute :SubjectRoleCheck ;
+    ao:attribute :OperationCheck ;
+    ao:attribute :AccessObjectTypeCheck ;
+    ao:attribute :AccessObjectUriCheck .
+
+:AccessObjectTypeCheck rdf:type ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:AccessObjectType ;
+    ao:templateValue :AccessObjectTypeValueSet .
+
+:AccessObjectTypeValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:ClassAccesObjectValueContainer ;
+    .
+
+:OperationCheck a ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:Operation ;
+    ao:templateValue :OperationValueSet .
+
+:OperationValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:DisplayOperationValueContainer ;
+    ao:attributeValue ai:PublishOperationValueContainer ;
+    ao:attributeValue ai:UpdateOperationValueContainer ;
+    .
+
+:SubjectRoleCheck a ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:SubjectRole ;
+    ao:templateValue :RoleValueSet .
+
+:RoleValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:PublicRoleValueContainer ;
+    ao:attributeValue ai:SelfEditorRoleValueContainer ;
+    ao:attributeValue ai:EditorRoleValueContainer ;
+    ao:attributeValue ai:CuratorRoleValueContainer ;
+    ao:attributeValue ai:AdminRoleValueContainer .
+
+:AccessObjectUriCheck a ao:Attribute ;
+    ao:operator ai:OneOf ;
+    ao:type ai:AccessObjectUri ;
+    ao:templateValue :AllowedClassUriValueSet .
+
+:AllowedClassUriValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:AdminPublishClassValueContainer ;
+    ao:attributeValue ai:AdminDisplayClassValueContainer ;
+    ao:attributeValue ai:AdminUpdateClassValueContainer ;
+    ao:attributeValue ai:CuratorPublishClassValueContainer ;
+    ao:attributeValue ai:CuratorDisplayClassValueContainer ;
+    ao:attributeValue ai:CuratorUpdateClassValueContainer ;
+    ao:attributeValue ai:EditorPublishClassValueContainer ;
+    ao:attributeValue ai:EditorDisplayClassValueContainer ;
+    ao:attributeValue ai:EditorUpdateClassValueContainer ;
+    ao:attributeValue ai:SelfEditorPublishClassValueContainer ;
+    ao:attributeValue ai:SelfEditorDisplayClassValueContainer ;
+    ao:attributeValue ai:SelfEditorUpdateClassValueContainer ;
+    ao:attributeValue ai:PublicDisplayClassValueContainer ;
+    ao:attributeValue ai:PublicUpdateClassValueContainer ;
+    .
+
+ai:AdminPublishClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:AdminDisplayClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:AdminUpdateClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:CuratorPublishClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:CuratorDisplayClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:CuratorUpdateClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:EditorPublishClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:EditorDisplayClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:EditorUpdateClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:SelfEditorPublishClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:SelfEditorDisplayClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:SelfEditorUpdateClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:PublicDisplayClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
+
+ai:PublicUpdateClassValueContainer a ao:ValueContainer ;
+    ao:containerType ai:Class .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_property.n3
new file mode 100644
index 0000000000..c9deb4c0c2
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_property.n3
@@ -0,0 +1,590 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-match-allowed-property/> .
+
+:PolicyTemplate a ao:PolicyTemplate ;
+    ao:rules :RuleSet ;
+    ao:policyDataSets :DataSets .
+
+:DataSets a ao:PolicyDataSets ;
+    ao:policyDataSet :PublicDisplayObjectPropertyDataSet ;
+    ao:policyDataSet :EditorDisplayObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorDisplayObjectPropertyDataSet ;
+    ao:policyDataSet :AdminDisplayObjectPropertyDataSet ;
+    ao:policyDataSet :PublicDisplayDataPropertyDataSet ;
+    ao:policyDataSet :EditorDisplayDataPropertyDataSet ;
+    ao:policyDataSet :CuratorDisplayDataPropertyDataSet ;
+    ao:policyDataSet :AdminDisplayDataPropertyDataSet ;
+    ao:policyDataSet :PublicDisplayFauxObjectPropertyDataSet ;
+    ao:policyDataSet :EditorDisplayFauxObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorDisplayFauxObjectPropertyDataSet ;
+    ao:policyDataSet :AdminDisplayFauxObjectPropertyDataSet ;
+    ao:policyDataSet :PublicDisplayFauxDataPropertyDataSet ;
+    ao:policyDataSet :EditorDisplayFauxDataPropertyDataSet ;
+    ao:policyDataSet :CuratorDisplayFauxDataPropertyDataSet ;
+    ao:policyDataSet :AdminDisplayFauxDataPropertyDataSet ;
+
+    ao:policyDataSet :EditorPublishObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorPublishObjectPropertyDataSet ;
+    ao:policyDataSet :AdminPublishObjectPropertyDataSet ;
+    ao:policyDataSet :EditorPublishDataPropertyDataSet ;
+    ao:policyDataSet :CuratorPublishDataPropertyDataSet ;
+    ao:policyDataSet :AdminPublishDataPropertyDataSet ;
+    ao:policyDataSet :EditorPublishFauxObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorPublishFauxObjectPropertyDataSet ;
+    ao:policyDataSet :AdminPublishFauxObjectPropertyDataSet ;
+    ao:policyDataSet :EditorPublishFauxDataPropertyDataSet ;
+    ao:policyDataSet :CuratorPublishFauxDataPropertyDataSet ;
+    ao:policyDataSet :AdminPublishFauxDataPropertyDataSet ;
+    .
+
+### Display object property data sets
+
+:PublicDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDisplayObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:PublicDisplayObjectPropertyValueContainer .
+    
+:PublicDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+:EditorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDisplayObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:EditorDisplayObjectPropertyValueContainer .
+    
+:EditorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+:CuratorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDisplayObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDisplayObjectPropertyValueContainer .
+    
+:CuratorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+:AdminDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDisplayObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:AdminDisplayObjectPropertyValueContainer .
+    
+:AdminDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+### Display data property data sets
+
+:PublicDisplayDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDisplayDataPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:PublicDisplayDataPropertyValueContainer .
+    
+:PublicDisplayDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+:EditorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDisplayDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:EditorDisplayDataPropertyValueContainer .
+    
+:EditorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+:CuratorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDisplayDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDisplayDataPropertyValueContainer .
+    
+:CuratorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+:AdminDisplayDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDisplayDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:AdminDisplayDataPropertyValueContainer .
+    
+:AdminDisplayDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+### Display faux object property data sets
+
+:PublicDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDisplayFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:PublicDisplayFauxObjectPropertyValueContainer .
+    
+:PublicDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+:EditorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDisplayFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:EditorDisplayFauxObjectPropertyValueContainer .
+    
+:EditorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+:CuratorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDisplayFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDisplayFauxObjectPropertyValueContainer .
+    
+:CuratorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+:AdminDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDisplayFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:AdminDisplayFauxObjectPropertyValueContainer .
+    
+:AdminDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+### Display faux data property data sets
+
+:PublicDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDisplayFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:PublicDisplayFauxDataPropertyValueContainer .
+    
+:PublicDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+:EditorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDisplayFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:EditorDisplayFauxDataPropertyValueContainer .
+    
+:EditorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+:CuratorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDisplayFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDisplayFauxDataPropertyValueContainer .
+    
+:CuratorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+:AdminDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDisplayFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:AdminDisplayFauxDataPropertyValueContainer .
+    
+:AdminDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DisplayOperationGroup .
+
+### Publish object property data sets
+
+:EditorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorPublishObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:EditorPublishObjectPropertyValueContainer .
+    
+:EditorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+:CuratorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorPublishObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:CuratorPublishObjectPropertyValueContainer .
+    
+:CuratorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+:AdminPublishObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminPublishObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:AdminPublishObjectPropertyValueContainer .
+    
+:AdminPublishObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+### Publish data property data sets
+
+:EditorPublishDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorPublishDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:EditorPublishDataPropertyValueContainer .
+    
+:EditorPublishDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+:CuratorPublishDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorPublishDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:CuratorPublishDataPropertyValueContainer .
+    
+:CuratorPublishDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+:AdminPublishDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminPublishDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:AdminPublishDataPropertyValueContainer .
+    
+:AdminPublishDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+### Publish faux object property data sets
+
+:EditorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorPublishFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:EditorPublishFauxObjectPropertyValueContainer .
+    
+:EditorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+:CuratorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorPublishFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:CuratorPublishFauxObjectPropertyValueContainer .
+    
+:CuratorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+:AdminPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminPublishFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:AdminPublishFauxObjectPropertyValueContainer .
+    
+:AdminPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+### Publish faux data property data sets
+
+:EditorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorPublishFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:EditorPublishFauxDataPropertyValueContainer .
+    
+:EditorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+:CuratorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorPublishFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:CuratorPublishFauxDataPropertyValueContainer .
+    
+:CuratorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+:AdminPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminPublishFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:AdminPublishFauxDataPropertyValueContainer .
+    
+:AdminPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:PublishOperationGroup .
+
+### Rules
+
+:RuleSet a ao:Rules ;
+    ao:rule :AllowMatchingPropertyStatement ;
+    ao:rule :AllowMatchingProperty .
+
+:AllowMatchingProperty a ao:Rule;
+    ao:attribute :SubjectRoleEqualsDataSetRoleAttribute ;
+    ao:attribute :OperationEqualsDataSetOperation ;
+    ao:attribute :AccessObjectTypeEqualsDataSetValue ;
+    ao:attribute :AccessObjectUriContainsInDataSet .
+
+:AccessObjectTypeEqualsDataSetValue rdf:type ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:AccessObjectType ;
+    ao:templateValue :AccessObjectTypeValueSet .
+
+:AccessObjectTypeValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:DataPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyAccesObjectValueContainer ;
+    .
+
+:AllowMatchingPropertyStatement a ao:Rule;
+    ao:attribute :SubjectRoleEqualsDataSetRoleAttribute ;
+    ao:attribute :OperationEqualsDataSetOperation ;
+    ao:attribute :AccessObjectTypeStatementEquals ;
+    ao:attribute :StatementPredicateEquals ;
+    .
+
+:AccessObjectTypeStatementEquals rdf:type ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:AccessObjectType ;
+    ao:templateValue :StatementAccessObjectTypeValueSet .
+
+:StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    .
+
+:OperationEqualsDataSetOperation a ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:Operation ;
+    ao:templateValue :OperationValueSet .
+
+:OperationValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:DisplayOperationValueContainer ;
+    ao:attributeValue ai:PublishOperationValueContainer ;
+    .
+
+:SubjectRoleEqualsDataSetRoleAttribute a ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:SubjectRole ;
+    ao:templateValue :RoleValueSet .
+
+:RoleValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:PublicRoleValueContainer ;
+    ao:attributeValue ai:EditorRoleValueContainer ;
+    ao:attributeValue ai:CuratorRoleValueContainer ;
+    ao:attributeValue ai:AdminRoleValueContainer .
+
+:StatementPredicateEquals a ao:Attribute ;
+    ao:operator ai:OneOf ;
+    ao:type ai:StatementPredicateUri ;
+    ao:templateValue :AllowedPropertyUriValueSet .
+
+:AccessObjectUriContainsInDataSet a ao:Attribute ;
+    ao:operator ai:OneOf ;
+    ao:type ai:AccessObjectUri ;
+    ao:templateValue :AllowedPropertyUriValueSet .
+
+:AllowedPropertyUriValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:PublicDisplayObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorDisplayObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorDisplayObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminDisplayObjectPropertyValueContainer ;
+    ao:attributeValue ai:PublicDisplayDataPropertyValueContainer ;
+    ao:attributeValue ai:EditorDisplayDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorDisplayDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminDisplayDataPropertyValueContainer ;
+    ao:attributeValue ai:PublicDisplayFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorDisplayFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorDisplayFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminDisplayFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:PublicDisplayFauxDataPropertyValueContainer ;   
+    ao:attributeValue ai:EditorDisplayFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorDisplayFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminDisplayFauxDataPropertyValueContainer ;
+
+    ao:attributeValue ai:EditorPublishObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorPublishObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminPublishObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorPublishDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorPublishDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminPublishDataPropertyValueContainer ;
+    ao:attributeValue ai:EditorPublishFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorPublishFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminPublishFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorPublishFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorPublishFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminPublishFauxDataPropertyValueContainer ;
+    .
+
+ai:PublicDisplayObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:EditorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:CuratorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:AdminDisplayObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:PublicDisplayDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:EditorDisplayDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:CuratorDisplayDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:AdminDisplayDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:PublicDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:EditorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:CuratorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:AdminDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:PublicDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:EditorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:CuratorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:AdminDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+
+ai:EditorPublishObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:CuratorPublishObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:AdminPublishObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:EditorPublishDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:CuratorPublishDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:AdminPublishDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:EditorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:CuratorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:AdminPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:EditorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:CuratorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:AdminPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
new file mode 100644
index 0000000000..9973d22226
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -0,0 +1,131 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/> .
+
+:PolicyTemplate a ao:PolicyTemplate ;
+    ao:priority 1000 ;
+    ao:policyDataSets :DataSets ;
+    ao:rules :RuleSet .
+
+:DataSets a ao:PolicyDataSets ;
+    ao:policyDataSetTemplate :DataSetTemplate ;
+    ao:policyDataSet :PublicSimplePermissionDataSet ;
+    ao:policyDataSet :SelfEditorSimplePermissionDataSet ;
+    ao:policyDataSet :EditorSimplePermissionDataSet ;
+    ao:policyDataSet :CuratorSimplePermissionDataSet ;
+    ao:policyDataSet :AdminSimplePermissionDataSet .
+
+:DataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetKeyTemplate :DataSetKeyTemplate ;
+    ao:testDataTemplate :RoleTestDataTemplate ;
+    ao:testDataTemplate :TypesTestDataTemplate .  
+
+:DataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleTestDataTemplate a ao:TestDataTemplate ;
+    ao:usedInAttributeValueSet :RoleValueSet;
+    ao:dataValueTemplate ai:SubjectRole .
+
+:TypesTestDataTemplate a ao:TestDataTemplate ;
+    ao:usedInAttributeValueSet :TypeValueSet;
+    ao:dataValueTemplate ai:NamedObject .
+
+:PublicSimplePermissionDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicSimplePermissionDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:PublicSimplePermissionValueContainer .
+
+:PublicSimplePermissionDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponent auth:PUBLIC .
+
+:SelfEditorSimplePermissionDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorSimplePermissionDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:SelfEditorSimplePermissionValueContainer .
+
+:SelfEditorSimplePermissionDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponent auth:SELF_EDITOR .
+
+:EditorSimplePermissionDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorSimplePermissionDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:EditorSimplePermissionValueContainer .
+
+:EditorSimplePermissionDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponent auth:EDITOR .
+
+:CuratorSimplePermissionDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorSimplePermissionDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:CuratorSimplePermissionValueContainer .
+
+:CuratorSimplePermissionDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponent auth:CURATOR .
+
+:AdminSimplePermissionDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminSimplePermissionDataSetKey  ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:AdminSimplePermissionValueContainer .
+
+:AdminSimplePermissionDataSetKey  a ao:DataSetKey ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponent auth:ADMIN .
+
+:RuleSet a ao:Rules ;
+    ao:rule :AllowSimplePermission .
+      
+:AllowSimplePermission a ao:Rule;
+    ao:attribute ai:NamedObjectTypeAttribute ;
+    ao:attribute :PermissionNameAllowed ;
+    ao:attribute :SubjectRoleEqualsDataSetRole .
+      
+:PermissionNameAllowed a ao:Attribute ;
+    ao:operator ai:OneOf ;
+    ao:type ai:AccessObjectUri ;
+    ao:templateValue :TypeValueSet .
+
+:TypeValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:PublicSimplePermissionValueContainer ;
+    ao:attributeValue ai:SelfEditorSimplePermissionValueContainer ;
+    ao:attributeValue ai:EditorSimplePermissionValueContainer ;
+    ao:attributeValue ai:CuratorSimplePermissionValueContainer ;
+    ao:attributeValue ai:AdminSimplePermissionValueContainer .
+
+ai:PublicSimplePermissionValueContainer a ao:ValueContainer ;
+    ao:containerType ai:NamedObject .
+ai:SelfEditorSimplePermissionValueContainer a ao:ValueContainer ;
+    ao:containerType ai:NamedObject .
+ai:EditorSimplePermissionValueContainer a ao:ValueContainer ;
+    ao:containerType ai:NamedObject .
+ai:CuratorSimplePermissionValueContainer a ao:ValueContainer ;
+    ao:containerType ai:NamedObject .
+ai:AdminSimplePermissionValueContainer a ao:ValueContainer ;
+    ao:containerType ai:NamedObject .
+
+:SubjectRoleEqualsDataSetRole a ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:SubjectRole ;
+    ao:templateValue :RoleValueSet .
+
+:RoleValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:PublicRoleValueContainer ;
+    ao:attributeValue ai:SelfEditorRoleValueContainer ;
+    ao:attributeValue ai:EditorRoleValueContainer ;
+    ao:attributeValue ai:CuratorRoleValueContainer ;
+    ao:attributeValue ai:AdminRoleValueContainer .
+
+
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3 b/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
index fa13ddc5b8..5f35d827b5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
@@ -8,83 +8,99 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:PersonProfileProximityToResourceUri rdf:type ao:TestData ;
-        ao:id """
-        SELECT ?resourceUri WHERE {
-                {
-                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-                  ?roleUri a <http://vivoweb.org/ontology/core#AdvisorRole> .
-                  ?roleUri <http://vivoweb.org/ontology/core#relatedBy> ?resourceUri .
-                  ?resourceUri a <http://vivoweb.org/ontology/core#AdvisingRelationship> .
-                }
-                UNION
-                {
-                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-                  ?roleUri a <http://vivoweb.org/ontology/core#TeacherRole> .
-                  ?roleUri <http://purl.obolibrary.org/obo/BFO_0000054> ?resourceUri .
-                  ?resourceUri a <http://vivoweb.org/ontology/core#Course> .
-                }
-                UNION
-                {
-                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-                  ?roleUri a <http://vivoweb.org/ontology/core#PrincipalInvestigatorRole> .
-                  ?roleUri <http://vivoweb.org/ontology/core#relatedBy> ?resourceUri .
-                  ?resourceUri a <http://vivoweb.org/ontology/core#Grant> .
-                }
-                UNION
-                {
-                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-                  ?roleUri a <http://vivoweb.org/ontology/core#CoPrincipalInvestigatorRole> .
-                  ?roleUri <http://vivoweb.org/ontology/core#relatedBy> ?resourceUri .
-                  ?resourceUri a <http://vivoweb.org/ontology/core#Grant> .
-                }
-                UNION
-                {
-                  ?personUri <http://vivoweb.org/ontology/core#relatedBy> ?roleUri .
-                  ?roleUri a <http://vivoweb.org/ontology/core#Authorship> .
-                  ?roleUri <http://vivoweb.org/ontology/core#relates> ?resourceUri .
-                  ?resourceUri a <http://purl.obolibrary.org/obo/IAO_0000030> .
-                }
-                UNION
-                {
-                  ?personUri <http://vivoweb.org/ontology/core#relatedBy> ?roleUri .
-                  ?roleUri a <http://vivoweb.org/ontology/core#Editorship> .
-                  ?roleUri <http://vivoweb.org/ontology/core#relates> ?resourceUri .
-                  ?resourceUri a <http://purl.obolibrary.org/obo/IAO_0000030> .
-                }
-                UNION
-                {
-                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-                  ?roleUri a <http://vivoweb.org/ontology/core#PresenterRole> .
-                  ?roleUri <http://purl.obolibrary.org/obo/BFO_0000054> ?resourceUri .
-                  ?resourceUri a <http://vivoweb.org/ontology/core#Presentation> .
-                }
-                UNION
-                {
-                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-                  ?roleUri a <http://vivoweb.org/ontology/core#ClinicalRole> .
-                  ?roleUri <http://vivoweb.org/ontology/core#contributesTo> ?resourceUri .
-                  ?resourceUri a <http://vivoweb.org/ontology/core#Project> .
-                }
-                UNION
-                {
-                  ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-                  ?roleUri a <http://vivoweb.org/ontology/core#ClinicalRole> .
-                  ?roleUri <http://vivoweb.org/ontology/core#contributesTo> ?resourceUri .
-                  ?resourceUri a <http://vivoweb.org/ontology/core#Service> .
-                }
-                UNION
-                { 
-                  BIND ( ?personUri as ?resourceUri)
-                }
+ai:PersonProfileProximityToResourceUri rdf:type ao:ValueContainer ;
+    ao:id """
+    SELECT ?resourceUri WHERE {
+        {
+          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+          ?roleUri a <http://vivoweb.org/ontology/core#AdvisorRole> .
+          ?roleUri <http://vivoweb.org/ontology/core#relatedBy> ?resourceUri .
+          ?resourceUri a <http://vivoweb.org/ontology/core#AdvisingRelationship> .
         }
-        """ .
+        UNION
+        {
+          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+          ?roleUri a <http://vivoweb.org/ontology/core#TeacherRole> .
+          ?roleUri <http://purl.obolibrary.org/obo/BFO_0000054> ?resourceUri .
+          ?resourceUri a <http://vivoweb.org/ontology/core#Course> .
+        }
+        UNION
+        {
+          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+          ?roleUri a <http://vivoweb.org/ontology/core#PrincipalInvestigatorRole> .
+          ?roleUri <http://vivoweb.org/ontology/core#relatedBy> ?resourceUri .
+          ?resourceUri a <http://vivoweb.org/ontology/core#Grant> .
+        }
+        UNION
+        {
+          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+          ?roleUri a <http://vivoweb.org/ontology/core#CoPrincipalInvestigatorRole> .
+          ?roleUri <http://vivoweb.org/ontology/core#relatedBy> ?resourceUri .
+          ?resourceUri a <http://vivoweb.org/ontology/core#Grant> .
+        }
+        UNION
+        {
+          ?personUri <http://vivoweb.org/ontology/core#relatedBy> ?roleUri .
+          ?roleUri a <http://vivoweb.org/ontology/core#Authorship> .
+          ?roleUri <http://vivoweb.org/ontology/core#relates> ?resourceUri .
+          ?resourceUri a <http://purl.obolibrary.org/obo/IAO_0000030> .
+        }
+        UNION
+        {
+          ?personUri <http://vivoweb.org/ontology/core#relatedBy> ?roleUri .
+          ?roleUri a <http://vivoweb.org/ontology/core#Editorship> .
+          ?roleUri <http://vivoweb.org/ontology/core#relates> ?resourceUri .
+          ?resourceUri a <http://purl.obolibrary.org/obo/IAO_0000030> .
+        }
+        UNION
+        {
+          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+          ?roleUri a <http://vivoweb.org/ontology/core#PresenterRole> .
+          ?roleUri <http://purl.obolibrary.org/obo/BFO_0000054> ?resourceUri .
+          ?resourceUri a <http://vivoweb.org/ontology/core#Presentation> .
+        }
+        UNION
+        {
+          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+          ?roleUri a <http://vivoweb.org/ontology/core#ClinicalRole> .
+          ?roleUri <http://vivoweb.org/ontology/core#contributesTo> ?resourceUri .
+          ?resourceUri a <http://vivoweb.org/ontology/core#Project> .
+        }
+        UNION
+        {
+          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
+          ?roleUri a <http://vivoweb.org/ontology/core#ClinicalRole> .
+          ?roleUri <http://vivoweb.org/ontology/core#contributesTo> ?resourceUri .
+          ?resourceUri a <http://vivoweb.org/ontology/core#Service> .
+        }
+        UNION
+        { 
+          BIND ( ?personUri as ?resourceUri)
+        }
+    }
+    """ .
 
 
-ai:SomeUriTestData rdf:type ao:TestData ;
+ai:SomeUriTestData rdf:type ao:ValueContainer ;
         ao:id "?SOME_URI" .
-        
-ai:SomeLiteralTestData rdf:type ao:TestData ;
+
+ai:SomeLiteralTestData rdf:type ao:ValueContainer ;
         ao:id "?SOME_LITERAL" .
-        
 
+
+#Role value containers 
+
+ai:PublicRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:PUBLIC .
+
+ai:SelfEditorRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:SELF_EDITOR .
+
+ai:EditorRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:EDITOR .
+
+ai:CuratorRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:CURATOR .
+
+ai:AdminRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:ADMIN .

From 76a86bf078aa887c58a35054f4d70bd4250bcbdd Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 19 Oct 2023 11:04:58 +0200
Subject: [PATCH 054/148] renamed simple permission dataset files

---
 .../policy/SimplePermissionPolicyTest.java    | 32 +++++++++----------
 ...dataset.n3 => simple_permissions_admin.n3} |  0
 ...taset.n3 => simple_permissions_curator.n3} |  0
 ...ataset.n3 => simple_permissions_editor.n3} |  0
 ...ataset.n3 => simple_permissions_public.n3} |  0
 ...t.n3 => simple_permissions_self_editor.n3} |  0
 6 files changed, 16 insertions(+), 16 deletions(-)
 rename home/src/main/resources/rdf/accessControl/firsttime/{policy_admin_simple_permissions_dataset.n3 => simple_permissions_admin.n3} (100%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{policy_curator_simple_permissions_dataset.n3 => simple_permissions_curator.n3} (100%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{policy_editor_simple_permissions_dataset.n3 => simple_permissions_editor.n3} (100%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{policy_public_simple_permissions_dataset.n3 => simple_permissions_public.n3} (100%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{policy_self_editor_simple_permissions_dataset.n3 => simple_permissions_self_editor.n3} (100%)

diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
index 111442c302..0fb7287587 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
@@ -13,17 +13,17 @@
 
 public class SimplePermissionPolicyTest extends PolicyTest {
 
-    public static final String ADMIN_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_admin_simple_permissions_dataset";
-    public static final String CURATOR_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_curator_simple_permissions_dataset";
-    public static final String EDITOR_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_editor_simple_permissions_dataset";
-    public static final String SELF_EDITOR_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_self_editor_simple_permissions_dataset";
-    public static final String PUBLIC_SIMPLE_PERMISSIONS_DATASET_PATH = "policy_public_simple_permissions_dataset";
-    public static final String SIMPLE_PERMISSIONS_POLICY_PATH = "template_simple_permissions";
+    public static final String ADMIN_SIMPLE_PERMISSIONS_PATH = "simple_permissions_admin";
+    public static final String CURATOR_SIMPLE_PERMISSIONS_PATH = "simple_permissions_curator";
+    public static final String EDITOR_SIMPLE_PERMISSIONS_PATH = "simple_permissions_editor";
+    public static final String SELF_EDITOR_SIMPLE_PERMISSIONS_PATH = "simple_permissions_self_editor";
+    public static final String PUBLIC_SIMPLE_PERMISSIONS_PATH = "simple_permissions_public";
+    public static final String TEMPLATE_PATH = "template_simple_permissions";
 
     @Test
     public void testAdminSimplePermissionPolicy() {
-        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
-        load(USER_ACCOUNTS_HOME_FIRSTTIME + ADMIN_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + ADMIN_SIMPLE_PERMISSIONS_PATH + EXT);
         String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/AdminSimplePermissionDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
@@ -42,8 +42,8 @@ public void testAdminSimplePermissionPolicy() {
 
     @Test
     public void testCuratorSimplePermissionPolicy() {
-        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
-        load(USER_ACCOUNTS_HOME_FIRSTTIME + CURATOR_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + CURATOR_SIMPLE_PERMISSIONS_PATH + EXT);
         String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/CuratorSimplePermissionDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
@@ -62,8 +62,8 @@ public void testCuratorSimplePermissionPolicy() {
 
     @Test
     public void testEditorSimplePermissionPolicy() {
-        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
-        load(USER_ACCOUNTS_HOME_FIRSTTIME + EDITOR_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + EDITOR_SIMPLE_PERMISSIONS_PATH + EXT);
         String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/EditorSimplePermissionDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
@@ -82,8 +82,8 @@ public void testEditorSimplePermissionPolicy() {
 
     @Test
     public void testSelfEditorSimplePermissionPolicy() {
-        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
-        load(USER_ACCOUNTS_HOME_FIRSTTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_PATH + EXT);
         String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/SelfEditorSimplePermissionDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
@@ -102,8 +102,8 @@ public void testSelfEditorSimplePermissionPolicy() {
 
     @Test
     public void testPublicSimplePermissionPolicy() {
-        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + SIMPLE_PERMISSIONS_POLICY_PATH + EXT);
-        load(USER_ACCOUNTS_HOME_FIRSTTIME + PUBLIC_SIMPLE_PERMISSIONS_DATASET_PATH + EXT);
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + PUBLIC_SIMPLE_PERMISSIONS_PATH + EXT);
         String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/PublicSimplePermissionDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3
similarity index 100%
rename from home/src/main/resources/rdf/accessControl/firsttime/policy_admin_simple_permissions_dataset.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3
similarity index 100%
rename from home/src/main/resources/rdf/accessControl/firsttime/policy_curator_simple_permissions_dataset.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_editor.n3
similarity index 100%
rename from home/src/main/resources/rdf/accessControl/firsttime/policy_editor_simple_permissions_dataset.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_editor.n3
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3
similarity index 100%
rename from home/src/main/resources/rdf/accessControl/firsttime/policy_public_simple_permissions_dataset.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3
similarity index 100%
rename from home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_simple_permissions_dataset.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3

From e50e7126f58752b943d2d93a92f6504db2a91ecb Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 19 Oct 2023 15:43:14 +0200
Subject: [PATCH 055/148] finished policy to template conversion

---
 .../vedit/controller/BaseEditController.java  |    7 +-
 .../vedit/controller/OperationController.java |    7 +-
 .../auth/attributes/AccessOperation.java      |   10 +-
 .../auth/policy/EntityPolicyController.java   |   16 +-
 .../webapp/auth/policy/PolicyLoader.java      |   14 +-
 .../webapp/migration/auth/ArmMigrator.java    |   14 +-
 .../webapp/migration/auth/AuthMigrator.java   |    4 +-
 ...ccessAllowedClassesPolicyTemplateTest.java |   76 +
 ...ssAllowedPropertiesPolicyTemplateTest.java |  168 ++
 ...edAllowedPropertiesPolicyTemplateTest.java |   76 +
 .../policy/EntityPolicyControllerTest.java    |   47 +-
 .../webapp/auth/policy/EntityPolicyTests.java |  122 --
 ...MatchAllowedClassesPolicyTemplateTest.java |   78 -
 ...chAllowedPropertiesPolicyTemplateTest.java |  118 --
 .../vitro/webapp/auth/policy/PolicyTest.java  |  117 +-
 .../policy/SimplePermissionPolicyTest.java    |   18 +-
 ...edAllowedPropertiesPolicyTemplateTest.java |   84 +
 .../migration/auth/ArmMigratorTest.java       |    4 +-
 .../rdf/accessControl/firsttime/attributes.n3 |    4 -
 .../policy_admin_update_data_property.n3      |   53 -
 .../policy_admin_update_faux_data_property.n3 |   53 -
 ...olicy_admin_update_faux_object_property.n3 |   53 -
 .../policy_admin_update_object_property.n3    |   53 -
 .../policy_curator_update_data_property.n3    |   53 -
 ...olicy_curator_update_faux_data_property.n3 |   53 -
 ...icy_curator_update_faux_object_property.n3 |   53 -
 .../policy_curator_update_object_property.n3  |   53 -
 .../policy_editor_update_data_property.n3     |   53 -
 ...policy_editor_update_faux_data_property.n3 |   53 -
 ...licy_editor_update_faux_object_property.n3 |   53 -
 .../policy_editor_update_object_property.n3   |   53 -
 .../policy_public_update_data_property.n3     |   53 -
 .../policy_public_update_object_property.n3   |   53 -
 ...olicy_self_editor_display_data_property.n3 |   53 -
 ..._self_editor_display_faux_data_property.n3 |   53 -
 ...elf_editor_display_faux_object_property.n3 |   53 -
 ...icy_self_editor_display_object_property.n3 |   53 -
 ...olicy_self_editor_publish_data_property.n3 |   53 -
 ..._self_editor_publish_faux_data_property.n3 |   53 -
 ...elf_editor_publish_faux_object_property.n3 |   53 -
 ...icy_self_editor_publish_object_property.n3 |   53 -
 ...policy_self_editor_update_data_property.n3 |   54 -
 ...y_self_editor_update_faux_data_property.n3 |   55 -
 ...self_editor_update_faux_object_property.n3 |   55 -
 ...licy_self_editor_update_object_property.n3 |   55 -
 ...ss.n3 => template_access_allowed_class.n3} |   30 +-
 .../template_access_allowed_property.n3       | 1477 +++++++++++++++++
 ...emplate_access_related_allowed_property.n3 |  245 +++
 .../template_match_allowed_property.n3        |  590 -------
 ...emplate_update_related_allowed_property.n3 |  335 ++++
 50 files changed, 2554 insertions(+), 2492 deletions(-)
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
 delete mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
 delete mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedClassesPolicyTemplateTest.java
 delete mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedPropertiesPolicyTemplateTest.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
 rename home/src/main/resources/rdf/accessControl/firsttime/{template_match_allowed_class.n3 => template_access_allowed_class.n3} (94%)
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3

diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
index 11b79883d4..4b8cef08d3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
@@ -35,6 +35,7 @@
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
 import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 
 public class BaseEditController extends VitroHttpServlet {
 
@@ -218,15 +219,15 @@ protected static void addAccessAttributes(HttpServletRequest req, String entityU
         }  
         req.setAttribute("roles", permissionSets);
         // If the namespace is empty (e.e. we are creating a new record)
-        for (OperationGroup og : OperationGroup.values()){
-            String groupName = og.toString().toLowerCase().split("_")[0];
+        for (AccessOperation ao : AccessOperation.getUserInterfaceSet()){
+            String groupName = ao.toString().toLowerCase().split("_")[0];
             final String attributeName = groupName + "Roles";
             if (StringUtils.isEmpty(entityURI)) {
                 // predefined values
                 req.setAttribute(attributeName, roleUris);
             } else {
                 // Get the permission sets that are granted permission for this entity
-                req.setAttribute(attributeName, EntityPolicyController.getGrantedRoles(entityURI, og, aot, roleUris));
+                req.setAttribute(attributeName, EntityPolicyController.getGrantedRoles(entityURI, ao, aot, roleUris));
             }
         }
         
diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
index 8e0af91d51..8114aa2970 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
@@ -18,6 +18,7 @@
 import javax.servlet.http.HttpServletResponse;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
 import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
@@ -149,8 +150,8 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
                     roleUris.add(permissionSet.getUri());
                 }  
                 // Get the granted permissions from the request object
-                for (OperationGroup og : OperationGroup.values()) {
-                    String operationGroupName = og.toString().toLowerCase().split("_")[0];
+                for (AccessOperation ao : AccessOperation.getUserInterfaceSet()) {
+                    String operationGroupName = ao.toString().toLowerCase().split("_")[0];
                     String[] selectedRoles = request.getParameterValues(operationGroupName + "Roles");
                     if(StringUtils.isBlank(entityUri)) {
                         log.error("EntityUri is blank");
@@ -160,7 +161,7 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
                         if (selectedRoles == null) {
                             selectedRoles = new String[0];
                         }
-                        EntityPolicyController.updateEntityPolicyDataSet(entityUri, AccessObjectType.valueOf(entityType), og, Arrays.asList(selectedRoles), roleUris);
+                        EntityPolicyController.updateEntityPolicyDataSet(entityUri, AccessObjectType.valueOf(entityType), ao, Arrays.asList(selectedRoles), roleUris);
                     }
                 }
             }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
index 159b77bea2..539184dab2 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
@@ -2,6 +2,9 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
+import java.util.EnumSet;
+import java.util.Set;
+
 public enum AccessOperation {
     EXECUTE,
     PUBLISH,
@@ -9,5 +12,10 @@ public enum AccessOperation {
     DISPLAY,
     ADD,
     DROP,
-    EDIT
+    EDIT;
+
+    public static Set<AccessOperation> getUserInterfaceSet() {
+        return EnumSet.of(AccessOperation.DISPLAY, AccessOperation.ADD, AccessOperation.DROP, AccessOperation.EDIT,
+                AccessOperation.PUBLISH);
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index 35ee96d269..c94823d578 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -11,7 +11,7 @@
 import java.util.Set;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
@@ -29,7 +29,7 @@ public class EntityPolicyController {
      * @param selectedRoles - list of roles to assign
      * @param allRoles - list of all available roles
      */
-    public static void updateEntityPolicyDataSet(String entityUri, AccessObjectType aot, OperationGroup og,
+    public static void updateEntityPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation og,
             List<String> selectedRoles, List<String> allRoles) {
         if (StringUtils.isBlank(entityUri)) {
             return;
@@ -58,7 +58,7 @@ public static void updateEntityPolicyDataSet(String entityUri, AccessObjectType
         }
     }
 
-    public static List<String> getGrantedRoles(String entityUri, OperationGroup og, AccessObjectType aot,
+    public static List<String> getGrantedRoles(String entityUri, AccessOperation og, AccessObjectType aot,
             List<String> allRoles) {
         if (StringUtils.isBlank(entityUri)) {
             return Collections.emptyList();
@@ -72,15 +72,15 @@ public static List<String> getGrantedRoles(String entityUri, OperationGroup og,
         return grantedRoles;
     }
 
-    public static void getDataValueStatements(String entityUri, AccessObjectType aot, OperationGroup og,
+    public static void getDataValueStatements(String entityUri, AccessObjectType aot, AccessOperation ao,
             Set<String> selectedRoles, StringBuilder sb) {
         if (StringUtils.isBlank(entityUri)) {
             return;
         }
         for (String role : selectedRoles) {
-            String testDataUri = getPolicyTestDataUri(aot, og, role);
+            String testDataUri = getPolicyTestDataUri(aot, ao, role);
             if (testDataUri == null) {
-                log.error(String.format("Policy test data wasn't found by key:\n%s\n%s\n%s", og, aot, role));
+                log.error(String.format("Policy test data wasn't found by key:\n%s\n%s\n%s", ao, aot, role));
                 continue;
             }
             sb.append("<").append(testDataUri)
@@ -103,12 +103,12 @@ public static void insertedEntityEvent(Property newObj) {
         log.debug("Nothing to do " + newObj);
     }
 
-    private static boolean isUriInTestDataset(String entityUri, OperationGroup og, AccessObjectType aot, String role) {
+    private static boolean isUriInTestDataset(String entityUri, AccessOperation og, AccessObjectType aot, String role) {
         Set<String> values = PolicyLoader.getInstance().getDataSetValues(og, aot, role);
         return values.contains(entityUri);
     }
 
-    private static String getPolicyTestDataUri(AccessObjectType aot, OperationGroup og, String role) {
+    private static String getPolicyTestDataUri(AccessObjectType aot, AccessOperation og, String role) {
         String key = aot.toString() + "." + og.toString() + "." + role;
         if (policyKeyToDataValueMap.containsKey(key)) {
             return policyKeyToDataValueMap.get(key);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 4c2cd3d725..9c2ac7da4c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -12,8 +12,8 @@
 import java.util.List;
 import java.util.Set;
 
-import arq.query;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
@@ -359,7 +359,7 @@ protected void processQuerySolution(QuerySolution qs) {
         return priority[0];
     }
 
-    public Set<String> getDataSetValues(OperationGroup og, AccessObjectType aot, String role) {
+    public Set<String> getDataSetValues(AccessOperation og, AccessObjectType aot, String role) {
         Set<String> values = new HashSet<>();
         long expectedSize = 3;
         String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
@@ -424,7 +424,7 @@ protected void processQuerySolution(QuerySolution qs) {
         return uri[0];
     }
 
-    public String getEntityPolicyTestDataValue(OperationGroup og, AccessObjectType aot, String role) {
+    public String getEntityPolicyTestDataValue(AccessOperation og, AccessObjectType aot, String role) {
         String[] valueUri = new String[1];
         long expectedSize = 3;
         final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
@@ -452,7 +452,7 @@ protected void processQuerySolution(QuerySolution qs) {
         return valueUri[0];
     }
 
-    public void modifyPolicyDataSetValue(String entityUri, OperationGroup og, AccessObjectType aot, String role,
+    public void modifyPolicyDataSetValue(String entityUri, AccessOperation og, AccessObjectType aot, String role,
             boolean isAdd) {
         String queryText = getPolicyDataSetValueStatementByKeyQuery(entityUri, new String[] { role },
                 new String[] { og.toString(), aot.toString() });
@@ -732,11 +732,11 @@ private static void debug(String template, Object... objects) {
         }
     }
 
-    public void addEntityToPolicyDataSet(String entityUri, AccessObjectType aot, OperationGroup og, String role) {
+    public void addEntityToPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation og, String role) {
         modifyPolicyDataSetValue(entityUri, og, aot, role, true);
     }
 
-    public void removeEntityFromPolicyDataSet(String entityUri, AccessObjectType aot, OperationGroup og, String role) {
+    public void removeEntityFromPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation og, String role) {
         modifyPolicyDataSetValue(entityUri, og, aot, role, false);
     }
 
@@ -747,7 +747,7 @@ private ChangeSet makeChangeSet() {
         return cs;
     }
 
-    public String getDataSetUriByKey(OperationGroup og, AccessObjectType aot, String role) {
+    public String getDataSetUriByKey(AccessOperation og, AccessObjectType aot, String role) {
         long expectedSize = 3;
         final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
                 new String[] { og.toString(), aot.toString() });
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
index a3d765498b..479debeb2e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
@@ -92,11 +92,11 @@ protected StringBuilder getStatementsToRemove() {
             for (String operation : armOperations) {
                 OperationGroup og = operationMap.get(operation);
                 for (AccessObjectType aot : entityTypes) {
-                    Set<String> entityUris = PolicyLoader.getInstance().getDataSetValues(og, aot, newRole);
-                    for (String entityUri : entityUris) {
-                        EntityPolicyController.getDataValueStatements(entityUri, aot, og,
-                                Collections.singleton(newRole), removals);
-                    }
+               //     Set<String> entityUris = PolicyLoader.getInstance().getDataSetValues(og, aot, newRole);
+               //     for (String entityUri : entityUris) {
+               //         EntityPolicyController.getDataValueStatements(entityUri, aot, og,
+               //                 Collections.singleton(newRole), removals);
+               //     }
                 }
             }
         }
@@ -162,8 +162,8 @@ protected void collectAdditions(Map<AccessObjectType, Set<String>> entityTypeMap
                         intersectionEntities.addAll(addFauxDP);
                     }
                     for (String entityUri : intersectionEntities) {
-                        EntityPolicyController.getDataValueStatements(entityUri, type, og,
-                                Collections.singleton(newRole), additions);
+                       // EntityPolicyController.getDataValueStatements(entityUri, type, og,
+                       //         Collections.singleton(newRole), additions);
                     }
                 }
             }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 52053ec76b..6384e8a4b0 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -92,7 +92,7 @@ static Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<Operati
             Map<OperationGroup, Set<String>> groupMap = configs.get(entityUri);
             for (OperationGroup og : groupMap.keySet()) {
                 Set<String> rolesToAdd = groupMap.get(og);
-                EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToAdd, additions);
+               // EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToAdd, additions);
                 Set<String> rolesToRemove = new HashSet<>(ALL_ROLES);
                 rolesToRemove.removeAll(rolesToAdd);
                 // Don't remove public publish and update data sets, as there are no public policies for that operation
@@ -100,7 +100,7 @@ static Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<Operati
                 if (OperationGroup.PUBLISH_GROUP.equals(og) || OperationGroup.UPDATE_GROUP.equals(og)) {
                     rolesToRemove.remove(ROLE_PUBLIC_URI);
                 }
-                EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToRemove, removals);
+               // EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToRemove, removals);
                 log.debug(
                         String.format("Updated entity %s dataset for operation group %s access object type %s roles %s",
                                 entityUri, og, aot, rolesToAdd));
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
new file mode 100644
index 0000000000..2a0c8d36bd
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
@@ -0,0 +1,76 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.CLASS;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DISPLAY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.PUBLISH;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.UPDATE;
+import static org.junit.Assert.assertFalse;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+@RunWith(Parameterized.class)
+public class AccessAllowedClassesPolicyTemplateTest extends PolicyTest {
+    private static final String TEMPLATE_CLASS_PREFIX =
+            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-class/";
+
+    public static final String POLICY_TEMPLATE_MATCH_CLASS_PATH =
+            USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_allowed_class.n3";
+
+    @org.junit.runners.Parameterized.Parameter(0)
+    public String dataSetUri;
+
+    @org.junit.runners.Parameterized.Parameter(1)
+    public AccessOperation group;
+
+    @org.junit.runners.Parameterized.Parameter(2)
+    public AccessObjectType type;
+
+    @org.junit.runners.Parameterized.Parameter(3)
+    public String roleUri;
+
+    @org.junit.runners.Parameterized.Parameter(4)
+    public int rulesCount;
+
+    @org.junit.runners.Parameterized.Parameter(5)
+    public Set<Integer> attrCount;
+
+    @Test
+    public void testPolicy() {
+        load(POLICY_TEMPLATE_MATCH_CLASS_PATH);
+        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        DynamicPolicy policy = null;
+        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_CLASS_PREFIX + dataSetUri);
+        countRulesAndAttributes(policy, rulesCount, attrCount);
+        Set<String> values = loader.getDataSetValues(group, type, roleUri);
+        assertFalse(values.isEmpty());
+    }
+
+    @Parameterized.Parameters
+    public static Collection<Object[]> requests() {
+        return Arrays.asList(new Object[][] {
+                { "EditorDisplayClassUriDataSet", DISPLAY, CLASS, EDITOR, 1, Collections.singleton(4) },
+                { "PublicDisplayClassUriDataSet", DISPLAY, CLASS, PUBLIC, 1, Collections.singleton(4) },
+                { "EditorUpdateClassUriDataSet", UPDATE, CLASS, EDITOR, 1, Collections.singleton(4) },
+                { "SelfEditorDisplayClassUriDataSet", DISPLAY, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
+                { "CuratorDisplayClassUriDataSet", DISPLAY, CLASS, CURATOR, 1, Collections.singleton(4) },
+                { "AdminDisplayClassUriDataSet", DISPLAY, CLASS, ADMIN, 1, Collections.singleton(4) },
+                { "EditorPublishClassUriDataSet", PUBLISH, CLASS, EDITOR, 1, Collections.singleton(4) },
+                { "SelfEditorPublishClassUriDataSet", PUBLISH, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
+                { "CuratorPublishClassUriDataSet", PUBLISH, CLASS, CURATOR, 1, Collections.singleton(4) },
+                { "AdminPublishClassUriDataSet", PUBLISH, CLASS, ADMIN, 1, Collections.singleton(4) },
+                { "SelfEditorUpdateClassUriDataSet", UPDATE, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
+                { "PublicUpdateClassUriDataSet", UPDATE, CLASS, PUBLIC, 1, Collections.singleton(4) },
+                { "CuratorUpdateClassUriDataSet", UPDATE, CLASS, CURATOR, 1, Collections.singleton(4) },
+                { "AdminUpdateClassUriDataSet", UPDATE, CLASS, ADMIN, 1, Collections.singleton(4) }, });
+    }
+
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
new file mode 100644
index 0000000000..a6b8b24f86
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
@@ -0,0 +1,168 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.DATA_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_DATA_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_OBJECT_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.OBJECT_PROPERTY;
+import static org.junit.Assert.assertFalse;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DISPLAY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.EDIT;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.ADD;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DROP;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.PUBLISH;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+@RunWith(Parameterized.class)
+public class AccessAllowedPropertiesPolicyTemplateTest extends PolicyTest {
+    private static final String TEMPLATE_PROPERTY_PREFIX =
+            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-property/";
+    
+    public static final String POLICY_TEMPLATE_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
+            + "template_access_allowed_property.n3";
+
+    @org.junit.runners.Parameterized.Parameter(0)
+    public String dataSetUri;
+
+    @org.junit.runners.Parameterized.Parameter(1)
+    public AccessOperation group;
+
+    @org.junit.runners.Parameterized.Parameter(2)
+    public AccessObjectType type;
+
+    @org.junit.runners.Parameterized.Parameter(3)
+    public String roleUri;
+
+    @org.junit.runners.Parameterized.Parameter(4)
+    public int rulesCount;
+
+    @org.junit.runners.Parameterized.Parameter(5)
+    public Set<Integer> attrCount;
+
+    @Test
+    public void testPolicy() {
+        load(POLICY_TEMPLATE_PATH);
+        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        DynamicPolicy policy = null;
+        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_PROPERTY_PREFIX + dataSetUri);
+        countRulesAndAttributes(policy, rulesCount, attrCount);
+        Set<String> values = loader.getDataSetValues(group, type, roleUri);
+        assertFalse(values.isEmpty());
+    }
+
+    @Parameterized.Parameters
+    public static Collection<Object[]> requests() {
+        return Arrays.asList(new Object[][] {
+
+                { "AdminDisplayObjectPropertyDataSet", DISPLAY, OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorDisplayObjectPropertyDataSet", DISPLAY, OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorDisplayObjectPropertyDataSet", DISPLAY, OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicDisplayObjectPropertyDataSet", DISPLAY, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminDisplayDataPropertyDataSet", DISPLAY, DATA_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorDisplayDataPropertyDataSet", DISPLAY, DATA_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorDisplayDataPropertyDataSet", DISPLAY, DATA_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicDisplayDataPropertyDataSet", DISPLAY, DATA_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminDisplayFauxObjectPropertyDataSet", DISPLAY, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorDisplayFauxObjectPropertyDataSet", DISPLAY, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorDisplayFauxObjectPropertyDataSet", DISPLAY, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicDisplayFauxObjectPropertyDataSet", DISPLAY, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminDisplayFauxDataPropertyDataSet", DISPLAY, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorDisplayFauxDataPropertyDataSet", DISPLAY, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorDisplayFauxDataPropertyDataSet", DISPLAY, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicDisplayFauxDataPropertyDataSet", DISPLAY, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminPublishObjectPropertyDataSet", PUBLISH, OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorPublishObjectPropertyDataSet", PUBLISH, OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorPublishObjectPropertyDataSet", PUBLISH, OBJECT_PROPERTY, EDITOR, 2, num(4) },
+
+                { "AdminPublishDataPropertyDataSet", PUBLISH, DATA_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorPublishDataPropertyDataSet", PUBLISH, DATA_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorPublishDataPropertyDataSet", PUBLISH, DATA_PROPERTY, EDITOR, 2, num(4) },
+
+                { "AdminPublishFauxObjectPropertyDataSet", PUBLISH, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorPublishFauxObjectPropertyDataSet", PUBLISH, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorPublishFauxObjectPropertyDataSet", PUBLISH, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
+
+                { "AdminPublishFauxDataPropertyDataSet", PUBLISH, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorPublishFauxDataPropertyDataSet", PUBLISH, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorPublishFauxDataPropertyDataSet", PUBLISH, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
+
+                { "AdminEditObjectPropertyDataSet", EDIT, OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorEditObjectPropertyDataSet", EDIT, OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorEditObjectPropertyDataSet", EDIT, OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicEditObjectPropertyDataSet", EDIT, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminAddObjectPropertyDataSet", ADD, OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorAddObjectPropertyDataSet", ADD, OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorAddObjectPropertyDataSet", ADD, OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicAddObjectPropertyDataSet", ADD, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminDropObjectPropertyDataSet", DROP, OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorDropObjectPropertyDataSet", DROP, OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorDropObjectPropertyDataSet", DROP, OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicDropObjectPropertyDataSet", DROP, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminEditDataPropertyDataSet", EDIT, DATA_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorEditDataPropertyDataSet", EDIT, DATA_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorEditDataPropertyDataSet", EDIT, DATA_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicEditDataPropertyDataSet", EDIT, DATA_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminAddDataPropertyDataSet", ADD, DATA_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorAddDataPropertyDataSet", ADD, DATA_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorAddDataPropertyDataSet", ADD, DATA_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicAddDataPropertyDataSet", ADD, DATA_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminDropDataPropertyDataSet", DROP, DATA_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorDropDataPropertyDataSet", DROP, DATA_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorDropDataPropertyDataSet", DROP, DATA_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicDropDataPropertyDataSet", DROP, DATA_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminEditFauxObjectPropertyDataSet", EDIT, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorEditFauxObjectPropertyDataSet", EDIT, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorEditFauxObjectPropertyDataSet", EDIT, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicEditFauxObjectPropertyDataSet", EDIT, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminAddFauxObjectPropertyDataSet", ADD, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorAddFauxObjectPropertyDataSet", ADD, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorAddFauxObjectPropertyDataSet", ADD, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicAddFauxObjectPropertyDataSet", ADD, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminDropFauxObjectPropertyDataSet", DROP, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorDropFauxObjectPropertyDataSet", DROP, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorDropFauxObjectPropertyDataSet", DROP, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicDropFauxObjectPropertyDataSet", DROP, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminEditFauxDataPropertyDataSet", EDIT, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorEditFauxDataPropertyDataSet", EDIT, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorEditFauxDataPropertyDataSet", EDIT, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicEditFauxDataPropertyDataSet", EDIT, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminAddFauxDataPropertyDataSet", ADD, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorAddFauxDataPropertyDataSet", ADD, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorAddFauxDataPropertyDataSet", ADD, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicAddFauxDataPropertyDataSet", ADD, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) },
+
+                { "AdminDropFauxDataPropertyDataSet", DROP, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
+                { "CuratorDropFauxDataPropertyDataSet", DROP, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
+                { "EditorDropFauxDataPropertyDataSet", DROP, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
+                { "PublicDropFauxDataPropertyDataSet", DROP, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) }, });
+    }
+
+    private static Set<Integer> num(int i) {
+        return Collections.singleton(i);
+    }
+
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
new file mode 100644
index 0000000000..ef6d7310f6
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -0,0 +1,76 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.DATA_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_DATA_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_OBJECT_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.OBJECT_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DISPLAY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.PUBLISH;
+import static org.junit.Assert.assertFalse;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+@RunWith(Parameterized.class)
+public class AccessRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest {
+    private static final String TEMPLATE_PROPERTY_PREFIX =
+            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-property/";
+
+    public static final String POLICY_TEMPLATE_PATH =
+            USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_related_allowed_property.n3";
+    @org.junit.runners.Parameterized.Parameter(0)
+    public String dataSetUri;
+
+    @org.junit.runners.Parameterized.Parameter(1)
+    public AccessOperation group;
+
+    @org.junit.runners.Parameterized.Parameter(2)
+    public AccessObjectType type;
+
+    @org.junit.runners.Parameterized.Parameter(3)
+    public String roleUri;
+
+    @org.junit.runners.Parameterized.Parameter(4)
+    public int rulesCount;
+
+    @org.junit.runners.Parameterized.Parameter(5)
+    public Set<Integer> attrCount;
+
+    @Test
+    public void testPolicy() {
+        load(POLICY_TEMPLATE_PATH);
+        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        DynamicPolicy policy = null;
+        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_PROPERTY_PREFIX + dataSetUri);
+        countRulesAndAttributes(policy, rulesCount, attrCount);
+        Set<String> values = loader.getDataSetValues(group, type, roleUri);
+        assertFalse(values.isEmpty());
+    }
+
+    @Parameterized.Parameters
+    public static Collection<Object[]> requests() {
+        return Arrays.asList(new Object[][] {
+
+                { "SelfEditorDisplayObjectPropertyDataSet", DISPLAY, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { "SelfEditorDisplayDataPropertyDataSet", DISPLAY, DATA_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { "SelfEditorDisplayFauxObjectPropertyDataSet", DISPLAY, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { "SelfEditorDisplayFauxDataPropertyDataSet", DISPLAY, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { "SelfEditorPublishObjectPropertyDataSet", PUBLISH, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { "SelfEditorPublishDataPropertyDataSet", PUBLISH, DATA_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { "SelfEditorPublishFauxObjectPropertyDataSet", PUBLISH, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { "SelfEditorPublishFauxDataPropertyDataSet", PUBLISH, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4) }, });
+    }
+
+    private static Set<Integer> num(int i) {
+        return Collections.singleton(i);
+    }
+
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
index dfe100f5c5..37cc130f6e 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
@@ -12,33 +12,22 @@
 
 public class EntityPolicyControllerTest extends PolicyTest {
 
-    @Test
-    public void testGetGrantedRoles() {
-        //load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
-        //load(SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH);
-        List<String> allowedRoles = Arrays.asList(ROLE_ADMIN_URI, ROLE_SELF_EDITOR_URI);
-        EntityPolicyController.updateEntityPolicyDataSet("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
-                allowedRoles, ROLE_LIST);
-        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP,
-                AccessObjectType.CLASS, ROLE_LIST);
-        assertEquals(2, roles.size());
-        roles.contains(ROLE_ADMIN_URI);
-        roles.contains(ROLE_EDITOR_URI);
-    }
-
-    @Test
-    public void testPolicyDataSetModification() {
-       // load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
-        EntityPolicyController.updateEntityPolicyDataSet("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
-                Arrays.asList(ROLE_ADMIN_URI), ROLE_LIST);
-        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP,
-                AccessObjectType.CLASS, ROLE_LIST);
-        assertEquals(1, roles.size());
-        roles.contains(ROLE_ADMIN_URI);
-        EntityPolicyController.updateEntityPolicyDataSet("test:newClass", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
-                Collections.emptyList(), ROLE_LIST);
-        roles = EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP,
-                AccessObjectType.CLASS, ROLE_LIST);
-        assertEquals(0, roles.size());
-    }
+    /*
+     * @Test public void testGetGrantedRoles() { //load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
+     * //load(SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH); List<String> allowedRoles = Arrays.asList(ADMIN, SELF_EDITOR);
+     * EntityPolicyController.updateEntityPolicyDataSet("test:newClass", AccessObjectType.CLASS,
+     * OperationGroup.DISPLAY_GROUP, allowedRoles, ROLE_LIST); List<String> roles =
+     * EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS,
+     * ROLE_LIST); assertEquals(2, roles.size()); roles.contains(ADMIN); roles.contains(EDITOR); }
+     * 
+     * @Test public void testPolicyDataSetModification() { // load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
+     * EntityPolicyController.updateEntityPolicyDataSet("test:newClass", AccessObjectType.CLASS,
+     * OperationGroup.DISPLAY_GROUP, Arrays.asList(ADMIN), ROLE_LIST); List<String> roles =
+     * EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS,
+     * ROLE_LIST); assertEquals(1, roles.size()); roles.contains(ADMIN);
+     * EntityPolicyController.updateEntityPolicyDataSet("test:newClass", AccessObjectType.CLASS,
+     * OperationGroup.DISPLAY_GROUP, Collections.emptyList(), ROLE_LIST); roles =
+     * EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS,
+     * ROLE_LIST); assertEquals(0, roles.size()); }
+     */
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
deleted file mode 100644
index 61c486bd14..0000000000
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyTests.java
+++ /dev/null
@@ -1,122 +0,0 @@
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.DATA_PROPERTY;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_DATA_PROPERTY;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_OBJECT_PROPERTY;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.OBJECT_PROPERTY;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.DISPLAY_GROUP;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.PUBLISH_GROUP;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.UPDATE_GROUP;
-import static org.junit.Assert.assertFalse;
-
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized;
-
-@RunWith(Parameterized.class)
-public class EntityPolicyTests extends PolicyTest {
-    private static final String TEMPLATE_SIMPLE_MATCH_PROPERTY = "template/simple-match-allowed-property/PolicyTemplate";
-    private static final String TEMPLATE_SIMPLE_MATCH_CLASS = "template/simple-match-allowed-class/PolicyTemplate";
-
-    private static final String TEMPLATE_MATCH_ALLOWED_DATASET =
-            RESOURCES_PREFIX + "policy_template_match_allowed_dataset.n3";
-    private static final String TEMPLATE_PROPERTY_PREFIX =
-            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-match-allowed-property/";
-    private static final String TEMPLATE_CLASS_PREFIX =
-            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-match-allowed-class/";
-
-    @org.junit.runners.Parameterized.Parameter(0)
-    public String policyFilePath;
-
-    @org.junit.runners.Parameterized.Parameter(1)
-    public String testDataSetPath;
-
-    @org.junit.runners.Parameterized.Parameter(2)
-    public String uri;
-
-    @org.junit.runners.Parameterized.Parameter(3)
-    public String dataSetUri;
-
-    @org.junit.runners.Parameterized.Parameter(4)
-    public OperationGroup group;
-
-    @org.junit.runners.Parameterized.Parameter(5)
-    public AccessObjectType type;
-
-    @org.junit.runners.Parameterized.Parameter(6)
-    public String roleUri;
-
-    @org.junit.runners.Parameterized.Parameter(7)
-    public int rulesCount;
-
-    @org.junit.runners.Parameterized.Parameter(8)
-    public Set<Integer> attrCount;
-
-    @Test
-    public void testPolicy() {
-        load(policyFilePath);
-        load(testDataSetPath);
-        String policyUri = PREFIX + uri;
-        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
-        DynamicPolicy policy = null;
-        if (dataSetUri != null) {
-            policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
-        } else {
-            policy = loader.loadPolicy(policyUri);
-        }
-        countRulesAndAttributes(policy, rulesCount, attrCount);
-        Set<String> values = loader.getDataSetValues(group, type, roleUri);
-        assertFalse(values.isEmpty());
-    }
-
-    @Parameterized.Parameters
-    public static Collection<Object[]> requests() {
-        return Arrays.asList(new Object[][] {
-                { SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorDisplayDataPropertyPolicy", null, DISPLAY_GROUP, DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-                { SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorDisplayObjectPropertyPolicy", null, DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-                { SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorPublishDataPropertyPolicy", null, PUBLISH_GROUP, DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-                { SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorPublishObjectPropertyPolicy", null, PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-
-                { EDITOR_UPDATE_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "EditorUpdateDataPropertyPolicy", null, UPDATE_GROUP, DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-                { EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "EditorUpdateObjectPropertyPolicy", null, UPDATE_GROUP, OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-
-                { SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorUpdateDataPropertyPolicy", null, UPDATE_GROUP, DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4, 5)) },
-                { SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorUpdateObjectPropertyPolicy", null, UPDATE_GROUP, OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4, 5)) },
-
-                { PUBLIC_UPDATE_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "PublicUpdateDataPropertyPolicy", null, UPDATE_GROUP, DATA_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
-                { PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "PublicUpdateObjectPropertyPolicy", null, UPDATE_GROUP, OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2, Collections.singleton(4) },
-
-                { CURATOR_UPDATE_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "CuratorUpdateDataPropertyPolicy", null, UPDATE_GROUP, DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-                { CURATOR_UPDATE_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "CuratorUpdateObjectPropertyPolicy", null, UPDATE_GROUP, OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-
-                { ADMIN_UPDATE_DATA_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "AdminUpdateDataPropertyPolicy", null, UPDATE_GROUP, DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-                { ADMIN_UPDATE_OBJ_PROP_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "AdminUpdateObjectPropertyPolicy", null, UPDATE_GROUP, OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-                
-                { SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorDisplayFauxObjectPropertyPolicy", null, DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-                { SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, TEMPLATE_SIMPLE_MATCH_PROPERTY, TEMPLATE_PROPERTY_PREFIX + "SelfEditorPublishFauxObjectPropertyDataSet", PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-
-                { ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "AdminUpdateFauxObjectPropertyPolicy", null, UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-                { CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "CuratorUpdateFauxObjectPropertyPolicy", null, UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-                { EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "EditorUpdateFauxObjectPropertyPolicy", null, UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-                { SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorUpdateFauxObjectPropertyPolicy", null, UPDATE_GROUP, FAUX_OBJECT_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4, 5)) },
-
-                { SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorDisplayFauxDataPropertyPolicy", null, DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-                { SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorPublishFauxDataPropertyPolicy", null, PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, Collections.singleton(4) },
-
-                { ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "AdminUpdateFauxDataPropertyPolicy", null, UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2, Collections.singleton(4) },
-                { CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "CuratorUpdateFauxDataPropertyPolicy", null, UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2, Collections.singleton(4) },
-                { EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "EditorUpdateFauxDataPropertyPolicy", null, UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2, Collections.singleton(4) },
-                { SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH, TEMPLATE_MATCH_ALLOWED_DATASET, "SelfEditorUpdateFauxDataPropertyPolicy", null, UPDATE_GROUP, FAUX_DATA_PROPERTY, ROLE_SELF_EDITOR_URI, 2, new HashSet<>(Arrays.asList(4, 5)) },
-
-        });
-    }
-
-}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedClassesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedClassesPolicyTemplateTest.java
deleted file mode 100644
index af960ae48e..0000000000
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedClassesPolicyTemplateTest.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.CLASS;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.DISPLAY_GROUP;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.PUBLISH_GROUP;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.UPDATE_GROUP;
-import static org.junit.Assert.assertFalse;
-
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Set;
-
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized;
-
-@RunWith(Parameterized.class)
-public class MatchAllowedClassesPolicyTemplateTest extends PolicyTest {
-    private static final String TEMPLATE_CLASS_PREFIX =
-            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-match-allowed-class/";
-
-    @org.junit.runners.Parameterized.Parameter(0)
-    public String dataSetUri;
-
-    @org.junit.runners.Parameterized.Parameter(1)
-    public OperationGroup group;
-
-    @org.junit.runners.Parameterized.Parameter(2)
-    public AccessObjectType type;
-
-    @org.junit.runners.Parameterized.Parameter(3)
-    public String roleUri;
-
-    @org.junit.runners.Parameterized.Parameter(4)
-    public int rulesCount;
-
-    @org.junit.runners.Parameterized.Parameter(5)
-    public Set<Integer> attrCount;
-
-    @Test
-    public void testPolicy() {
-        load(POLICY_TEMPLATE_MATCH_CLASS_PATH);
-        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
-        DynamicPolicy policy = null;
-        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_CLASS_PREFIX + dataSetUri);
-        countRulesAndAttributes(policy, rulesCount, attrCount);
-        Set<String> values = loader.getDataSetValues(group, type, roleUri);
-        assertFalse(values.isEmpty());
-    }
-
-    @Parameterized.Parameters
-    public static Collection<Object[]> requests() {
-        return Arrays.asList(new Object[][] {
-                { "EditorDisplayClassUriDataSet", DISPLAY_GROUP, CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
-                { "PublicDisplayClassUriDataSet", DISPLAY_GROUP, CLASS, ROLE_PUBLIC_URI, 1, Collections.singleton(4) },
-                { "EditorUpdateClassUriDataSet", UPDATE_GROUP, CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
-                { "SelfEditorDisplayClassUriDataSet", DISPLAY_GROUP, CLASS, ROLE_SELF_EDITOR_URI, 1,
-                        Collections.singleton(4) },
-                { "CuratorDisplayClassUriDataSet", DISPLAY_GROUP, CLASS, ROLE_CURATOR_URI, 1,
-                        Collections.singleton(4) },
-                { "AdminDisplayClassUriDataSet", DISPLAY_GROUP, CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
-                { "EditorPublishClassUriDataSet", PUBLISH_GROUP, CLASS, ROLE_EDITOR_URI, 1, Collections.singleton(4) },
-                { "SelfEditorPublishClassUriDataSet", PUBLISH_GROUP, CLASS, ROLE_SELF_EDITOR_URI, 1,
-                        Collections.singleton(4) },
-                { "CuratorPublishClassUriDataSet", PUBLISH_GROUP, CLASS, ROLE_CURATOR_URI, 1,
-                        Collections.singleton(4) },
-                { "AdminPublishClassUriDataSet", PUBLISH_GROUP, CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) },
-                { "SelfEditorUpdateClassUriDataSet", UPDATE_GROUP, CLASS, ROLE_SELF_EDITOR_URI, 1,
-                        Collections.singleton(4) },
-                { "PublicUpdateClassUriDataSet", UPDATE_GROUP, CLASS, ROLE_PUBLIC_URI, 1, Collections.singleton(4) },
-                { "CuratorUpdateClassUriDataSet", UPDATE_GROUP, CLASS, ROLE_CURATOR_URI, 1, Collections.singleton(4) },
-                { "AdminUpdateClassUriDataSet", UPDATE_GROUP, CLASS, ROLE_ADMIN_URI, 1, Collections.singleton(4) }, });
-    }
-
-}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedPropertiesPolicyTemplateTest.java
deleted file mode 100644
index cf0a9ac20d..0000000000
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/MatchAllowedPropertiesPolicyTemplateTest.java
+++ /dev/null
@@ -1,118 +0,0 @@
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.DATA_PROPERTY;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_DATA_PROPERTY;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_OBJECT_PROPERTY;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.OBJECT_PROPERTY;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.DISPLAY_GROUP;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup.PUBLISH_GROUP;
-import static org.junit.Assert.assertFalse;
-
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Set;
-
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized;
-
-@RunWith(Parameterized.class)
-public class MatchAllowedPropertiesPolicyTemplateTest extends PolicyTest {
-    private static final String TEMPLATE_PROPERTY_PREFIX =
-            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-match-allowed-property/";
-
-    @org.junit.runners.Parameterized.Parameter(0)
-    public String dataSetUri;
-
-    @org.junit.runners.Parameterized.Parameter(1)
-    public OperationGroup group;
-
-    @org.junit.runners.Parameterized.Parameter(2)
-    public AccessObjectType type;
-
-    @org.junit.runners.Parameterized.Parameter(3)
-    public String roleUri;
-
-    @org.junit.runners.Parameterized.Parameter(4)
-    public int rulesCount;
-
-    @org.junit.runners.Parameterized.Parameter(5)
-    public Set<Integer> attrCount;
-
-    @Test
-    public void testPolicy() {
-        load(POLICY_TEMPLATE_MATCH_PROPERTY_PATH);
-        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
-        DynamicPolicy policy = null;
-        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_PROPERTY_PREFIX + dataSetUri);
-        countRulesAndAttributes(policy, rulesCount, attrCount);
-        Set<String> values = loader.getDataSetValues(group, type, roleUri);
-        assertFalse(values.isEmpty());
-    }
-
-    @Parameterized.Parameters
-    public static Collection<Object[]> requests() {
-        return Arrays.asList(new Object[][] {
-                { "EditorDisplayDataPropertyDataSet", DISPLAY_GROUP, DATA_PROPERTY, ROLE_EDITOR_URI, 2,
-                        Collections.singleton(4) },
-                { "EditorDisplayObjectPropertyDataSet", DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
-                        Collections.singleton(4) },
-                { "PublicDisplayDataPropertyDataSet", DISPLAY_GROUP, DATA_PROPERTY, ROLE_PUBLIC_URI, 2,
-                        Collections.singleton(4) },
-                { "PublicDisplayObjectPropertyDataSet", DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2,
-                        Collections.singleton(4) },
-                { "CuratorDisplayDataPropertyDataSet", DISPLAY_GROUP, DATA_PROPERTY, ROLE_CURATOR_URI, 2,
-                        Collections.singleton(4) },
-                { "CuratorDisplayObjectPropertyDataSet", DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
-                        Collections.singleton(4) },
-                { "AdminDisplayDataPropertyDataSet", DISPLAY_GROUP, DATA_PROPERTY, ROLE_ADMIN_URI, 2,
-                        Collections.singleton(4) },
-                { "AdminDisplayObjectPropertyDataSet", DISPLAY_GROUP, OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
-                        Collections.singleton(4) },
-                { "EditorPublishDataPropertyDataSet", PUBLISH_GROUP, DATA_PROPERTY, ROLE_EDITOR_URI, 2,
-                        Collections.singleton(4) },
-                { "EditorPublishObjectPropertyDataSet", PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
-                        Collections.singleton(4) },
-                { "CuratorPublishDataPropertyDataSet", PUBLISH_GROUP, DATA_PROPERTY, ROLE_CURATOR_URI, 2,
-                        Collections.singleton(4) },
-                { "CuratorPublishObjectPropertyDataSet", PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
-                        Collections.singleton(4) },
-                { "AdminPublishDataPropertyDataSet", PUBLISH_GROUP, DATA_PROPERTY, ROLE_ADMIN_URI, 2,
-                        Collections.singleton(4) },
-                { "AdminPublishObjectPropertyDataSet", PUBLISH_GROUP, OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
-                        Collections.singleton(4) },
-                { "AdminDisplayFauxObjectPropertyDataSet", DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
-                        Collections.singleton(4) },
-                { "CuratorDisplayFauxObjectPropertyDataSet", DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
-                        Collections.singleton(4) },
-                { "EditorDisplayFauxObjectPropertyDataSet", DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
-                        Collections.singleton(4) },
-                { "PublicDisplayFauxObjectPropertyDataSet", DISPLAY_GROUP, FAUX_OBJECT_PROPERTY, ROLE_PUBLIC_URI, 2,
-                        Collections.singleton(4) },
-                { "AdminPublishFauxObjectPropertyDataSet", PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_ADMIN_URI, 2,
-                        Collections.singleton(4) },
-                { "CuratorPublishFauxObjectPropertyDataSet", PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_CURATOR_URI, 2,
-                        Collections.singleton(4) },
-                { "EditorPublishFauxObjectPropertyDataSet", PUBLISH_GROUP, FAUX_OBJECT_PROPERTY, ROLE_EDITOR_URI, 2,
-                        Collections.singleton(4) },
-                { "AdminDisplayFauxDataPropertyDataSet", DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2,
-                        Collections.singleton(4) },
-                { "CuratorDisplayFauxDataPropertyDataSet", DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2,
-                        Collections.singleton(4) },
-                { "EditorDisplayFauxDataPropertyDataSet", DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2,
-                        Collections.singleton(4) },
-                { "PublicDisplayFauxDataPropertyDataSet", DISPLAY_GROUP, FAUX_DATA_PROPERTY, ROLE_PUBLIC_URI, 2,
-                        Collections.singleton(4) },
-                { "AdminPublishFauxDataPropertyDataSet", PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_ADMIN_URI, 2,
-                        Collections.singleton(4) },
-                { "CuratorPublishFauxDataPropertyDataSet", PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_CURATOR_URI, 2,
-                        Collections.singleton(4) },
-                { "EditorPublishFauxDataPropertyDataSet", PUBLISH_GROUP, FAUX_DATA_PROPERTY, ROLE_EDITOR_URI, 2,
-                        Collections.singleton(4) },
-        });
-    }
-
-}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 43218a7f18..3dde450584 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -25,11 +25,11 @@
 public class PolicyTest {
     public static final String USER_ACCOUNTS_HOME_FIRSTTIME = "../home/src/main/resources/rdf/accessControl/firsttime/";
 
-    protected static final String ROLE_ADMIN_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
-    protected static final String ROLE_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
-    protected static final String ROLE_SELF_EDITOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR";
-    protected static final String ROLE_CURATOR_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR";
-    protected static final String ROLE_PUBLIC_URI = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
+    protected static final String ADMIN = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
+    protected static final String EDITOR = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
+    protected static final String SELF_EDITOR = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR";
+    protected static final String CURATOR = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR";
+    protected static final String PUBLIC = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
 
     public static final String ONTOLOGY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "ontology.n3";
     public static final String ATTRIBUTES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "attributes.n3";
@@ -41,81 +41,7 @@ public class PolicyTest {
     public static final String OPERATORS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "operators.n3";
     public static final String TEST_VALUES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "test_values.n3";
     public static final String TEST_DECISIONS = USER_ACCOUNTS_HOME_FIRSTTIME + "decisions.n3";
-
-    public static final String POLICY_TEMPLATE_MATCH_PROPERTY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "template_match_allowed_property.n3";
-    
-    public static final String POLICY_TEMPLATE_MATCH_CLASS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "template_match_allowed_class.n3";
     
-    public static final String SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_display_object_property.n3";
-    public static final String SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_display_data_property.n3";
-
-    // Update
-    public static final String ADMIN_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_update_object_property.n3";
-    public static final String ADMIN_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_update_data_property.n3";
-
-    public static final String CURATOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_update_object_property.n3";
-    public static final String CURATOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_update_data_property.n3";
-
-    public static final String PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_public_update_object_property.n3";
-    public static final String PUBLIC_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_public_update_data_property.n3";
-
-    public static final String SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_update_object_property.n3";
-    public static final String SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_update_data_property.n3";
-
-    public static final String EDITOR_UPDATE_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_update_object_property.n3";
-    public static final String EDITOR_UPDATE_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_update_data_property.n3";
-
-    // Publish
-
-    public static final String SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_publish_object_property.n3";
-    public static final String SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_publish_data_property.n3";
-
-    public static final String SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_display_faux_object_property.n3";
-
-    public static final String SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_publish_faux_object_property.n3";
-
-    public static final String ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_update_faux_object_property.n3";
-    public static final String CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_update_faux_object_property.n3";
-    public static final String EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_update_faux_object_property.n3";
-    public static final String SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_update_faux_object_property.n3";
-
-    public static final String SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_display_faux_data_property.n3";
-
-    public static final String SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_publish_faux_data_property.n3";
-
-    public static final String ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_admin_update_faux_data_property.n3";
-    public static final String CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_curator_update_faux_data_property.n3";
-    public static final String EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_editor_update_faux_data_property.n3";
-    public static final String SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "policy_self_editor_update_faux_data_property.n3";
-
     protected static final String RESOURCES_RULES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
     protected static final String RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/";
 
@@ -124,42 +50,15 @@ public class PolicyTest {
     public static final String BROKEN_POLICY_TEMPLATE = RESOURCES_RULES_PREFIX + "test_policy_broken_set.n3";
     public static final String POLICY_KEY_TEST = RESOURCES_RULES_PREFIX + "test_policy_key.n3";
 
-    protected static final List<String> ROLE_LIST = Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI,
-            ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI);
+    protected static final List<String> ROLE_LIST = Arrays.asList(ADMIN, CURATOR, EDITOR,
+            SELF_EDITOR, PUBLIC);
     public static final String PREFIX = "https://vivoweb.org/ontology/vitro-application/auth/individual/";
     public static final String DATASET = "_dataset";
     public static final String EXT = ".n3";
 
     private static final Log log = LogFactory.getLog(PolicyTest.class);
 
-    protected static final List<String> entityPolicies = Arrays.asList(
-            SELF_EDITOR_DISPLAY_OBJ_PROP_POLICY_PATH,
-            SELF_EDITOR_DISPLAY_DATA_PROP_POLICY_PATH,
-
-            ADMIN_UPDATE_OBJ_PROP_POLICY_PATH,
-            ADMIN_UPDATE_DATA_PROP_POLICY_PATH,
-            CURATOR_UPDATE_OBJ_PROP_POLICY_PATH,
-            CURATOR_UPDATE_DATA_PROP_POLICY_PATH,
-            PUBLIC_UPDATE_OBJ_PROP_POLICY_PATH,
-            PUBLIC_UPDATE_DATA_PROP_POLICY_PATH,
-            SELF_EDITOR_UPDATE_OBJ_PROP_POLICY_PATH,
-            SELF_EDITOR_UPDATE_DATA_PROP_POLICY_PATH,
-            EDITOR_UPDATE_OBJ_PROP_POLICY_PATH,
-            EDITOR_UPDATE_DATA_PROP_POLICY_PATH,
-            SELF_EDITOR_PUBLISH_OBJ_PROP_POLICY_PATH,
-            SELF_EDITOR_PUBLISH_DATA_PROP_POLICY_PATH,
-            SELF_EDITOR_DISPLAY_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            SELF_EDITOR_PUBLISH_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            ADMIN_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            CURATOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            SELF_EDITOR_UPDATE_FAUX_OBJECT_PROPERTY_POLICY_PATH,
-            SELF_EDITOR_DISPLAY_FAUX_DATA_PROPERTY_POLICY_PATH,
-            SELF_EDITOR_PUBLISH_FAUX_DATA_PROPERTY_POLICY_PATH,
-            ADMIN_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
-            CURATOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
-            EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH,
-            SELF_EDITOR_UPDATE_FAUX_DATA_PROPERTY_POLICY_PATH);
+    protected static final List<String> entityPolicies = Arrays.asList();
 
     protected Model accessControlModel;
     protected PolicyLoader loader;
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
index 0fb7287587..6aca434e0b 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
@@ -34,9 +34,9 @@ public void testAdminSimplePermissionPolicy() {
         assertEquals(3, rule.getAttributesCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "SeeSiteAdminPage");
-        ar.setRoleUris(Arrays.asList(ROLE_CURATOR_URI));
+        ar.setRoleUris(Arrays.asList(CURATOR));
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
-        ar.setRoleUris(Arrays.asList(ROLE_ADMIN_URI));
+        ar.setRoleUris(Arrays.asList(ADMIN));
         assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
     }
 
@@ -54,9 +54,9 @@ public void testCuratorSimplePermissionPolicy() {
         assertEquals(3, rule.getAttributesCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "EditOntology");
-        ar.setRoleUris(Arrays.asList(ROLE_EDITOR_URI));
+        ar.setRoleUris(Arrays.asList(EDITOR));
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
-        ar.setRoleUris(Arrays.asList(ROLE_CURATOR_URI));
+        ar.setRoleUris(Arrays.asList(CURATOR));
         assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
     }
 
@@ -74,9 +74,9 @@ public void testEditorSimplePermissionPolicy() {
         assertEquals(3, rule.getAttributesCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "DoBackEndEditing");
-        ar.setRoleUris(Arrays.asList(ROLE_SELF_EDITOR_URI));
+        ar.setRoleUris(Arrays.asList(SELF_EDITOR));
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
-        ar.setRoleUris(Arrays.asList(ROLE_EDITOR_URI));
+        ar.setRoleUris(Arrays.asList(EDITOR));
         assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
     }
 
@@ -94,9 +94,9 @@ public void testSelfEditorSimplePermissionPolicy() {
         assertEquals(3, rule.getAttributesCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "DoFrontEndEditing");
-        ar.setRoleUris(Arrays.asList(ROLE_PUBLIC_URI));
+        ar.setRoleUris(Arrays.asList(PUBLIC));
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
-        ar.setRoleUris(Arrays.asList(ROLE_SELF_EDITOR_URI));
+        ar.setRoleUris(Arrays.asList(SELF_EDITOR));
         assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
     }
 
@@ -116,7 +116,7 @@ public void testPublicSimplePermissionPolicy() {
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "QueryFullModel");
         ar.setRoleUris(Arrays.asList(""));
         assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
-        ar.setRoleUris(Arrays.asList(ROLE_PUBLIC_URI));
+        ar.setRoleUris(Arrays.asList(PUBLIC));
         assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
     }
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
new file mode 100644
index 0000000000..91f91ffa45
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -0,0 +1,84 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.DATA_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_DATA_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_OBJECT_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.OBJECT_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.ADD;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DROP;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.EDIT;
+import static org.junit.Assert.assertFalse;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+@RunWith(Parameterized.class)
+public class UpdateRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest {
+    private static final String TEMPLATE_PROPERTY_PREFIX =
+            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/update-related-allowed-property/";
+
+    public static final String POLICY_TEMPLATE_PATH =
+            USER_ACCOUNTS_HOME_FIRSTTIME + "template_update_related_allowed_property.n3";
+    @org.junit.runners.Parameterized.Parameter(0)
+    public String dataSetUri;
+
+    @org.junit.runners.Parameterized.Parameter(1)
+    public AccessOperation group;
+
+    @org.junit.runners.Parameterized.Parameter(2)
+    public AccessObjectType type;
+
+    @org.junit.runners.Parameterized.Parameter(3)
+    public String roleUri;
+
+    @org.junit.runners.Parameterized.Parameter(4)
+    public int rulesCount;
+
+    @org.junit.runners.Parameterized.Parameter(5)
+    public Set<Integer> attrCount;
+
+    @Test
+    public void testPolicy() {
+        load(POLICY_TEMPLATE_PATH);
+        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        DynamicPolicy policy = null;
+        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_PROPERTY_PREFIX + "SelfEditor" + dataSetUri + "DataSet");
+        countRulesAndAttributes(policy, rulesCount, attrCount);
+        Set<String> values = loader.getDataSetValues(group, type, roleUri);
+        assertFalse(values.isEmpty());
+    }
+
+    @Parameterized.Parameters
+    public static Collection<Object[]> requests() {
+        return Arrays.asList(new Object[][] {
+
+                { "AddObjectProperty", ADD, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { "AddDataProperty", ADD, DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { "AddFauxObjectProperty", ADD, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { "AddFauxDataProperty", ADD, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+
+                { "DropObjectProperty", DROP, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { "DropDataProperty", DROP, DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { "DropFauxObjectProperty", DROP, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { "DropFauxDataProperty", DROP, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+
+                { "EditObjectProperty", EDIT, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { "EditDataProperty", EDIT, DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { "EditFauxObjectProperty", EDIT, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { "EditFauxDataProperty", EDIT, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) }, });
+
+    }
+
+    private static Set<Integer> num(Integer... i) {
+        return new HashSet<>(Arrays.asList(i));
+    }
+
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index 8c9702d405..efdf0525ca 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -74,8 +74,8 @@ public void getEntityMapTest() {
     public void getStatementsToRemoveTest() {
         StringBuilder removals = armMigrator.getStatementsToRemove();
         assertTrue(StringUtils.isBlank(removals.toString()));
-        EntityPolicyController.updateEntityPolicyDataSet("test:entity", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
-                ROLE_LIST, ROLE_LIST);
+       // EntityPolicyController.updateEntityPolicyDataSet("test:entity", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
+       //         ROLE_LIST, ROLE_LIST);
         removals = armMigrator.getStatementsToRemove();
         assertEquals(5, getCount("\n", removals.toString()));
     }
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3 b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
index d81f399547..a63f98bf6c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
@@ -142,8 +142,4 @@ ai:FauxDataPropertyTypeAttribute rdf:type ao:Attribute ;
          ao:type ai:AccessObjectType ;
          ao:value ai:FauxDataPropertyAccesObject .
 
-ai:SelfEditorRelatedResourcesAttribute rdf:type ao:Attribute ;
-         ao:operator ai:SparqlSelectQueryContains ;
-         ao:type ai:StatementSubjectUri ;
-         ao:value ai:PersonProfileProximityToResourceUri .
          
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
deleted file mode 100644
index 8c5331550f..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminUpdateDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminUpdateDataPropertyRuleSet ;
-          ao:testDatasets ai:AdminUpdateDataPropertyTestDatasets ;
-          ao:policyKey ai:AdminUpdateDataPropertyPolicyKey .
-
-ai:AdminUpdateDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminUpdateAddEditorDropDataPropertyStatementRule ;
-          ao:rule ai:AllowAdminUpdateDataPropertyRule .
-
-ai:AdminUpdateDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:AdminUpdateDataPropertyDataset .
-
-ai:AdminUpdateDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:AdminUpdateDataPropertyTestData .
-          
-ai:AdminUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowAdminUpdateDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:AdminUpdateDataPropertyAttribute .
-
-ai:AllowAdminUpdateAddEditorDropDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminUpdateDataPropertyStatementAttribute .
-         
-ai:AdminUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:AdminUpdateDataPropertyTestData .
-
-ai:AdminUpdateDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminUpdateDataPropertyTestData .
-         
-ai:AdminUpdateDataPropertyTestData rdf:type ao:ValueContainer ;
-        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
deleted file mode 100644
index 402c868a5f..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminUpdateFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminUpdateFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:AdminUpdateFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:AdminUpdateFauxDataPropertyPolicyKey .
-
-ai:AdminUpdateFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminUpdateFauxDataPropertyRule ;
-          ao:rule ai:AllowAdminUpdateEditAddDropFauxDataPropertyStatementRule .
-
-ai:AdminUpdateFauxDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:AdminUpdateFauxDataPropertyDataset .
-
-ai:AdminUpdateFauxDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:AdminUpdateFauxDataPropertyTestData .
-          
-ai:AdminUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowAdminUpdateFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:AdminUpdateFauxDataPropertyAttribute .
-
-ai:AllowAdminUpdateEditAddDropFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminUpdateFauxDataPropertyStatementAttribute .
-
-ai:AdminUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:AdminUpdateFauxDataPropertyTestData .
-
-ai:AdminUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminUpdateFauxDataPropertyTestData .
-         
-ai:AdminUpdateFauxDataPropertyTestData rdf:type ao:ValueContainer ;
-      .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
deleted file mode 100644
index 257c0efc62..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_faux_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminUpdateFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminUpdateFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:AdminUpdateFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:AdminUpdateFauxObjectPropertyPolicyKey .
-
-ai:AdminUpdateFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminUpdateFauxObjectPropertyRule ;
-          ao:rule ai:AllowAdminUpdateEditAddDropFauxObjectPropertyStatementRule .
-
-ai:AdminUpdateFauxObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:AdminUpdateFauxObjectPropertyDataset .
-
-ai:AdminUpdateFauxObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:AdminUpdateFauxObjectPropertyTestData .
-          
-ai:AdminUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowAdminUpdateFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:AdminUpdateFauxObjectPropertyAttribute .
-
-ai:AllowAdminUpdateEditAddDropFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminUpdateFauxObjectPropertyStatementAttribute .
-
-ai:AdminUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:AdminUpdateFauxObjectPropertyTestData .
-
-ai:AdminUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminUpdateFauxObjectPropertyTestData .
-         
-ai:AdminUpdateFauxObjectPropertyTestData rdf:type ao:ValueContainer ;
-      .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
deleted file mode 100644
index 367ec09e29..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_admin_update_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:AdminUpdateObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:AdminUpdateObjectPropertyRuleSet ;
-          ao:testDatasets ai:AdminUpdateObjectPropertyTestDatasets ;
-          ao:policyKey ai:AdminUpdateObjectPropertyPolicyKey .
-
-ai:AdminUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowAdminUpdateObjectPropertyRule ;
-          ao:rule ai:AllowAdminUpdateEditAddDropObjectPropertyStatementRule .
-
-ai:AdminUpdateObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:AdminUpdateObjectPropertyDataset .
-
-ai:AdminUpdateObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:AdminUpdateObjectPropertyTestData .
-          
-ai:AdminUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowAdminUpdateObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:AdminUpdateObjectPropertyAttribute .
-
-ai:AllowAdminUpdateEditAddDropObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:AdminUpdateObjectPropertyStatementAttribute .
-
-ai:AdminUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:AdminUpdateObjectPropertyTestData .
-
-ai:AdminUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:AdminUpdateObjectPropertyTestData .
-         
-ai:AdminUpdateObjectPropertyTestData rdf:type ao:ValueContainer ;
-      .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
deleted file mode 100644
index 42ad95634f..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorUpdateDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorUpdateDataPropertyRuleSet ;
-          ao:testDatasets ai:CuratorUpdateDataPropertyTestDatasets ;
-          ao:policyKey ai:CuratorUpdateDataPropertyPolicyKey .
-
-ai:CuratorUpdateDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorUpdateDataPropertyStatementRule ;
-          ao:rule ai:AllowCuratorUpdateDataPropertyRule .
-
-ai:CuratorUpdateDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:CuratorUpdateDataPropertyDataset .
-
-ai:CuratorUpdateDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:CuratorUpdateDataPropertyTestData .
-          
-ai:CuratorUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowCuratorUpdateDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:CuratorUpdateDataPropertyAttribute .
-          
-ai:AllowCuratorUpdateDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:CuratorUpdateDataPropertyStatementAttribute .
-         
-ai:CuratorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:CuratorUpdateDataPropertyTestData .
-         
-ai:CuratorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorUpdateDataPropertyTestData .
-         
-ai:CuratorUpdateDataPropertyTestData rdf:type ao:ValueContainer ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
deleted file mode 100644
index 59f5072f68..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorUpdateFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorUpdateFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:CuratorUpdateFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:CuratorUpdateFauxDataPropertyPolicyKey .
-
-ai:CuratorUpdateFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorUpdateFauxDataPropertyStatementRule ;
-          ao:rule ai:AllowCuratorUpdateFauxDataPropertyRule .
-
-ai:CuratorUpdateFauxDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:CuratorUpdateFauxDataPropertyDataset .
-
-ai:CuratorUpdateFauxDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:CuratorUpdateFauxDataPropertyTestData .
-          
-ai:CuratorUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowCuratorUpdateFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:CuratorUpdateFauxDataPropertyAttribute .
-
-ai:AllowCuratorUpdateFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:CuratorUpdateFauxDataPropertyStatementAttribute .
-         
-ai:CuratorUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:CuratorUpdateFauxDataPropertyTestData .
-
-ai:CuratorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorUpdateFauxDataPropertyTestData .
-         
-ai:CuratorUpdateFauxDataPropertyTestData rdf:type ao:ValueContainer ;
-      .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
deleted file mode 100644
index 10dac26ca5..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_faux_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorUpdateFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorUpdateFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:CuratorUpdateFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:CuratorUpdateFauxObjectPropertyPolicyKey .
-
-ai:CuratorUpdateFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorUpdateFauxObjectPropertyStatementRule ;
-          ao:rule ai:AllowCuratorUpdateFauxObjectPropertyRule .
-
-ai:CuratorUpdateFauxObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:CuratorUpdateFauxObjectPropertyDataset .
-
-ai:CuratorUpdateFauxObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:CuratorUpdateFauxObjectPropertyTestData .
-          
-ai:CuratorUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowCuratorUpdateFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:CuratorUpdateFauxObjectPropertyAttribute .
-
-ai:AllowCuratorUpdateFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:CuratorUpdateFauxObjectPropertyStatementAttribute .
-         
-ai:CuratorUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:CuratorUpdateFauxObjectPropertyTestData .
-
-ai:CuratorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorUpdateFauxObjectPropertyTestData .
-         
-ai:CuratorUpdateFauxObjectPropertyTestData rdf:type ao:ValueContainer ;
-      .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
deleted file mode 100644
index 7bb0581e58..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_curator_update_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:CuratorUpdateObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:CuratorUpdateObjectPropertyRuleSet ;
-          ao:testDatasets ai:CuratorUpdateObjectPropertyTestDatasets ;
-          ao:policyKey ai:CuratorUpdateObjectPropertyPolicyKey .
-
-ai:CuratorUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowCuratorUpdateObjectPropertyStatementRule ;
-          ao:rule ai:AllowCuratorUpdateObjectPropertyRule .
-
-ai:CuratorUpdateObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:CuratorUpdateObjectPropertyDataset .
-
-ai:CuratorUpdateObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:CuratorUpdateObjectPropertyTestData .
-          
-ai:CuratorUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:CURATOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowCuratorUpdateObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:CuratorUpdateObjectPropertyAttribute .
-
-ai:AllowCuratorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsAdminRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:CuratorUpdateObjectPropertyStatementAttribute .
-         
-ai:CuratorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:CuratorUpdateObjectPropertyTestData .
-
-ai:CuratorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:CuratorUpdateObjectPropertyTestData .
-         
-ai:CuratorUpdateObjectPropertyTestData rdf:type ao:ValueContainer ;
-      .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
deleted file mode 100644
index 147fedab67..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorUpdateDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorUpdateDataPropertyRuleSet ;
-          ao:testDatasets ai:EditorUpdateDataPropertyTestDatasets ;
-          ao:policyKey ai:EditorUpdateDataPropertyPolicyKey .
-
-ai:EditorUpdateDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorUpdateDataPropertyStatementRule ;
-          ao:rule ai:AllowEditorUpdateDataPropertyRule .
-
-ai:EditorUpdateDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:EditorUpdateDataPropertyDataset .
-
-ai:EditorUpdateDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:EditorUpdateDataPropertyTestData .
-          
-ai:EditorUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowEditorUpdateDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:EditorUpdateDataPropertyAttribute .
-
-ai:AllowEditorUpdateDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:EditorUpdateDataPropertyStatementAttribute .
-         
-ai:EditorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:EditorUpdateDataPropertyTestData .
-
-ai:EditorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorUpdateDataPropertyTestData .
-         
-ai:EditorUpdateDataPropertyTestData rdf:type ao:ValueContainer ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
deleted file mode 100644
index 9e598d0cf2..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorUpdateFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorUpdateFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:EditorUpdateFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:EditorUpdateFauxDataPropertyPolicyKey .
-
-ai:EditorUpdateFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorUpdateFauxDataPropertyStatementRule ;
-          ao:rule ai:AllowEditorUpdateFauxDataPropertyRule .
-
-ai:EditorUpdateFauxDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:EditorUpdateFauxDataPropertyDataset .
-
-ai:EditorUpdateFauxDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:EditorUpdateFauxDataPropertyTestData .
-          
-ai:EditorUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowEditorUpdateFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:EditorUpdateFauxDataPropertyAttribute .
-
-ai:AllowEditorUpdateFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:EditorUpdateFauxDataPropertyStatementAttribute .
-         
-ai:EditorUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:EditorUpdateFauxDataPropertyTestData .
-
-ai:EditorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorUpdateFauxDataPropertyTestData .
-         
-ai:EditorUpdateFauxDataPropertyTestData rdf:type ao:ValueContainer ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
deleted file mode 100644
index fa25571c66..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_faux_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorUpdateFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorUpdateFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:EditorUpdateFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:EditorUpdateFauxObjectPropertyPolicyKey .
-
-ai:EditorUpdateFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorUpdateFauxObjectPropertyStatementRule ;
-          ao:rule ai:AllowEditorUpdateFauxObjectPropertyRule .
-
-ai:EditorUpdateFauxObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:EditorUpdateFauxObjectPropertyDataset .
-
-ai:EditorUpdateFauxObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:EditorUpdateFauxObjectPropertyTestData .
-          
-ai:EditorUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowEditorUpdateFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:EditorUpdateFauxObjectPropertyAttribute .
-
-ai:AllowEditorUpdateFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:EditorUpdateFauxObjectPropertyStatementAttribute .
-         
-ai:EditorUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:EditorUpdateFauxObjectPropertyTestData .
-
-ai:EditorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorUpdateFauxObjectPropertyTestData .
-         
-ai:EditorUpdateFauxObjectPropertyTestData rdf:type ao:ValueContainer ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
deleted file mode 100644
index 9db85fe74a..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editor_update_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:EditorUpdateObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:EditorUpdateObjectPropertyRuleSet ;
-          ao:testDatasets ai:EditorUpdateObjectPropertyTestDatasets ;
-          ao:policyKey ai:EditorUpdateObjectPropertyPolicyKey .
-
-ai:EditorUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowEditorUpdateObjectPropertyStatementRule ;
-          ao:rule ai:AllowEditorUpdateObjectPropertyRule .
-
-ai:EditorUpdateObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:EditorUpdateObjectPropertyDataset .
-
-ai:EditorUpdateObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:EditorUpdateObjectPropertyTestData .
-          
-ai:EditorUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:EDITOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowEditorUpdateObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:EditorUpdateObjectPropertyAttribute .
-
-ai:AllowEditorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:EditorUpdateObjectPropertyStatementAttribute .
-         
-ai:EditorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:EditorUpdateObjectPropertyTestData .
-
-ai:EditorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:EditorUpdateObjectPropertyTestData .
-         
-ai:EditorUpdateObjectPropertyTestData rdf:type ao:ValueContainer ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
deleted file mode 100644
index 92e83b0984..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:PublicUpdateDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:PublicUpdateDataPropertyRuleSet ;
-          ao:testDatasets ai:PublicUpdateDataPropertyTestDatasets ;
-          ao:policyKey ai:PublicUpdateDataPropertyPolicyKey .
-
-ai:PublicUpdateDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowPublicUpdateDataPropertyStatementRule ;
-          ao:rule ai:AllowPublicUpdateDataPropertyRule .
-
-ai:PublicUpdateDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:PublicUpdateDataPropertyDataset .
-
-ai:PublicUpdateDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:PublicUpdateDataPropertyTestData .
-          
-ai:PublicUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:PUBLIC ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowPublicUpdateDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:PublicUpdateDataPropertyAttribute .
-
-ai:AllowPublicUpdateDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:PublicUpdateDataPropertyStatementAttribute .
-         
-ai:PublicUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:PublicUpdateDataPropertyTestData .
-
-ai:PublicUpdateDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:PublicUpdateDataPropertyTestData .
-         
-ai:PublicUpdateDataPropertyTestData rdf:type ao:ValueContainer ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
deleted file mode 100644
index 796e86cce9..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_public_update_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:PublicUpdateObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:PublicUpdateObjectPropertyRuleSet ;
-          ao:testDatasets ai:PublicUpdateObjectPropertyTestDatasets ;
-          ao:policyKey ai:PublicUpdateObjectPropertyPolicyKey .
-
-ai:PublicUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowPublicUpdateObjectPropertyStatementRule ;
-          ao:rule ai:AllowPublicUpdateObjectPropertyRule .
-
-ai:PublicUpdateObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:PublicUpdateObjectPropertyDataset .
-
-ai:PublicUpdateObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:PublicUpdateObjectPropertyTestData .
-          
-ai:PublicUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:PUBLIC ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowPublicUpdateObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:PublicUpdateObjectPropertyAttribute .
-
-ai:AllowPublicUpdateObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsPublicRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:PublicUpdateObjectPropertyStatementAttribute .
-         
-ai:PublicUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:PublicUpdateObjectPropertyTestData .
-
-ai:PublicUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:PublicUpdateObjectPropertyTestData .
-         
-ai:PublicUpdateObjectPropertyTestData rdf:type ao:ValueContainer ;
-        .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
deleted file mode 100644
index 6219f39073..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorDisplayDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorDisplayDataPropertyRuleSet ;
-          ao:testDatasets ai:SelfEditorDisplayDataPropertyTestDatasets ;
-          ao:policyKey ai:SelfEditorDisplayDataPropertyPolicyKey .
-
-ai:SelfEditorDisplayDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorDisplayDataPropertyStatementRule ;
-          ao:rule ai:AllowSelfEditorDisplayDataPropertyRule .
-
-ai:SelfEditorDisplayDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:SelfEditorDisplayDataPropertyDataset .
-
-ai:SelfEditorDisplayDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:SelfEditorDisplayDataPropertyTestData .
-          
-ai:SelfEditorDisplayDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowSelfEditorDisplayDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:SelfEditorDisplayDataPropertyAttribute .
-          
-ai:AllowSelfEditorDisplayDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:SelfEditorDisplayDataPropertyStatementAttribute .
-         
-ai:SelfEditorDisplayDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:SelfEditorDisplayDataPropertyTestData .
-         
-ai:SelfEditorDisplayDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorDisplayDataPropertyTestData .
-         
-ai:SelfEditorDisplayDataPropertyTestData rdf:type ao:ValueContainer ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
deleted file mode 100644
index 9324253f56..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorDisplayFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorDisplayFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:SelfEditorDisplayFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:SelfEditorDisplayFauxDataPropertyPolicyKey .
-
-ai:SelfEditorDisplayFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorDisplayFauxDataPropertyStatementRule ;
-          ao:rule ai:AllowSelfEditorDisplayFauxDataPropertyRule .
-
-ai:SelfEditorDisplayFauxDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:SelfEditorDisplayFauxDataPropertyDataset .
-
-ai:SelfEditorDisplayFauxDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:SelfEditorDisplayFauxDataPropertyTestData .
-          
-ai:SelfEditorDisplayFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowSelfEditorDisplayFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:SelfEditorDisplayFauxDataPropertyAttribute .
-
-ai:AllowSelfEditorDisplayFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:SelfEditorDisplayFauxDataPropertyStatementAttribute .
-         
-ai:SelfEditorDisplayFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:SelfEditorDisplayFauxDataPropertyTestData .
-         
-ai:SelfEditorDisplayFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorDisplayFauxDataPropertyTestData .
-         
-ai:SelfEditorDisplayFauxDataPropertyTestData rdf:type ao:ValueContainer ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
deleted file mode 100644
index 477f7d127d..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_faux_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorDisplayFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorDisplayFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:SelfEditorDisplayFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:SelfEditorDisplayFauxObjectPropertyPolicyKey .
-
-ai:SelfEditorDisplayFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorDisplayFauxObjectPropertyStatementRule ;
-          ao:rule ai:AllowSelfEditorDisplayFauxObjectPropertyRule .
-
-ai:SelfEditorDisplayFauxObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:SelfEditorDisplayFauxObjectPropertyDataset .
-
-ai:SelfEditorDisplayFauxObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:SelfEditorDisplayFauxObjectPropertyTestData .
-          
-ai:SelfEditorDisplayFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowSelfEditorDisplayFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:SelfEditorDisplayFauxObjectPropertyAttribute .
-
-ai:AllowSelfEditorDisplayFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:SelfEditorDisplayFauxObjectPropertyStatementAttribute .
-         
-ai:SelfEditorDisplayFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:SelfEditorDisplayFauxObjectPropertyTestData .
-         
-ai:SelfEditorDisplayFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorDisplayFauxObjectPropertyTestData .
-         
-ai:SelfEditorDisplayFauxObjectPropertyTestData rdf:type ao:ValueContainer ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
deleted file mode 100644
index 2d522432e0..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_display_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorDisplayObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorDisplayObjectPropertyRuleSet ;
-          ao:testDatasets ai:SelfEditorDisplayObjectPropertyTestDatasets ;
-          ao:policyKey ai:SelfEditorDisplayObjectPropertyPolicyKey .
-
-ai:SelfEditorDisplayObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorDisplayObjectPropertyStatementRule ;
-          ao:rule ai:AllowSelfEditorDisplayObjectPropertyRule .
-
-ai:SelfEditorDisplayObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:SelfEditorDisplayObjectPropertyDataset .
-
-ai:SelfEditorDisplayObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:SelfEditorDisplayObjectPropertyTestData .
-          
-ai:SelfEditorDisplayObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:DisplayOperationGroup .
-
-ai:AllowSelfEditorDisplayObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:SelfEditorDisplayObjectPropertyAttribute .
-
-ai:AllowSelfEditorDisplayObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:DisplayOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:SelfEditorDisplayObjectPropertyStatementAttribute .
-         
-ai:SelfEditorDisplayObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:SelfEditorDisplayObjectPropertyTestData .
-
-ai:SelfEditorDisplayObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorDisplayObjectPropertyTestData .
-         
-ai:SelfEditorDisplayObjectPropertyTestData rdf:type ao:ValueContainer ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
deleted file mode 100644
index d37d735830..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorPublishDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorPublishDataPropertyRuleSet ;
-          ao:testDatasets ai:SelfEditorPublishDataPropertyTestDatasets ;
-          ao:policyKey ai:SelfEditorPublishDataPropertyPolicyKey .
-
-ai:SelfEditorPublishDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorPublishDataPropertyStatementRule ;
-          ao:rule ai:AllowSelfEditorPublishDataPropertyRule .
-
-ai:SelfEditorPublishDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:SelfEditorPublishDataPropertyDataset .
-
-ai:SelfEditorPublishDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:SelfEditorPublishDataPropertyTestData .
-          
-ai:SelfEditorPublishDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowSelfEditorPublishDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:SelfEditorPublishDataPropertyAttribute .
-
-ai:AllowSelfEditorPublishDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:SelfEditorPublishDataPropertyStatementAttribute .
-
-ai:SelfEditorPublishDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:SelfEditorPublishDataPropertyTestData .
-
-ai:SelfEditorPublishDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorPublishDataPropertyTestData .
-         
-ai:SelfEditorPublishDataPropertyTestData rdf:type ao:ValueContainer ;
-    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
deleted file mode 100644
index 8ff4ebd7c4..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_data_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorPublishFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorPublishFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:SelfEditorPublishFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:SelfEditorPublishFauxDataPropertyPolicyKey .
-
-ai:SelfEditorPublishFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorPublishFauxDataPropertyStatementRule ;
-          ao:rule ai:AllowSelfEditorPublishFauxDataPropertyRule .
-
-ai:SelfEditorPublishFauxDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:SelfEditorPublishFauxDataPropertyDataset .
-
-ai:SelfEditorPublishFauxDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:SelfEditorPublishFauxDataPropertyTestData .
-          
-ai:SelfEditorPublishFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowSelfEditorPublishFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:SelfEditorPublishFauxDataPropertyAttribute .
-
-ai:AllowSelfEditorPublishFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:SelfEditorPublishFauxDataPropertyStatementAttribute .
-         
-ai:SelfEditorPublishFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:SelfEditorPublishFauxDataPropertyTestData .
-
-ai:SelfEditorPublishFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorPublishFauxDataPropertyTestData .
-         
-ai:SelfEditorPublishFauxDataPropertyTestData rdf:type ao:ValueContainer ;
-   .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
deleted file mode 100644
index af5a4ee45d..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_faux_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorPublishFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorPublishFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:SelfEditorPublishFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:SelfEditorPublishFauxObjectPropertyPolicyKey .
-
-ai:SelfEditorPublishFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorPublishFauxObjectPropertyStatementRule ;
-          ao:rule ai:AllowSelfEditorPublishFauxObjectPropertyRule .
-
-ai:SelfEditorPublishFauxObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:SelfEditorPublishFauxObjectPropertyDataset .
-
-ai:SelfEditorPublishFauxObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:SelfEditorPublishFauxObjectPropertyTestData .
-          
-ai:SelfEditorPublishFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowSelfEditorPublishFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:SelfEditorPublishFauxObjectPropertyAttribute .
-
-ai:AllowSelfEditorPublishFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:SelfEditorPublishFauxObjectPropertyStatementAttribute .
-         
-ai:SelfEditorPublishFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:SelfEditorPublishFauxObjectPropertyTestData .
-
-ai:SelfEditorPublishFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorPublishFauxObjectPropertyTestData .
-         
-ai:SelfEditorPublishFauxObjectPropertyTestData rdf:type ao:ValueContainer ;
-   .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
deleted file mode 100644
index 8ab77f6c44..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_publish_object_property.n3
+++ /dev/null
@@ -1,53 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorPublishObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorPublishObjectPropertyRuleSet ;
-          ao:testDatasets ai:SelfEditorPublishObjectPropertyTestDatasets ;
-          ao:policyKey ai:SelfEditorPublishObjectPropertyPolicyKey .
-
-ai:SelfEditorPublishObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorPublishObjectPropertyStatementRule ;
-          ao:rule ai:AllowSelfEditorPublishObjectPropertyRule .
-
-ai:SelfEditorPublishObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:SelfEditorPublishObjectPropertyDataset .
-
-ai:SelfEditorPublishObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:SelfEditorPublishObjectPropertyTestData .
-          
-ai:SelfEditorPublishObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:PublishOperationGroup .
-
-ai:AllowSelfEditorPublishObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:SelfEditorPublishObjectPropertyAttribute .
-
-ai:AllowSelfEditorPublishObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:PublishOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:SelfEditorPublishObjectPropertyStatementAttribute .
-         
-ai:SelfEditorPublishObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:SelfEditorPublishObjectPropertyTestData .
-
-ai:SelfEditorPublishObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorPublishObjectPropertyTestData .
-         
-ai:SelfEditorPublishObjectPropertyTestData rdf:type ao:ValueContainer ;
-   .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
deleted file mode 100644
index 16f9c2427b..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_data_property.n3
+++ /dev/null
@@ -1,54 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorUpdateDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorUpdateDataPropertyRuleSet ;
-          ao:testDatasets ai:SelfEditorUpdateDataPropertyTestDatasets ;
-          ao:policyKey ai:SelfEditorUpdateDataPropertyPolicyKey .
-
-ai:SelfEditorUpdateDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorUpdateDataPropertyStatementRule ;
-          ao:rule ai:AllowSelfEditorUpdateDataPropertyRule .
-
-ai:SelfEditorUpdateDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:SelfEditorUpdateDataPropertyDataset .
-
-ai:SelfEditorUpdateDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:SelfEditorUpdateDataPropertyTestData .
-          
-ai:SelfEditorUpdateDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:DataPropertyAccesObject ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowSelfEditorUpdateDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:DataPropertyTypeAttribute ;
-          ao:attribute ai:SelfEditorUpdateDataPropertyAttribute .
-
-ai:AllowSelfEditorUpdateDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:DataPropertyStatementTypeAttribute ;
-          ao:attribute ai:SelfEditorRelatedResourcesAttribute ;
-          ao:attribute ai:SelfEditorUpdateDataPropertyStatementAttribute .
-         
-ai:SelfEditorUpdateDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:SelfEditorUpdateDataPropertyTestData .
-
-ai:SelfEditorUpdateDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorUpdateDataPropertyTestData .
-         
-ai:SelfEditorUpdateDataPropertyTestData rdf:type ao:ValueContainer ;
-       .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
deleted file mode 100644
index 0db3176116..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_data_property.n3
+++ /dev/null
@@ -1,55 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorUpdateFauxDataPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorUpdateFauxDataPropertyRuleSet ;
-          ao:testDatasets ai:SelfEditorUpdateFauxDataPropertyTestDatasets ;
-          ao:policyKey ai:SelfEditorUpdateFauxDataPropertyPolicyKey .
-
-ai:SelfEditorUpdateFauxDataPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorUpdateFauxDataPropertyStatementRule ;
-          ao:rule ai:AllowSelfEditorUpdateFauxDataPropertyRule .
-
-ai:SelfEditorUpdateFauxDataPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:SelfEditorUpdateFauxDataPropertyDataset .
-
-ai:SelfEditorUpdateFauxDataPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:SelfEditorUpdateFauxDataPropertyTestData .
-          
-ai:SelfEditorUpdateFauxDataPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxDataPropertyAccesObject ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowSelfEditorUpdateFauxDataPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxDataPropertyTypeAttribute ;
-          ao:attribute ai:SelfEditorUpdateFauxDataPropertyAttribute .
-
-ai:AllowSelfEditorUpdateFauxDataPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxDataPropertyStatementTypeAttribute ;
-          ao:attribute ai:SelfEditorRelatedResourcesAttribute ;
-          ao:attribute ai:SelfEditorUpdateFauxDataPropertyStatementAttribute .
-         
-ai:SelfEditorUpdateFauxDataPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:SelfEditorUpdateFauxDataPropertyTestData .
-
-ai:SelfEditorUpdateFauxDataPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorUpdateFauxDataPropertyTestData .
-         
-ai:SelfEditorUpdateFauxDataPropertyTestData rdf:type ao:ValueContainer ;
-       .
-       
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
deleted file mode 100644
index 6a47deb871..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_faux_object_property.n3
+++ /dev/null
@@ -1,55 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorUpdateFauxObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorUpdateFauxObjectPropertyRuleSet ;
-          ao:testDatasets ai:SelfEditorUpdateFauxObjectPropertyTestDatasets ;
-          ao:policyKey ai:SelfEditorUpdateFauxObjectPropertyPolicyKey .
-
-ai:SelfEditorUpdateFauxObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorUpdateFauxObjectPropertyStatementRule ;
-          ao:rule ai:AllowSelfEditorUpdateFauxObjectPropertyRule .
-
-ai:SelfEditorUpdateFauxObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:SelfEditorUpdateFauxObjectPropertyDataset .
-
-ai:SelfEditorUpdateFauxObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:SelfEditorUpdateFauxObjectPropertyTestData .
-          
-ai:SelfEditorUpdateFauxObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowSelfEditorUpdateFauxObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxObjectPropertyTypeAttribute ;
-          ao:attribute ai:SelfEditorUpdateFauxObjectPropertyAttribute .
-
-ai:AllowSelfEditorUpdateFauxObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:FauxObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:SelfEditorRelatedResourcesAttribute ;
-          ao:attribute ai:SelfEditorUpdateFauxObjectPropertyStatementAttribute .
-         
-ai:SelfEditorUpdateFauxObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:SelfEditorUpdateFauxObjectPropertyTestData .
-
-ai:SelfEditorUpdateFauxObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorUpdateFauxObjectPropertyTestData .
-         
-ai:SelfEditorUpdateFauxObjectPropertyTestData rdf:type ao:ValueContainer ;
-       .
-       
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
deleted file mode 100644
index e7b1617bf3..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_self_editor_update_object_property.n3
+++ /dev/null
@@ -1,55 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:SelfEditorUpdateObjectPropertyPolicy rdf:type ao:Policy ;
-          ao:rules ai:SelfEditorUpdateObjectPropertyRuleSet ;
-          ao:testDatasets ai:SelfEditorUpdateObjectPropertyTestDatasets ;
-          ao:policyKey ai:SelfEditorUpdateObjectPropertyPolicyKey .
-
-ai:SelfEditorUpdateObjectPropertyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowSelfEditorUpdateObjectPropertyStatementRule ;
-          ao:rule ai:AllowSelfEditorUpdateObjectPropertyRule .
-
-ai:SelfEditorUpdateObjectPropertyTestDatasets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:SelfEditorUpdateObjectPropertyDataset .
-
-ai:SelfEditorUpdateObjectPropertyDataset rdf:type ao:PolicyDataSet ;
-          ao:testData ai:SelfEditorUpdateObjectPropertyTestData .
-          
-ai:SelfEditorUpdateObjectPropertyPolicyKey rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:SELF_EDITOR ;
-          ao:keyComponent ai:UpdateOperationGroup .
-
-ai:AllowSelfEditorUpdateObjectPropertyRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ObjectPropertyTypeAttribute ;
-          ao:attribute ai:SelfEditorUpdateObjectPropertyAttribute .
-
-ai:AllowSelfEditorUpdateObjectPropertyStatementRule rdf:type ao:Rule;
-          ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-          ao:attribute ai:UpdateAddEditOrDropOperationsAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:SelfEditorRelatedResourcesAttribute ;
-          ao:attribute ai:SelfEditorUpdateObjectPropertyStatementAttribute .
-         
-ai:SelfEditorUpdateObjectPropertyStatementAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:StatementPredicateUri ;
-         ao:setValue ai:SelfEditorUpdateObjectPropertyTestData .
-
-ai:SelfEditorUpdateObjectPropertyAttribute rdf:type ao:Attribute ;
-         ao:operator ai:OneOf ;
-         ao:type ai:AccessObjectUri ;
-         ao:setValue ai:SelfEditorUpdateObjectPropertyTestData .
-         
-ai:SelfEditorUpdateObjectPropertyTestData rdf:type ao:ValueContainer ;
-       .
-       
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
similarity index 94%
rename from home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_class.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 49623095c3..e342c8eace 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -7,7 +7,7 @@
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-match-allowed-class/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-class/> .
 
 :PolicyTemplate a ao:PolicyTemplate ;
     ao:rules :RuleSet ;
@@ -44,7 +44,7 @@
 :PublicDisplayClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DisplayOperationGroup .
+    ao:keyComponent ai:DisplayOperation .
 
 ### Self editor display class uri data sets
 
@@ -58,7 +58,7 @@
 :SelfEditorDisplayClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:DisplayOperationGroup .
+    ao:keyComponent ai:DisplayOperation .
 
 ### Editor display class uri data sets
 
@@ -72,7 +72,7 @@
 :EditorDisplayClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DisplayOperationGroup .
+    ao:keyComponent ai:DisplayOperation .
 
 ### Curator display class uri data sets
 
@@ -86,7 +86,7 @@
 :CuratorDisplayClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DisplayOperationGroup .
+    ao:keyComponent ai:DisplayOperation .
 
 ### Admin display class uri data sets
 
@@ -100,7 +100,7 @@
 :AdminDisplayClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DisplayOperationGroup .
+    ao:keyComponent ai:DisplayOperation .
 
 ### Public update class uri data sets
 
@@ -114,7 +114,7 @@
 :PublicUpdateClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:UpdateOperationGroup .
+    ao:keyComponent ai:UpdateOperation .
 
 ### Self editor update class uri data sets
 
@@ -128,7 +128,7 @@
 :SelfEditorUpdateClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:UpdateOperationGroup .
+    ao:keyComponent ai:UpdateOperation .
 
 ### Editor update class uri data sets
 
@@ -142,7 +142,7 @@
 :EditorUpdateClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:UpdateOperationGroup .
+    ao:keyComponent ai:UpdateOperation .
 
 ### Curator update class uri data sets
 
@@ -156,7 +156,7 @@
 :CuratorUpdateClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:UpdateOperationGroup .
+    ao:keyComponent ai:UpdateOperation .
 
 ### Admin update class uri data sets
 
@@ -170,7 +170,7 @@
 :AdminUpdateClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:UpdateOperationGroup .
+    ao:keyComponent ai:UpdateOperation .
 
 ### Self editor publish class uri data sets
 
@@ -184,7 +184,7 @@
 :SelfEditorPublishClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:PublishOperationGroup .
+    ao:keyComponent ai:PublishOperation .
 
 ### Editor publish class uri data sets
 
@@ -198,7 +198,7 @@
 :EditorPublishClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:PublishOperationGroup .
+    ao:keyComponent ai:PublishOperation .
 
 ### Curator publish class uri data sets
 
@@ -212,7 +212,7 @@
 :CuratorPublishClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:PublishOperationGroup .
+    ao:keyComponent ai:PublishOperation .
 
 ### Admin publish class uri data sets
 
@@ -226,7 +226,7 @@
 :AdminPublishClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:PublishOperationGroup .
+    ao:keyComponent ai:PublishOperation .
 
 ### Rules
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
new file mode 100644
index 0000000000..9c57ac7e00
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -0,0 +1,1477 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-property/> .
+
+:PolicyTemplate a ao:PolicyTemplate ;
+    ao:rules :RuleSet ;
+    ao:policyDataSets :DataSets .
+
+:DataSets a ao:PolicyDataSets ;
+    ao:policyDataSet :PublicDisplayObjectPropertyDataSet ;
+    ao:policyDataSet :EditorDisplayObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorDisplayObjectPropertyDataSet ;
+    ao:policyDataSet :AdminDisplayObjectPropertyDataSet ;
+
+    ao:policyDataSet :PublicDisplayDataPropertyDataSet ;
+    ao:policyDataSet :EditorDisplayDataPropertyDataSet ;
+    ao:policyDataSet :CuratorDisplayDataPropertyDataSet ;
+    ao:policyDataSet :AdminDisplayDataPropertyDataSet ;
+    ao:policyDataSet :PublicDisplayFauxObjectPropertyDataSet ;
+    ao:policyDataSet :EditorDisplayFauxObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorDisplayFauxObjectPropertyDataSet ;
+    ao:policyDataSet :AdminDisplayFauxObjectPropertyDataSet ;
+    ao:policyDataSet :PublicDisplayFauxDataPropertyDataSet ;
+    ao:policyDataSet :EditorDisplayFauxDataPropertyDataSet ;
+    ao:policyDataSet :CuratorDisplayFauxDataPropertyDataSet ;
+    ao:policyDataSet :AdminDisplayFauxDataPropertyDataSet ;
+
+    ao:policyDataSet :EditorPublishObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorPublishObjectPropertyDataSet ;
+    ao:policyDataSet :AdminPublishObjectPropertyDataSet ;
+    ao:policyDataSet :EditorPublishDataPropertyDataSet ;
+    ao:policyDataSet :CuratorPublishDataPropertyDataSet ;
+    ao:policyDataSet :AdminPublishDataPropertyDataSet ;
+    ao:policyDataSet :EditorPublishFauxObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorPublishFauxObjectPropertyDataSet ;
+    ao:policyDataSet :AdminPublishFauxObjectPropertyDataSet ;
+    ao:policyDataSet :EditorPublishFauxDataPropertyDataSet ;
+    ao:policyDataSet :CuratorPublishFauxDataPropertyDataSet ;
+    ao:policyDataSet :AdminPublishFauxDataPropertyDataSet ;
+
+    ao:policyDataSet :PublicEditObjectPropertyDataSet ;
+    ao:policyDataSet :EditorEditObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorEditObjectPropertyDataSet ;
+    ao:policyDataSet :AdminEditObjectPropertyDataSet ;
+
+    ao:policyDataSet :PublicAddObjectPropertyDataSet ;
+    ao:policyDataSet :EditorAddObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorAddObjectPropertyDataSet ;
+    ao:policyDataSet :AdminAddObjectPropertyDataSet ;
+
+    ao:policyDataSet :PublicDropObjectPropertyDataSet ;
+    ao:policyDataSet :EditorDropObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorDropObjectPropertyDataSet ;
+    ao:policyDataSet :AdminDropObjectPropertyDataSet ;
+
+    ao:policyDataSet :PublicEditDataPropertyDataSet ;
+    ao:policyDataSet :EditorEditDataPropertyDataSet ;
+    ao:policyDataSet :CuratorEditDataPropertyDataSet ;
+    ao:policyDataSet :AdminEditDataPropertyDataSet ;
+
+    ao:policyDataSet :PublicAddDataPropertyDataSet ;
+    ao:policyDataSet :EditorAddDataPropertyDataSet ;
+    ao:policyDataSet :CuratorAddDataPropertyDataSet ;
+    ao:policyDataSet :AdminAddDataPropertyDataSet ;
+
+    ao:policyDataSet :PublicDropDataPropertyDataSet ;
+    ao:policyDataSet :EditorDropDataPropertyDataSet ;
+    ao:policyDataSet :CuratorDropDataPropertyDataSet ;
+    ao:policyDataSet :AdminDropDataPropertyDataSet ;
+
+    ao:policyDataSet :PublicEditFauxObjectPropertyDataSet ;
+    ao:policyDataSet :EditorEditFauxObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorEditFauxObjectPropertyDataSet ;
+    ao:policyDataSet :AdminEditFauxObjectPropertyDataSet ;
+
+    ao:policyDataSet :PublicAddFauxObjectPropertyDataSet ;
+    ao:policyDataSet :EditorAddFauxObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorAddFauxObjectPropertyDataSet ;
+    ao:policyDataSet :AdminAddFauxObjectPropertyDataSet ;
+
+    ao:policyDataSet :PublicDropFauxObjectPropertyDataSet ;
+    ao:policyDataSet :EditorDropFauxObjectPropertyDataSet ;
+    ao:policyDataSet :CuratorDropFauxObjectPropertyDataSet ;
+    ao:policyDataSet :AdminDropFauxObjectPropertyDataSet ;
+
+    ao:policyDataSet :PublicEditFauxDataPropertyDataSet ;
+    ao:policyDataSet :EditorEditFauxDataPropertyDataSet ;
+    ao:policyDataSet :CuratorEditFauxDataPropertyDataSet ;
+    ao:policyDataSet :AdminEditFauxDataPropertyDataSet ;
+
+    ao:policyDataSet :PublicAddFauxDataPropertyDataSet ;
+    ao:policyDataSet :EditorAddFauxDataPropertyDataSet ;
+    ao:policyDataSet :CuratorAddFauxDataPropertyDataSet ;
+    ao:policyDataSet :AdminAddFauxDataPropertyDataSet ;
+
+    ao:policyDataSet :PublicDropFauxDataPropertyDataSet ;
+    ao:policyDataSet :EditorDropFauxDataPropertyDataSet ;
+    ao:policyDataSet :CuratorDropFauxDataPropertyDataSet ;
+    ao:policyDataSet :AdminDropFauxDataPropertyDataSet ;
+    .
+
+
+### Drop faux data property data sets
+
+:PublicDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDropFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:PublicDropFauxDataPropertyValueContainer .
+    
+:PublicDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DropOperation .
+
+:EditorDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDropFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:EditorDropFauxDataPropertyValueContainer .
+    
+:EditorDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DropOperation .
+
+:CuratorDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDropFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDropFauxDataPropertyValueContainer .
+    
+:CuratorDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DropOperation .
+
+:AdminDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDropFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:AdminDropFauxDataPropertyValueContainer .
+    
+:AdminDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DropOperation .
+
+### Add faux data property data sets
+
+:PublicAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicAddFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:PublicAddFauxDataPropertyValueContainer .
+    
+:PublicAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:AddOperation .
+
+:EditorAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorAddFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:EditorAddFauxDataPropertyValueContainer .
+    
+:EditorAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:AddOperation .
+
+:CuratorAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorAddFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:CuratorAddFauxDataPropertyValueContainer .
+    
+:CuratorAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:AddOperation .
+
+:AdminAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminAddFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:AdminAddFauxDataPropertyValueContainer .
+    
+:AdminAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:AddOperation .
+
+### Edit faux data property data sets
+
+:PublicEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicEditFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:PublicEditFauxDataPropertyValueContainer .
+    
+:PublicEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:EditOperation .
+
+:EditorEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorEditFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:EditorEditFauxDataPropertyValueContainer .
+    
+:EditorEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:EditOperation .
+
+:CuratorEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorEditFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:CuratorEditFauxDataPropertyValueContainer .
+    
+:CuratorEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:EditOperation .
+
+:AdminEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminEditFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:AdminEditFauxDataPropertyValueContainer .
+    
+:AdminEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:EditOperation .
+
+### Drop faux object property data sets
+
+:PublicDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDropFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:PublicDropFauxObjectPropertyValueContainer .
+    
+:PublicDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DropOperation .
+
+:EditorDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDropFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:EditorDropFauxObjectPropertyValueContainer .
+    
+:EditorDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DropOperation .
+
+:CuratorDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDropFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDropFauxObjectPropertyValueContainer .
+    
+:CuratorDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DropOperation .
+
+:AdminDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDropFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:AdminDropFauxObjectPropertyValueContainer .
+    
+:AdminDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DropOperation .
+
+### Add faux object property data sets
+
+:PublicAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicAddFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:PublicAddFauxObjectPropertyValueContainer .
+    
+:PublicAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:AddOperation .
+
+:EditorAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorAddFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:EditorAddFauxObjectPropertyValueContainer .
+    
+:EditorAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:AddOperation .
+
+:CuratorAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorAddFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:CuratorAddFauxObjectPropertyValueContainer .
+    
+:CuratorAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:AddOperation .
+
+:AdminAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminAddFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:AdminAddFauxObjectPropertyValueContainer .
+    
+:AdminAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:AddOperation .
+
+### Edit faux object property data sets
+
+:PublicEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicEditFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:PublicEditFauxObjectPropertyValueContainer .
+    
+:PublicEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:EditOperation .
+
+:EditorEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorEditFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:EditorEditFauxObjectPropertyValueContainer .
+    
+:EditorEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:EditOperation .
+
+:CuratorEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorEditFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:CuratorEditFauxObjectPropertyValueContainer .
+    
+:CuratorEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:EditOperation .
+
+:AdminEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminEditFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:AdminEditFauxObjectPropertyValueContainer .
+    
+:AdminEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:EditOperation .
+
+### Drop data property data sets
+
+:PublicDropDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDropDataPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:PublicDropDataPropertyValueContainer .
+    
+:PublicDropDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DropOperation .
+
+:EditorDropDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDropDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:EditorDropDataPropertyValueContainer .
+    
+:EditorDropDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DropOperation .
+
+:CuratorDropDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDropDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDropDataPropertyValueContainer .
+    
+:CuratorDropDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DropOperation .
+
+:AdminDropDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDropDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:AdminDropDataPropertyValueContainer .
+    
+:AdminDropDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DropOperation .
+
+### Add data property data sets
+
+:PublicAddDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicAddDataPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:PublicAddDataPropertyValueContainer .
+    
+:PublicAddDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:AddOperation .
+
+:EditorAddDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorAddDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:EditorAddDataPropertyValueContainer .
+    
+:EditorAddDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:AddOperation .
+
+:CuratorAddDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorAddDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:CuratorAddDataPropertyValueContainer .
+    
+:CuratorAddDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:AddOperation .
+
+:AdminAddDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminAddDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:AdminAddDataPropertyValueContainer .
+    
+:AdminAddDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:AddOperation .
+
+### Edit data property data sets
+
+:PublicEditDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicEditDataPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:PublicEditDataPropertyValueContainer .
+    
+:PublicEditDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:EditOperation .
+
+:EditorEditDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorEditDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:EditorEditDataPropertyValueContainer .
+    
+:EditorEditDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:EditOperation .
+
+:CuratorEditDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorEditDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:CuratorEditDataPropertyValueContainer .
+    
+:CuratorEditDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:EditOperation .
+
+:AdminEditDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminEditDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:AdminEditDataPropertyValueContainer .
+    
+:AdminEditDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:EditOperation .
+
+### Drop object property data sets
+
+:PublicDropObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDropObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:PublicDropObjectPropertyValueContainer .
+    
+:PublicDropObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DropOperation .
+
+:EditorDropObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDropObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:EditorDropObjectPropertyValueContainer .
+    
+:EditorDropObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DropOperation .
+
+:CuratorDropObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDropObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDropObjectPropertyValueContainer .
+    
+:CuratorDropObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DropOperation .
+
+:AdminDropObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDropObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:AdminDropObjectPropertyValueContainer .
+    
+:AdminDropObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DropOperation .
+
+### Add object property data sets
+
+:PublicAddObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicAddObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:PublicAddObjectPropertyValueContainer .
+    
+:PublicAddObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:AddOperation .
+
+:EditorAddObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorAddObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:EditorAddObjectPropertyValueContainer .
+    
+:EditorAddObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:AddOperation .
+
+:CuratorAddObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorAddObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:CuratorAddObjectPropertyValueContainer .
+    
+:CuratorAddObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:AddOperation .
+
+:AdminAddObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminAddObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:AdminAddObjectPropertyValueContainer .
+    
+:AdminAddObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:AddOperation .
+
+### Edit object property data sets
+
+:PublicEditObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicEditObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:PublicEditObjectPropertyValueContainer .
+    
+:PublicEditObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:EditOperation .
+
+:EditorEditObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorEditObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:EditorEditObjectPropertyValueContainer .
+    
+:EditorEditObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:EditOperation .
+
+:CuratorEditObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorEditObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:CuratorEditObjectPropertyValueContainer .
+    
+:CuratorEditObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:EditOperation .
+
+:AdminEditObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminEditObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:AdminEditObjectPropertyValueContainer .
+    
+:AdminEditObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:EditOperation .
+
+
+### Display object property data sets
+
+:PublicDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDisplayObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:PublicDisplayObjectPropertyValueContainer .
+    
+:PublicDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DisplayOperation .
+
+:EditorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDisplayObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:EditorDisplayObjectPropertyValueContainer .
+    
+:EditorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DisplayOperation .
+
+:CuratorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDisplayObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDisplayObjectPropertyValueContainer .
+    
+:CuratorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DisplayOperation .
+
+:AdminDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDisplayObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:AdminDisplayObjectPropertyValueContainer .
+    
+:AdminDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DisplayOperation .
+
+### Display data property data sets
+
+:PublicDisplayDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDisplayDataPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:PublicDisplayDataPropertyValueContainer .
+    
+:PublicDisplayDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DisplayOperation .
+
+:EditorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDisplayDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:EditorDisplayDataPropertyValueContainer .
+    
+:EditorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DisplayOperation .
+
+:CuratorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDisplayDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDisplayDataPropertyValueContainer .
+    
+:CuratorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DisplayOperation .
+
+:AdminDisplayDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDisplayDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:AdminDisplayDataPropertyValueContainer .
+    
+:AdminDisplayDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DisplayOperation .
+
+### Display faux object property data sets
+
+:PublicDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDisplayFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:PublicDisplayFauxObjectPropertyValueContainer .
+    
+:PublicDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DisplayOperation .
+
+:EditorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDisplayFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:EditorDisplayFauxObjectPropertyValueContainer .
+    
+:EditorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DisplayOperation .
+
+:CuratorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDisplayFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDisplayFauxObjectPropertyValueContainer .
+    
+:CuratorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DisplayOperation .
+
+:AdminDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDisplayFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:AdminDisplayFauxObjectPropertyValueContainer .
+    
+:AdminDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DisplayOperation .
+
+### Display faux data property data sets
+
+:PublicDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDisplayFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:PublicDisplayFauxDataPropertyValueContainer .
+    
+:PublicDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:PUBLIC ;
+    ao:keyComponent ai:DisplayOperation .
+
+:EditorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDisplayFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:EditorDisplayFauxDataPropertyValueContainer .
+    
+:EditorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:DisplayOperation .
+
+:CuratorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDisplayFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:CuratorDisplayFauxDataPropertyValueContainer .
+    
+:CuratorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:DisplayOperation .
+
+:AdminDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDisplayFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:AdminDisplayFauxDataPropertyValueContainer .
+    
+:AdminDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:DisplayOperation .
+
+### Publish object property data sets
+
+:EditorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorPublishObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:EditorPublishObjectPropertyValueContainer .
+    
+:EditorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:PublishOperation .
+
+:CuratorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorPublishObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:CuratorPublishObjectPropertyValueContainer .
+    
+:CuratorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:PublishOperation .
+
+:AdminPublishObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminPublishObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:AdminPublishObjectPropertyValueContainer .
+    
+:AdminPublishObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:PublishOperation .
+
+### Publish data property data sets
+
+:EditorPublishDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorPublishDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:EditorPublishDataPropertyValueContainer .
+    
+:EditorPublishDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:PublishOperation .
+
+:CuratorPublishDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorPublishDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:CuratorPublishDataPropertyValueContainer .
+    
+:CuratorPublishDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:PublishOperation .
+
+:AdminPublishDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminPublishDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:AdminPublishDataPropertyValueContainer .
+    
+:AdminPublishDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:PublishOperation .
+
+### Publish faux object property data sets
+
+:EditorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorPublishFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:EditorPublishFauxObjectPropertyValueContainer .
+    
+:EditorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:PublishOperation .
+
+:CuratorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorPublishFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:CuratorPublishFauxObjectPropertyValueContainer .
+    
+:CuratorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:PublishOperation .
+
+:AdminPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminPublishFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:AdminPublishFauxObjectPropertyValueContainer .
+    
+:AdminPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:PublishOperation .
+
+### Publish faux data property data sets
+
+:EditorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorPublishFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:EditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:EditorPublishFauxDataPropertyValueContainer .
+    
+:EditorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:EDITOR ;
+    ao:keyComponent ai:PublishOperation .
+
+:CuratorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorPublishFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:CuratorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:CuratorPublishFauxDataPropertyValueContainer .
+    
+:CuratorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:CURATOR ;
+    ao:keyComponent ai:PublishOperation .
+
+:AdminPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminPublishFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:AdminRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:AdminPublishFauxDataPropertyValueContainer .
+    
+:AdminPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:ADMIN ;
+    ao:keyComponent ai:PublishOperation .
+
+### Rules
+
+:RuleSet a ao:Rules ;
+    ao:rule :AllowMatchingPropertyStatement ;
+    ao:rule :AllowMatchingProperty .
+
+:AllowMatchingProperty a ao:Rule;
+    ao:attribute :SubjectRoleEqualsDataSetRoleAttribute ;
+    ao:attribute :OperationEqualsDataSetOperation ;
+    ao:attribute :AccessObjectTypeEqualsDataSetValue ;
+    ao:attribute :AccessObjectUriContainsInDataSet .
+
+:AccessObjectTypeEqualsDataSetValue rdf:type ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:AccessObjectType ;
+    ao:templateValue :AccessObjectTypeValueSet .
+
+:AccessObjectTypeValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:DataPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyAccesObjectValueContainer ;
+    .
+
+:AllowMatchingPropertyStatement a ao:Rule;
+    ao:attribute :SubjectRoleEqualsDataSetRoleAttribute ;
+    ao:attribute :OperationEqualsDataSetOperation ;
+    ao:attribute :AccessObjectTypeStatementEquals ;
+    ao:attribute :StatementPredicateEquals ;
+    .
+
+:AccessObjectTypeStatementEquals rdf:type ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:AccessObjectType ;
+    ao:templateValue :StatementAccessObjectTypeValueSet .
+
+:StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    .
+
+:OperationEqualsDataSetOperation a ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:Operation ;
+    ao:templateValue :OperationValueSet .
+
+:OperationValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:DisplayOperationValueContainer ;
+    ao:attributeValue ai:PublishOperationValueContainer ;
+    ao:attributeValue ai:EditOperationValueContainer ;
+    ao:attributeValue ai:AddOperationValueContainer ;
+    ao:attributeValue ai:DropOperationValueContainer ;
+    .
+
+:SubjectRoleEqualsDataSetRoleAttribute a ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:SubjectRole ;
+    ao:templateValue :RoleValueSet .
+
+:RoleValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:PublicRoleValueContainer ;
+    ao:attributeValue ai:EditorRoleValueContainer ;
+    ao:attributeValue ai:CuratorRoleValueContainer ;
+    ao:attributeValue ai:AdminRoleValueContainer .
+
+:StatementPredicateEquals a ao:Attribute ;
+    ao:operator ai:OneOf ;
+    ao:type ai:StatementPredicateUri ;
+    ao:templateValue :AllowedPropertyUriValueSet .
+
+:AccessObjectUriContainsInDataSet a ao:Attribute ;
+    ao:operator ai:OneOf ;
+    ao:type ai:AccessObjectUri ;
+    ao:templateValue :AllowedPropertyUriValueSet .
+
+:AllowedPropertyUriValueSet a ao:AttributeValueSet ;
+
+    ao:attributeValue ai:PublicDisplayObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorDisplayObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorDisplayObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminDisplayObjectPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicDisplayDataPropertyValueContainer ;
+    ao:attributeValue ai:EditorDisplayDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorDisplayDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminDisplayDataPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicDisplayFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorDisplayFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorDisplayFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminDisplayFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:PublicDisplayFauxDataPropertyValueContainer ;   
+    ao:attributeValue ai:EditorDisplayFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorDisplayFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminDisplayFauxDataPropertyValueContainer ;
+
+    ao:attributeValue ai:EditorPublishObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorPublishObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminPublishObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorPublishDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorPublishDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminPublishDataPropertyValueContainer ;
+    ao:attributeValue ai:EditorPublishFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorPublishFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminPublishFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorPublishFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorPublishFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminPublishFauxDataPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicEditObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorEditObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorEditObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminEditObjectPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicAddObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorAddObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorAddObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminAddObjectPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicDropObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorDropObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorDropObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminDropObjectPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicEditDataPropertyValueContainer ;
+    ao:attributeValue ai:EditorEditDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorEditDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminEditDataPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicAddDataPropertyValueContainer ;
+    ao:attributeValue ai:EditorAddDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorAddDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminAddDataPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicDropDataPropertyValueContainer ;
+    ao:attributeValue ai:EditorDropDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorDropDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminDropDataPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicEditFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorEditFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorEditFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminEditFauxObjectPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicAddFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorAddFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorAddFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminAddFauxObjectPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicDropFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:EditorDropFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:CuratorDropFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:AdminDropFauxObjectPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicEditFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:EditorEditFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorEditFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminEditFauxDataPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicAddFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:EditorAddFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorAddFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminAddFauxDataPropertyValueContainer ;
+
+    ao:attributeValue ai:PublicDropFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:EditorDropFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:CuratorDropFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:AdminDropFauxDataPropertyValueContainer ;
+    .
+
+ai:PublicDropFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:EditorDropFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:CuratorDropFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:AdminDropFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+
+ai:PublicAddFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:EditorAddFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:CuratorAddFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:AdminAddFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+
+ai:PublicEditFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:EditorEditFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:CuratorEditFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:AdminEditFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+
+ai:PublicDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:EditorDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:CuratorDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:AdminDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+
+ai:PublicAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:EditorAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:CuratorAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:AdminAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+
+ai:PublicEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:EditorEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:CuratorEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:AdminEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+
+
+ai:PublicDropDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:EditorDropDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:CuratorDropDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:AdminDropDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+
+ai:PublicAddDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:EditorAddDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:CuratorAddDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:AdminAddDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+
+ai:PublicEditDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:EditorEditDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:CuratorEditDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:AdminEditDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+
+ai:PublicDropObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:EditorDropObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:CuratorDropObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:AdminDropObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+
+ai:PublicAddObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:EditorAddObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:CuratorAddObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:AdminAddObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+
+ai:PublicEditObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:EditorEditObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:CuratorEditObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:AdminEditObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+
+ai:PublicDisplayObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:EditorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:CuratorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:AdminDisplayObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+
+ai:PublicDisplayDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:EditorDisplayDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:CuratorDisplayDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:AdminDisplayDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:PublicDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:EditorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:CuratorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:AdminDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:PublicDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:EditorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:CuratorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:AdminDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+
+ai:EditorPublishObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:CuratorPublishObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:AdminPublishObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:EditorPublishDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:CuratorPublishDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:AdminPublishDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:EditorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:CuratorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:AdminPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:EditorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:CuratorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+ai:AdminPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
new file mode 100644
index 0000000000..550ec6d675
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -0,0 +1,245 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-property/> .
+
+:PolicyTemplate a ao:PolicyTemplate ;
+    ao:rules :RuleSet ;
+    ao:policyDataSets :DataSets .
+
+:DataSets a ao:PolicyDataSets ;
+    ao:policyDataSet :SelfEditorDisplayObjectPropertyDataSet ;
+    ao:policyDataSet :SelfEditorDisplayDataPropertyDataSet ;
+    ao:policyDataSet :SelfEditorDisplayFauxObjectPropertyDataSet ;
+    ao:policyDataSet :SelfEditorDisplayFauxDataPropertyDataSet ;
+    ao:policyDataSet :SelfEditorPublishObjectPropertyDataSet ;
+    ao:policyDataSet :SelfEditorPublishDataPropertyDataSet ;
+    ao:policyDataSet :SelfEditorPublishFauxObjectPropertyDataSet ;
+    ao:policyDataSet :SelfEditorPublishFauxDataPropertyDataSet ;
+    .
+
+### Display object property data sets
+
+:SelfEditorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorDisplayObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorDisplayObjectPropertyValueContainer .
+    
+:SelfEditorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:DisplayOperation .
+
+### Display data property data sets
+
+:SelfEditorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorDisplayDataPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorDisplayDataPropertyValueContainer .
+    
+:SelfEditorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:DisplayOperation .
+
+### Display faux object property data sets
+
+:SelfEditorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorDisplayFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorDisplayFauxObjectPropertyValueContainer .
+    
+:SelfEditorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:DisplayOperation .
+
+### Display faux data property data sets
+
+:SelfEditorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorDisplayFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorDisplayFauxDataPropertyValueContainer .
+    
+:SelfEditorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:DisplayOperation .
+
+### Publish object property data sets
+
+:SelfEditorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorPublishObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorPublishObjectPropertyValueContainer .
+    
+:SelfEditorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:PublishOperation .
+
+### Publish data property data sets
+
+:SelfEditorPublishDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorPublishDataPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorPublishDataPropertyValueContainer .
+    
+:SelfEditorPublishDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:PublishOperation .
+
+### Publish faux object property data sets
+
+:SelfEditorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorPublishFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorPublishFauxObjectPropertyValueContainer .
+    
+:SelfEditorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:PublishOperation .
+
+### Publish faux data property data sets
+
+:SelfEditorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorPublishFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorPublishFauxDataPropertyValueContainer .
+    
+:SelfEditorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:PublishOperation .
+
+### Rules
+
+:RuleSet a ao:Rules ;
+    ao:rule :AllowMatchingPropertyStatement ;
+    ao:rule :AllowMatchingProperty .
+
+:AllowMatchingProperty a ao:Rule;
+    ao:attribute :SubjectRoleCheck ;
+    ao:attribute :OperationCheck ;
+    ao:attribute :AccessObjectTypeCheck ;
+    ao:attribute :AccessObjectUriCheck .
+
+:AccessObjectTypeCheck rdf:type ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:AccessObjectType ;
+    ao:templateValue :AccessObjectTypeValueSet .
+
+:AccessObjectTypeValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:DataPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyAccesObjectValueContainer ;
+    .
+
+:AllowMatchingPropertyStatement a ao:Rule;
+    ao:attribute :SubjectRoleCheck ;
+    ao:attribute :OperationCheck ;
+    ao:attribute :AccessObjectStatementTypeCheck ;
+    ao:attribute :StatementPredicateCheck ;
+    .
+
+:AccessObjectStatementTypeCheck rdf:type ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:AccessObjectType ;
+    ao:templateValue :StatementAccessObjectTypeValueSet .
+
+:StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    .
+
+:OperationCheck a ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:Operation ;
+    ao:templateValue :OperationValueSet .
+
+:OperationValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:DisplayOperationValueContainer ;
+    ao:attributeValue ai:PublishOperationValueContainer ;
+    .
+
+:SubjectRoleCheck a ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:SubjectRole ;
+    ao:templateValue :RoleValueSet .
+
+:RoleValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:SelfEditorRoleValueContainer .
+
+:StatementPredicateCheck a ao:Attribute ;
+    ao:operator ai:OneOf ;
+    ao:type ai:StatementPredicateUri ;
+    ao:templateValue :AllowedPropertyUriValueSet .
+
+:AccessObjectUriCheck a ao:Attribute ;
+    ao:operator ai:OneOf ;
+    ao:type ai:AccessObjectUri ;
+    ao:templateValue :AllowedPropertyUriValueSet .
+
+:AllowedPropertyUriValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:SelfEditorDisplayObjectPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorDisplayDataPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorDisplayFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorDisplayFauxDataPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorPublishObjectPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorPublishDataPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorPublishFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorPublishFauxDataPropertyValueContainer ;
+    .
+
+ai:SelfEditorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:SelfEditorDisplayDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:SelfEditorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:SelfEditorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+
+ai:SelfEditorPublishObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:SelfEditorPublishDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:SelfEditorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:SelfEditorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_property.n3
deleted file mode 100644
index c9deb4c0c2..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_match_allowed_property.n3
+++ /dev/null
@@ -1,590 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-match-allowed-property/> .
-
-:PolicyTemplate a ao:PolicyTemplate ;
-    ao:rules :RuleSet ;
-    ao:policyDataSets :DataSets .
-
-:DataSets a ao:PolicyDataSets ;
-    ao:policyDataSet :PublicDisplayObjectPropertyDataSet ;
-    ao:policyDataSet :EditorDisplayObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorDisplayObjectPropertyDataSet ;
-    ao:policyDataSet :AdminDisplayObjectPropertyDataSet ;
-    ao:policyDataSet :PublicDisplayDataPropertyDataSet ;
-    ao:policyDataSet :EditorDisplayDataPropertyDataSet ;
-    ao:policyDataSet :CuratorDisplayDataPropertyDataSet ;
-    ao:policyDataSet :AdminDisplayDataPropertyDataSet ;
-    ao:policyDataSet :PublicDisplayFauxObjectPropertyDataSet ;
-    ao:policyDataSet :EditorDisplayFauxObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorDisplayFauxObjectPropertyDataSet ;
-    ao:policyDataSet :AdminDisplayFauxObjectPropertyDataSet ;
-    ao:policyDataSet :PublicDisplayFauxDataPropertyDataSet ;
-    ao:policyDataSet :EditorDisplayFauxDataPropertyDataSet ;
-    ao:policyDataSet :CuratorDisplayFauxDataPropertyDataSet ;
-    ao:policyDataSet :AdminDisplayFauxDataPropertyDataSet ;
-
-    ao:policyDataSet :EditorPublishObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorPublishObjectPropertyDataSet ;
-    ao:policyDataSet :AdminPublishObjectPropertyDataSet ;
-    ao:policyDataSet :EditorPublishDataPropertyDataSet ;
-    ao:policyDataSet :CuratorPublishDataPropertyDataSet ;
-    ao:policyDataSet :AdminPublishDataPropertyDataSet ;
-    ao:policyDataSet :EditorPublishFauxObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorPublishFauxObjectPropertyDataSet ;
-    ao:policyDataSet :AdminPublishFauxObjectPropertyDataSet ;
-    ao:policyDataSet :EditorPublishFauxDataPropertyDataSet ;
-    ao:policyDataSet :CuratorPublishFauxDataPropertyDataSet ;
-    ao:policyDataSet :AdminPublishFauxDataPropertyDataSet ;
-    .
-
-### Display object property data sets
-
-:PublicDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDisplayObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:PublicDisplayObjectPropertyValueContainer .
-    
-:PublicDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-:EditorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDisplayObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:EditorDisplayObjectPropertyValueContainer .
-    
-:EditorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-:CuratorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDisplayObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDisplayObjectPropertyValueContainer .
-    
-:CuratorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-:AdminDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDisplayObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:AdminDisplayObjectPropertyValueContainer .
-    
-:AdminDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-### Display data property data sets
-
-:PublicDisplayDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDisplayDataPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:PublicDisplayDataPropertyValueContainer .
-    
-:PublicDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-:EditorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDisplayDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:EditorDisplayDataPropertyValueContainer .
-    
-:EditorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-:CuratorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDisplayDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDisplayDataPropertyValueContainer .
-    
-:CuratorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-:AdminDisplayDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDisplayDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:AdminDisplayDataPropertyValueContainer .
-    
-:AdminDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-### Display faux object property data sets
-
-:PublicDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDisplayFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:PublicDisplayFauxObjectPropertyValueContainer .
-    
-:PublicDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-:EditorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDisplayFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:EditorDisplayFauxObjectPropertyValueContainer .
-    
-:EditorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-:CuratorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDisplayFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDisplayFauxObjectPropertyValueContainer .
-    
-:CuratorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-:AdminDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDisplayFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:AdminDisplayFauxObjectPropertyValueContainer .
-    
-:AdminDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-### Display faux data property data sets
-
-:PublicDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDisplayFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:PublicDisplayFauxDataPropertyValueContainer .
-    
-:PublicDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-:EditorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDisplayFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:EditorDisplayFauxDataPropertyValueContainer .
-    
-:EditorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-:CuratorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDisplayFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDisplayFauxDataPropertyValueContainer .
-    
-:CuratorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-:AdminDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDisplayFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:AdminDisplayFauxDataPropertyValueContainer .
-    
-:AdminDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DisplayOperationGroup .
-
-### Publish object property data sets
-
-:EditorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorPublishObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:EditorPublishObjectPropertyValueContainer .
-    
-:EditorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:PublishOperationGroup .
-
-:CuratorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorPublishObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:CuratorPublishObjectPropertyValueContainer .
-    
-:CuratorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:PublishOperationGroup .
-
-:AdminPublishObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminPublishObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:AdminPublishObjectPropertyValueContainer .
-    
-:AdminPublishObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:PublishOperationGroup .
-
-### Publish data property data sets
-
-:EditorPublishDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorPublishDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:EditorPublishDataPropertyValueContainer .
-    
-:EditorPublishDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:PublishOperationGroup .
-
-:CuratorPublishDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorPublishDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:CuratorPublishDataPropertyValueContainer .
-    
-:CuratorPublishDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:PublishOperationGroup .
-
-:AdminPublishDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminPublishDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:AdminPublishDataPropertyValueContainer .
-    
-:AdminPublishDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:PublishOperationGroup .
-
-### Publish faux object property data sets
-
-:EditorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorPublishFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:EditorPublishFauxObjectPropertyValueContainer .
-    
-:EditorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:PublishOperationGroup .
-
-:CuratorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorPublishFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:CuratorPublishFauxObjectPropertyValueContainer .
-    
-:CuratorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:PublishOperationGroup .
-
-:AdminPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminPublishFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:AdminPublishFauxObjectPropertyValueContainer .
-    
-:AdminPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:PublishOperationGroup .
-
-### Publish faux data property data sets
-
-:EditorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorPublishFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:EditorPublishFauxDataPropertyValueContainer .
-    
-:EditorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:PublishOperationGroup .
-
-:CuratorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorPublishFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:CuratorPublishFauxDataPropertyValueContainer .
-    
-:CuratorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:PublishOperationGroup .
-
-:AdminPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminPublishFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:AdminPublishFauxDataPropertyValueContainer .
-    
-:AdminPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:PublishOperationGroup .
-
-### Rules
-
-:RuleSet a ao:Rules ;
-    ao:rule :AllowMatchingPropertyStatement ;
-    ao:rule :AllowMatchingProperty .
-
-:AllowMatchingProperty a ao:Rule;
-    ao:attribute :SubjectRoleEqualsDataSetRoleAttribute ;
-    ao:attribute :OperationEqualsDataSetOperation ;
-    ao:attribute :AccessObjectTypeEqualsDataSetValue ;
-    ao:attribute :AccessObjectUriContainsInDataSet .
-
-:AccessObjectTypeEqualsDataSetValue rdf:type ao:Attribute ;
-    ao:operator ai:Equals ;
-    ao:type ai:AccessObjectType ;
-    ao:templateValue :AccessObjectTypeValueSet .
-
-:AccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:attributeValue ai:DataPropertyAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyAccesObjectValueContainer ;
-    .
-
-:AllowMatchingPropertyStatement a ao:Rule;
-    ao:attribute :SubjectRoleEqualsDataSetRoleAttribute ;
-    ao:attribute :OperationEqualsDataSetOperation ;
-    ao:attribute :AccessObjectTypeStatementEquals ;
-    ao:attribute :StatementPredicateEquals ;
-    .
-
-:AccessObjectTypeStatementEquals rdf:type ao:Attribute ;
-    ao:operator ai:Equals ;
-    ao:type ai:AccessObjectType ;
-    ao:templateValue :StatementAccessObjectTypeValueSet .
-
-:StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyStatementAccesObjectValueContainer ;
-    ao:attributeValue ai:DataPropertyStatementAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyStatementAccesObjectValueContainer ;
-    .
-
-:OperationEqualsDataSetOperation a ao:Attribute ;
-    ao:operator ai:Equals ;
-    ao:type ai:Operation ;
-    ao:templateValue :OperationValueSet .
-
-:OperationValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:DisplayOperationValueContainer ;
-    ao:attributeValue ai:PublishOperationValueContainer ;
-    .
-
-:SubjectRoleEqualsDataSetRoleAttribute a ao:Attribute ;
-    ao:operator ai:Equals ;
-    ao:type ai:SubjectRole ;
-    ao:templateValue :RoleValueSet .
-
-:RoleValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:PublicRoleValueContainer ;
-    ao:attributeValue ai:EditorRoleValueContainer ;
-    ao:attributeValue ai:CuratorRoleValueContainer ;
-    ao:attributeValue ai:AdminRoleValueContainer .
-
-:StatementPredicateEquals a ao:Attribute ;
-    ao:operator ai:OneOf ;
-    ao:type ai:StatementPredicateUri ;
-    ao:templateValue :AllowedPropertyUriValueSet .
-
-:AccessObjectUriContainsInDataSet a ao:Attribute ;
-    ao:operator ai:OneOf ;
-    ao:type ai:AccessObjectUri ;
-    ao:templateValue :AllowedPropertyUriValueSet .
-
-:AllowedPropertyUriValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:PublicDisplayObjectPropertyValueContainer ;
-    ao:attributeValue ai:EditorDisplayObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorDisplayObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminDisplayObjectPropertyValueContainer ;
-    ao:attributeValue ai:PublicDisplayDataPropertyValueContainer ;
-    ao:attributeValue ai:EditorDisplayDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorDisplayDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminDisplayDataPropertyValueContainer ;
-    ao:attributeValue ai:PublicDisplayFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:EditorDisplayFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorDisplayFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminDisplayFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:PublicDisplayFauxDataPropertyValueContainer ;   
-    ao:attributeValue ai:EditorDisplayFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorDisplayFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminDisplayFauxDataPropertyValueContainer ;
-
-    ao:attributeValue ai:EditorPublishObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorPublishObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminPublishObjectPropertyValueContainer ;
-    ao:attributeValue ai:EditorPublishDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorPublishDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminPublishDataPropertyValueContainer ;
-    ao:attributeValue ai:EditorPublishFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorPublishFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminPublishFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:EditorPublishFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorPublishFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminPublishFauxDataPropertyValueContainer ;
-    .
-
-ai:PublicDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
-ai:EditorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
-ai:CuratorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
-ai:AdminDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
-ai:PublicDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
-ai:EditorDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
-ai:CuratorDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
-ai:AdminDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
-ai:PublicDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
-ai:EditorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
-ai:CuratorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
-ai:AdminDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
-ai:PublicDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
-ai:EditorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
-ai:CuratorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
-ai:AdminDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
-
-ai:EditorPublishObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
-ai:CuratorPublishObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
-ai:AdminPublishObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
-ai:EditorPublishDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
-ai:CuratorPublishDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
-ai:AdminPublishDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
-ai:EditorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
-ai:CuratorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
-ai:AdminPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
-ai:EditorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
-ai:CuratorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
-ai:AdminPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
new file mode 100644
index 0000000000..8931d1705d
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -0,0 +1,335 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/update-related-allowed-property/> .
+
+:PolicyTemplate a ao:PolicyTemplate ;
+    ao:rules :RuleSet ;
+    ao:policyDataSets :DataSets .
+
+:DataSets a ao:PolicyDataSets ;
+
+    ao:policyDataSet :SelfEditorAddObjectPropertyDataSet ;
+    ao:policyDataSet :SelfEditorAddDataPropertyDataSet ;
+    ao:policyDataSet :SelfEditorAddFauxObjectPropertyDataSet ;
+    ao:policyDataSet :SelfEditorAddFauxDataPropertyDataSet ;
+
+    ao:policyDataSet :SelfEditorEditObjectPropertyDataSet ;
+    ao:policyDataSet :SelfEditorEditDataPropertyDataSet ;
+    ao:policyDataSet :SelfEditorEditFauxObjectPropertyDataSet ;
+    ao:policyDataSet :SelfEditorEditFauxDataPropertyDataSet ;
+
+    ao:policyDataSet :SelfEditorDropObjectPropertyDataSet ;
+    ao:policyDataSet :SelfEditorDropDataPropertyDataSet ;
+    ao:policyDataSet :SelfEditorDropFauxObjectPropertyDataSet ;
+    ao:policyDataSet :SelfEditorDropFauxDataPropertyDataSet ;
+    .
+
+### Add object property data sets
+
+:SelfEditorAddObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorAddObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorAddObjectPropertyValueContainer .
+    
+:SelfEditorAddObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:AddOperation .
+
+### Add data property data sets
+
+:SelfEditorAddDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorAddDataPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorAddDataPropertyValueContainer .
+    
+:SelfEditorAddDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:AddOperation .
+
+### Add faux object property data sets
+
+:SelfEditorAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorAddFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorAddFauxObjectPropertyValueContainer .
+    
+:SelfEditorAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:AddOperation .
+
+### Add faux data property data sets
+
+:SelfEditorAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorAddFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorAddFauxDataPropertyValueContainer .
+    
+:SelfEditorAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:AddOperation .
+
+### Drop object property data sets
+
+:SelfEditorDropObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorDropObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorDropObjectPropertyValueContainer .
+    
+:SelfEditorDropObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:DropOperation .
+
+### Drop data property data sets
+
+:SelfEditorDropDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorDropDataPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorDropDataPropertyValueContainer .
+    
+:SelfEditorDropDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:DropOperation .
+
+### Drop faux object property data sets
+
+:SelfEditorDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorDropFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorDropFauxObjectPropertyValueContainer .
+    
+:SelfEditorDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:DropOperation .
+
+### Drop faux data property data sets
+
+:SelfEditorDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorDropFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorDropFauxDataPropertyValueContainer .
+    
+:SelfEditorDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:DropOperation .
+
+### Edit object property data sets
+
+:SelfEditorEditObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorEditObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorEditObjectPropertyValueContainer .
+    
+:SelfEditorEditObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:EditOperation .
+
+### Edit data property data sets
+
+:SelfEditorEditDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorEditDataPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorEditDataPropertyValueContainer .
+    
+:SelfEditorEditDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:EditOperation .
+
+### Edit faux object property data sets
+
+:SelfEditorEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorEditFauxObjectPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorEditFauxObjectPropertyValueContainer .
+    
+:SelfEditorEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:EditOperation .
+
+### Edit faux data property data sets
+
+:SelfEditorEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorEditFauxDataPropertyDataSetKey ;
+    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValues ai:SelfEditorEditFauxDataPropertyValueContainer .
+    
+:SelfEditorEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent auth:SELF_EDITOR ;
+    ao:keyComponent ai:EditOperation .
+
+### Rules
+
+:RuleSet a ao:Rules ;
+    ao:rule :AllowMatchingPropertyStatement ;
+    ao:rule :AllowMatchingProperty .
+
+:AllowMatchingProperty a ao:Rule;
+    ao:attribute :SubjectRoleCheck ;
+    ao:attribute :OperationCheck ;
+    ao:attribute :AccessObjectTypeCheck ;
+    ao:attribute :AccessObjectUriCheck .
+
+:AccessObjectTypeCheck rdf:type ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:AccessObjectType ;
+    ao:templateValue :AccessObjectTypeValueSet .
+
+:AccessObjectTypeValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:DataPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyAccesObjectValueContainer ;
+    .
+
+:AllowMatchingPropertyStatement a ao:Rule;
+    ao:attribute :SubjectRoleCheck ;
+    ao:attribute :OperationCheck ;
+    ao:attribute :AccessObjectStatementTypeCheck ;
+    ao:attribute :StatementPredicateCheck ;
+    ao:attribute :RelationCheck ;
+    .
+
+:RelationCheck rdf:type ao:Attribute ;
+    ao:operator ai:SparqlSelectQueryContains ;
+    ao:type ai:StatementSubjectUri ;
+    ao:value ai:PersonProfileProximityToResourceUri .
+
+:AccessObjectStatementTypeCheck rdf:type ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:AccessObjectType ;
+    ao:templateValue :StatementAccessObjectTypeValueSet .
+
+:StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    .
+
+:OperationCheck a ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:Operation ;
+    ao:templateValue :OperationValueSet .
+
+:OperationValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:AddOperationValueContainer ;
+    ao:attributeValue ai:DropOperationValueContainer ;
+    ao:attributeValue ai:EditOperationValueContainer ;
+    .
+
+:SubjectRoleCheck a ao:Attribute ;
+    ao:operator ai:Equals ;
+    ao:type ai:SubjectRole ;
+    ao:templateValue :RoleValueSet .
+
+:RoleValueSet a ao:AttributeValueSet ;
+    ao:attributeValue ai:SelfEditorRoleValueContainer .
+
+:StatementPredicateCheck a ao:Attribute ;
+    ao:operator ai:OneOf ;
+    ao:type ai:StatementPredicateUri ;
+    ao:templateValue :AllowedPropertyUriValueSet .
+
+:AccessObjectUriCheck a ao:Attribute ;
+    ao:operator ai:OneOf ;
+    ao:type ai:AccessObjectUri ;
+    ao:templateValue :AllowedPropertyUriValueSet .
+
+:AllowedPropertyUriValueSet a ao:AttributeValueSet ;
+
+    ao:attributeValue ai:SelfEditorAddObjectPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorAddDataPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorAddFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorAddFauxDataPropertyValueContainer ;
+
+    ao:attributeValue ai:SelfEditorEditObjectPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorEditDataPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorEditFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorEditFauxDataPropertyValueContainer ;
+
+    ao:attributeValue ai:SelfEditorDropObjectPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorDropDataPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorDropFauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:SelfEditorDropFauxDataPropertyValueContainer ;
+    .
+
+ai:SelfEditorAddObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:SelfEditorAddDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:SelfEditorAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:SelfEditorAddFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+
+ai:SelfEditorEditObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:SelfEditorEditDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:SelfEditorEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:SelfEditorEditFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .
+
+ai:SelfEditorDropObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:ObjectPropertyAccesObject .
+ai:SelfEditorDropDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:DataPropertyAccesObject .
+ai:SelfEditorDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxObjectPropertyAccesObject .
+ai:SelfEditorDropFauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:containerType ai:FauxDataPropertyAccesObject .

From d9b665241d87cbae28ffc710fa08c0804f596460 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 19 Oct 2023 17:25:03 +0200
Subject: [PATCH 056/148] refact: renamed Attribute to Check

---
 ...tractAttribute.java => AbstractCheck.java} | 16 +++----
 ...ribute.java => AccessObjectTypeCheck.java} | 14 +++---
 ...tribute.java => AccessObjectUriCheck.java} | 14 +++---
 .../webapp/auth/attributes/Attribute.java     | 33 ++++---------
 .../auth/attributes/AttributeGroup.java       |  8 ----
 .../webapp/auth/attributes/AttributeType.java | 14 ------
 ...Tester.java => AttributeValueChecker.java} | 16 +++----
 .../vitro/webapp/auth/attributes/Check.java   | 29 +++++++++++
 ...ttributeFactory.java => CheckFactory.java} | 34 ++++++-------
 .../{TestType.java => CheckType.java}         |  2 +-
 .../auth/attributes/OperationAttribute.java   | 34 -------------
 .../auth/attributes/OperationCheck.java       | 34 +++++++++++++
 ...bute.java => StatementObjectUriCheck.java} | 14 +++---
 ...e.java => StatementPredicateUriCheck.java} | 14 +++---
 ...ute.java => StatementSubjectUriCheck.java} | 14 +++---
 ...leAttribute.java => SubjectRoleCheck.java} | 14 +++---
 ...peAttribute.java => SubjectTypeCheck.java} | 14 +++---
 .../webapp/auth/policy/PolicyLoader.java      | 14 +++---
 .../vitro/webapp/auth/rules/AccessRule.java   | 10 ++--
 .../webapp/auth/rules/AccessRuleFactory.java  |  4 +-
 .../webapp/auth/rules/AccessRuleImpl.java     | 26 +++++-----
 .../vitro/webapp/auth/policy/PolicyTest.java  |  4 +-
 .../webapp/auth/rules/AccessRuleTest.java     | 20 ++++----
 .../auth/rules/proximity_test_policy.n3       |  4 +-
 .../webapp/auth/rules/test_policy_broken1.n3  |  8 ++--
 .../webapp/auth/rules/test_policy_broken2.n3  |  8 ++--
 .../webapp/auth/rules/test_policy_broken3.n3  |  8 ++--
 .../webapp/auth/rules/test_policy_broken4.n3  |  8 ++--
 .../webapp/auth/rules/test_policy_broken5.n3  |  8 ++--
 .../auth/rules/test_policy_broken_set.n3      |  8 ++--
 .../webapp/auth/rules/test_policy_key.n3      |  4 +-
 .../webapp/auth/rules/test_policy_valid.n3    |  4 +-
 .../auth/rules/test_policy_valid_set.n3       |  8 ++--
 .../rdf/accessControl/firsttime/attributes.n3 | 48 +++++++++----------
 .../rdf/accessControl/firsttime/ontology.n3   | 14 +++---
 .../firsttime/policy_editable_pages.n3        | 30 ++++++------
 .../firsttime/policy_menu_items_editing.n3    | 20 ++++----
 .../policy_not_modifiable_statements.n3       | 42 ++++++++--------
 .../firsttime/policy_root_user.n3             |  2 +-
 .../template_access_allowed_class.n3          | 16 +++----
 .../template_access_allowed_property.n3       | 28 +++++------
 ...emplate_access_related_allowed_property.n3 | 28 +++++------
 .../firsttime/template_simple_permissions.n3  | 10 ++--
 ...emplate_update_related_allowed_property.n3 | 32 ++++++-------
 44 files changed, 363 insertions(+), 371 deletions(-)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{AbstractAttribute.java => AbstractCheck.java} (82%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{AccessObjectTypeAttribute.java => AccessObjectTypeCheck.java} (69%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{AccessObjectUriAttribute.java => AccessObjectUriCheck.java} (69%)
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeGroup.java
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{AttributeValueTester.java => AttributeValueChecker.java} (86%)
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Check.java
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{AttributeFactory.java => CheckFactory.java} (57%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{TestType.java => CheckType.java} (91%)
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationCheck.java
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{StatementObjectUriAttribute.java => StatementObjectUriCheck.java} (70%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{StatementPredicateUriAttribute.java => StatementPredicateUriCheck.java} (69%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{StatementSubjectUriAttribute.java => StatementSubjectUriCheck.java} (70%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{SubjectRoleAttribute.java => SubjectRoleCheck.java} (66%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{SubjectTypeAttribute.java => SubjectTypeCheck.java} (73%)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractCheck.java
similarity index 82%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractCheck.java
index fe111897c1..78f97fb823 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractCheck.java
@@ -8,15 +8,15 @@
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
 
-public abstract class AbstractAttribute implements Attribute {
+public abstract class AbstractCheck implements Check {
 
     private Set<String> values = new HashSet<>();
     private String uri;
     private long computationalCost;
 
-    private TestType testType = TestType.EQUALS;
+    private CheckType testType = CheckType.EQUALS;
 
-    public AbstractAttribute(String uri, String value) {
+    public AbstractCheck(String uri, String value) {
         this.uri = uri;
         values.add(value);
     }
@@ -29,11 +29,11 @@ public void setUri(String uri) {
         this.uri = uri;
     }
 
-    public TestType getTestType() {
+    public CheckType getType() {
         return testType;
     }
 
-    public void setTestType(TestType testType) {
+    public void setType(CheckType testType) {
         this.testType = testType;
         adjustComputationCost(testType);
     }
@@ -50,13 +50,13 @@ public Set<String> getValues() {
 
     @Override
     public boolean equals(Object object) {
-        if (!(object instanceof AbstractAttribute)) {
+        if (!(object instanceof AbstractCheck)) {
             return false;
         }
         if (object == this) {
             return true;
         }
-        AbstractAttribute compared = (AbstractAttribute) object;
+        AbstractCheck compared = (AbstractCheck) object;
 
         return new EqualsBuilder()
                 .append(getUri(), compared.getUri())
@@ -76,7 +76,7 @@ public long getComputationalCost() {
         return computationalCost;
     }
 
-    private void adjustComputationCost(TestType testType) {
+    private void adjustComputationCost(CheckType testType) {
         switch (testType) {
             case ONE_OF:
                 computationalCost += 100;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeCheck.java
similarity index 69%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeCheck.java
index b9a608b120..7ef2dcfc2d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeCheck.java
@@ -7,19 +7,19 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-public class AccessObjectTypeAttribute extends AbstractAttribute {
+public class AccessObjectTypeCheck extends AbstractCheck {
 
-    private static final Log log = LogFactory.getLog(AccessObjectTypeAttribute.class);
+    private static final Log log = LogFactory.getLog(AccessObjectTypeCheck.class);
 
-    public AccessObjectTypeAttribute(String uri, String value) {
+    public AccessObjectTypeCheck(String uri, String value) {
         super(uri, value);
     }
 
     @Override
-    public boolean match(AuthorizationRequest ar) {
+    public boolean check(AuthorizationRequest ar) {
         AccessObject ao = ar.getAccessObject();
         final String inputValue = ao.getType().toString();
-        if (AttributeValueTester.test(this, ar, inputValue)) {
+        if (AttributeValueChecker.test(this, ar, inputValue)) {
             log.debug("Attribute match requested object type '" + inputValue + "'");
             return true;
         }
@@ -28,7 +28,7 @@ public boolean match(AuthorizationRequest ar) {
     }
 
     @Override
-    public AttributeType getAttributeType() {
-        return AttributeType.ACCESS_OBJECT_TYPE;
+    public Attribute getAttributeType() {
+        return Attribute.ACCESS_OBJECT_TYPE;
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriCheck.java
similarity index 69%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriCheck.java
index b2255fbeb9..a2957dba84 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriCheck.java
@@ -7,19 +7,19 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-public class AccessObjectUriAttribute extends AbstractAttribute {
+public class AccessObjectUriCheck extends AbstractCheck {
 
-    private static final Log log = LogFactory.getLog(AccessObjectUriAttribute.class);
+    private static final Log log = LogFactory.getLog(AccessObjectUriCheck.class);
 
-    public AccessObjectUriAttribute(String uri, String objectUri) {
+    public AccessObjectUriCheck(String uri, String objectUri) {
         super(uri, objectUri);
     }
 
     @Override
-    public boolean match(AuthorizationRequest ar) {
+    public boolean check(AuthorizationRequest ar) {
         AccessObject ao = ar.getAccessObject();
         final String inputValue = ao.getUri();
-        if (AttributeValueTester.test(this, ar, inputValue)) {
+        if (AttributeValueChecker.test(this, ar, inputValue)) {
             log.debug("Attribute match requested '" + inputValue + "'");
             return true;
         }
@@ -28,8 +28,8 @@ public boolean match(AuthorizationRequest ar) {
     }
 
     @Override
-    public AttributeType getAttributeType() {
-        return AttributeType.ACCESS_OBJECT_URI;
+    public Attribute getAttributeType() {
+        return Attribute.ACCESS_OBJECT_URI;
     }
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
index 877bca4e05..2c2f6634da 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Attribute.java
@@ -2,28 +2,13 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
-import java.util.Set;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-
-public interface Attribute {
-
-    public void setUri(String uri);
-
-    public String getUri();
-
-    public boolean match(AuthorizationRequest ar);
-
-    public AttributeType getAttributeType();
-
-    public TestType getTestType();
-
-    Set<String> getValues();
-
-    public void addValue(String value);
-
-    public void setTestType(TestType valueOf);
-
-    public long getComputationalCost();
-
+public enum Attribute {
+    OPERATION,
+    SUBJECT_ROLE_URI,
+    SUBJECT_TYPE,
+    ACCESS_OBJECT_URI,
+    ACCESS_OBJECT_TYPE,
+    STATEMENT_OBJECT_URI,
+    STATEMENT_PREDICATE_URI,
+    STATEMENT_SUBJECT_URI,
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeGroup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeGroup.java
deleted file mode 100644
index 62eb9358dd..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeGroup.java
+++ /dev/null
@@ -1,8 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
-
-public enum AttributeGroup {
-    OBJECT_MATCH ,
-    EXPENSIVE_COMPUTATION
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java
deleted file mode 100644
index cb5df74281..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeType.java
+++ /dev/null
@@ -1,14 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
-
-public enum AttributeType {
-    OPERATION,
-    SUBJECT_ROLE_URI,
-    SUBJECT_TYPE,
-    ACCESS_OBJECT_URI,
-    ACCESS_OBJECT_TYPE,
-    STATEMENT_OBJECT_URI,
-    STATEMENT_PREDICATE_URI,
-    STATEMENT_SUBJECT_URI,
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueChecker.java
similarity index 86%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueChecker.java
index 463f0912e4..6916575b9c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueTester.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueChecker.java
@@ -13,11 +13,11 @@
 import org.apache.commons.logging.LogFactory;
 import org.apache.jena.rdf.model.Model;
 
-public class AttributeValueTester {
-    private static final Log log = LogFactory.getLog(AttributeValueTester.class);
+public class AttributeValueChecker {
+    private static final Log log = LogFactory.getLog(AttributeValueChecker.class);
 
-    static boolean test(Attribute attr, AuthorizationRequest ar, String... values) {
-        TestType testType = attr.getTestType();
+    static boolean test(Check attr, AuthorizationRequest ar, String... values) {
+        CheckType testType = attr.getType();
         switch (testType) {
             case EQUALS:
                 return equals(attr, values);
@@ -36,7 +36,7 @@ static boolean test(Attribute attr, AuthorizationRequest ar, String... values) {
         }
     }
 
-    private static boolean sparqlQueryContains(Attribute attr, AuthorizationRequest ar, String[] inputValues) {
+    private static boolean sparqlQueryContains(Check attr, AuthorizationRequest ar, String[] inputValues) {
         Set<String> values = attr.getValues();
         final int valuesSize = values.size();
         if (valuesSize != 1) {
@@ -67,7 +67,7 @@ private static boolean sparqlQueryContains(Attribute attr, AuthorizationRequest
         return ProximityChecker.isAnyRelated(m, resourceUris, personUris, queryTemplate);
     }
 
-    private static boolean contains(Attribute attr, String... inputValues) {
+    private static boolean contains(Check attr, String... inputValues) {
         final Set<String> values = attr.getValues();
         for (String inputValue : inputValues) {
             if (values.contains(inputValue)) {
@@ -77,7 +77,7 @@ private static boolean contains(Attribute attr, String... inputValues) {
         return false;
     }
 
-    private static boolean equals(Attribute attr, String... inputValues) {
+    private static boolean equals(Check attr, String... inputValues) {
         Set<String> values = attr.getValues();
         final int valuesSize = values.size();
         if (valuesSize != 1) {
@@ -92,7 +92,7 @@ private static boolean equals(Attribute attr, String... inputValues) {
         return false;
     }
 
-    private static boolean startsWith(Attribute attr, String... inputValues) {
+    private static boolean startsWith(Check attr, String... inputValues) {
         Set<String> values = attr.getValues();
         final int valuesSize = values.size();
         if (valuesSize != 1) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Check.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Check.java
new file mode 100644
index 0000000000..0cecda3700
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Check.java
@@ -0,0 +1,29 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import java.util.Set;
+
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+
+public interface Check {
+
+    public void setUri(String uri);
+
+    public String getUri();
+
+    public boolean check(AuthorizationRequest ar);
+
+    public Attribute getAttributeType();
+
+    public CheckType getType();
+
+    Set<String> getValues();
+
+    public void addValue(String value);
+
+    public void setType(CheckType valueOf);
+
+    public long getComputationalCost();
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/CheckFactory.java
similarity index 57%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/CheckFactory.java
index d505f801b5..3ef6f42a52 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/CheckFactory.java
@@ -5,45 +5,45 @@
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import org.apache.jena.query.QuerySolution;
 
-public class AttributeFactory {
+public class CheckFactory {
 
-    public static Attribute createAttribute(QuerySolution qs) {
+    public static Check createCheck(QuerySolution qs) {
         String typeId = qs.getLiteral(PolicyLoader.TYPE_ID).getString();
-        String attributeUri = qs.getResource(PolicyLoader.ATTRIBUTE).getURI();
-        AttributeType type = AttributeType.valueOf(typeId);
+        String checkUri = qs.getResource(PolicyLoader.CHECK).getURI();
+        Attribute type = Attribute.valueOf(typeId);
         String testId = qs.getLiteral("testId").getString();
         String value = getValue(qs);
 
-        Attribute at = null;
+        Check at = null;
         switch (type) {
             case SUBJECT_ROLE_URI:
-                at = new SubjectRoleAttribute(attributeUri, value);
+                at = new SubjectRoleCheck(checkUri, value);
                 break;
             case OPERATION:
-                at = new OperationAttribute(attributeUri, value);
+                at = new OperationCheck(checkUri, value);
                 break;
             case ACCESS_OBJECT_URI:
-                at = new AccessObjectUriAttribute(attributeUri, value);
+                at = new AccessObjectUriCheck(checkUri, value);
                 break;
             case ACCESS_OBJECT_TYPE:
-                at = new AccessObjectTypeAttribute(attributeUri, value);
+                at = new AccessObjectTypeCheck(checkUri, value);
                 break;
             case SUBJECT_TYPE:
-                at = new SubjectTypeAttribute(attributeUri, value);
+                at = new SubjectTypeCheck(checkUri, value);
                 break;
             case STATEMENT_PREDICATE_URI:
-                at = new StatementPredicateUriAttribute(attributeUri, value);
+                at = new StatementPredicateUriCheck(checkUri, value);
                 break;
             case STATEMENT_SUBJECT_URI:
-                at = new StatementSubjectUriAttribute(attributeUri, value);
+                at = new StatementSubjectUriCheck(checkUri, value);
                 break;
             case STATEMENT_OBJECT_URI:
-                at = new StatementObjectUriAttribute(attributeUri, value);
+                at = new StatementObjectUriCheck(checkUri, value);
                 break;
             default:
                 at = null;
         }
-        at.setTestType(TestType.valueOf(testId));
+        at.setType(CheckType.valueOf(testId));
         return at;
     }
 
@@ -57,10 +57,10 @@ private static String getValue(QuerySolution qs) {
         }
     }
 
-    public static void extendAttribute(Attribute attribute, QuerySolution qs) throws Exception {
+    public static void extendAttribute(Check check, QuerySolution qs) throws Exception {
         String testId = qs.getLiteral("testId").getString();
-        if (TestType.ONE_OF.toString().equals(testId) || TestType.NOT_ONE_OF.toString().equals(testId)) {
-            attribute.addValue(getValue(qs));
+        if (CheckType.ONE_OF.toString().equals(testId) || CheckType.NOT_ONE_OF.toString().equals(testId)) {
+            check.addValue(getValue(qs));
             return;
         }
         throw new Exception();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/CheckType.java
similarity index 91%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/CheckType.java
index 613ee0fb1a..0c45e71d47 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/TestType.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/CheckType.java
@@ -2,7 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
-public enum TestType {
+public enum CheckType {
     EQUALS,
     NOT_EQUALS,
     ONE_OF,
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
deleted file mode 100644
index d504da5263..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationAttribute.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/* $This file is distributed under the terms of the license in LICENSE$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
-
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-public class OperationAttribute extends AbstractAttribute {
-
-    private static final Log log = LogFactory.getLog(OperationAttribute.class);
-
-    public OperationAttribute(String uri, String operation) {
-        super(uri, operation);
-    }
-
-    @Override
-    public boolean match(AuthorizationRequest ar) {
-        AccessOperation aop = ar.getAccessOperation();
-        final String inputValue = aop.toString();
-        if (AttributeValueTester.test(this, ar, inputValue)) {
-            log.debug("Attribute match requested operation '" + inputValue + "'");
-            return true;
-        }
-        log.debug("Attribute don't match requested operation '" + inputValue + "'");
-        return false;
-    }
-
-    @Override
-    public AttributeType getAttributeType() {
-        return AttributeType.OPERATION;
-    }
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationCheck.java
new file mode 100644
index 0000000000..7376a5b6e3
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationCheck.java
@@ -0,0 +1,34 @@
+/* $This file is distributed under the terms of the license in LICENSE$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class OperationCheck extends AbstractCheck {
+
+    private static final Log log = LogFactory.getLog(OperationCheck.class);
+
+    public OperationCheck(String uri, String operation) {
+        super(uri, operation);
+    }
+
+    @Override
+    public boolean check(AuthorizationRequest ar) {
+        AccessOperation aop = ar.getAccessOperation();
+        final String inputValue = aop.toString();
+        if (AttributeValueChecker.test(this, ar, inputValue)) {
+            log.debug("Checked operation match requested operation '" + inputValue + "'");
+            return true;
+        }
+        log.debug("Checked operation don't match requested operation '" + inputValue + "'");
+        return false;
+    }
+
+    @Override
+    public Attribute getAttributeType() {
+        return Attribute.OPERATION;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriCheck.java
similarity index 70%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriCheck.java
index f4bf0717a4..68276feec6 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriCheck.java
@@ -7,19 +7,19 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-public class StatementObjectUriAttribute extends AbstractAttribute {
+public class StatementObjectUriCheck extends AbstractCheck {
 
-    private static final Log log = LogFactory.getLog(StatementObjectUriAttribute.class);
+    private static final Log log = LogFactory.getLog(StatementObjectUriCheck.class);
 
-    public StatementObjectUriAttribute(String uri, String value) {
+    public StatementObjectUriCheck(String uri, String value) {
         super(uri, value);
     }
 
     @Override
-    public boolean match(AuthorizationRequest ar) {
+    public boolean check(AuthorizationRequest ar) {
         AccessObject ao = ar.getAccessObject();
         final String inputValue = ao.getStatementObject();
-        if (AttributeValueTester.test(this, ar, inputValue)) {
+        if (AttributeValueChecker.test(this, ar, inputValue)) {
             log.debug("Attribute value match requested statement object uri '" + inputValue + "'");
             return true;
         }
@@ -28,8 +28,8 @@ public boolean match(AuthorizationRequest ar) {
     }
 
     @Override
-    public AttributeType getAttributeType() {
-        return AttributeType.STATEMENT_OBJECT_URI;
+    public Attribute getAttributeType() {
+        return Attribute.STATEMENT_OBJECT_URI;
     }
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriCheck.java
similarity index 69%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriCheck.java
index 4956a51103..a62a322ce2 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriCheck.java
@@ -7,19 +7,19 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-public class StatementPredicateUriAttribute extends AbstractAttribute {
+public class StatementPredicateUriCheck extends AbstractCheck {
 
-    private static final Log log = LogFactory.getLog(StatementPredicateUriAttribute.class);
+    private static final Log log = LogFactory.getLog(StatementPredicateUriCheck.class);
 
-    public StatementPredicateUriAttribute(String uri, String value) {
+    public StatementPredicateUriCheck(String uri, String value) {
         super(uri, value);
     }
 
     @Override
-    public boolean match(AuthorizationRequest ar) {
+    public boolean check(AuthorizationRequest ar) {
         AccessObject ao = ar.getAccessObject();
         final String inputValue = ao.getStatementPredicateUri();
-        if (AttributeValueTester.test(this, ar, inputValue)) {
+        if (AttributeValueChecker.test(this, ar, inputValue)) {
             log.debug("Attribute value match requested statement predicate uri '" + inputValue + "'");
             return true;
         }
@@ -28,8 +28,8 @@ public boolean match(AuthorizationRequest ar) {
     }
 
     @Override
-    public AttributeType getAttributeType() {
-        return AttributeType.STATEMENT_PREDICATE_URI;
+    public Attribute getAttributeType() {
+        return Attribute.STATEMENT_PREDICATE_URI;
     }
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriCheck.java
similarity index 70%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriCheck.java
index 004f46d9b8..ec96cb62e3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriCheck.java
@@ -7,19 +7,19 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-public class StatementSubjectUriAttribute extends AbstractAttribute {
+public class StatementSubjectUriCheck extends AbstractCheck {
 
-    private static final Log log = LogFactory.getLog(StatementSubjectUriAttribute.class);
+    private static final Log log = LogFactory.getLog(StatementSubjectUriCheck.class);
 
-    public StatementSubjectUriAttribute(String uri, String value) {
+    public StatementSubjectUriCheck(String uri, String value) {
         super(uri, value);
     }
 
     @Override
-    public boolean match(AuthorizationRequest ar) {
+    public boolean check(AuthorizationRequest ar) {
         AccessObject ao = ar.getAccessObject();
         final String inputValue = ao.getStatementSubject();
-        if (AttributeValueTester.test(this, ar, inputValue)) {
+        if (AttributeValueChecker.test(this, ar, inputValue)) {
             log.debug("Attribute value match requested statement subject uri '" + inputValue + "'");
             return true;
         }
@@ -28,8 +28,8 @@ public boolean match(AuthorizationRequest ar) {
     }
 
     @Override
-    public AttributeType getAttributeType() {
-        return AttributeType.STATEMENT_SUBJECT_URI;
+    public Attribute getAttributeType() {
+        return Attribute.STATEMENT_SUBJECT_URI;
     }
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleCheck.java
similarity index 66%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleCheck.java
index e49561901d..3acf3a1fbe 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleCheck.java
@@ -8,18 +8,18 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-public class SubjectRoleAttribute extends AbstractAttribute {
+public class SubjectRoleCheck extends AbstractCheck {
 
-    private static final Log log = LogFactory.getLog(SubjectRoleAttribute.class);
+    private static final Log log = LogFactory.getLog(SubjectRoleCheck.class);
 
-    public SubjectRoleAttribute(String uri, String roleValue) {
+    public SubjectRoleCheck(String uri, String roleValue) {
         super(uri, roleValue);
     }
 
     @Override
-    public boolean match(AuthorizationRequest ar) {
+    public boolean check(AuthorizationRequest ar) {
         final List<String> inputValues = ar.getRoleUris();
-        if (AttributeValueTester.test(this, ar, inputValues.toArray(new String[0]))) {
+        if (AttributeValueChecker.test(this, ar, inputValues.toArray(new String[0]))) {
             log.debug("Attribute match requested '" + inputValues + "'");
             return true;
         }
@@ -28,8 +28,8 @@ public boolean match(AuthorizationRequest ar) {
     }
 
     @Override
-    public AttributeType getAttributeType() {
-        return AttributeType.SUBJECT_ROLE_URI;
+    public Attribute getAttributeType() {
+        return Attribute.SUBJECT_ROLE_URI;
     }
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeCheck.java
similarity index 73%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeCheck.java
index 7e052c9e7d..222974bd71 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeAttribute.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeCheck.java
@@ -8,19 +8,19 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-public class SubjectTypeAttribute extends AbstractAttribute {
+public class SubjectTypeCheck extends AbstractCheck {
 
-    private static final Log log = LogFactory.getLog(SubjectTypeAttribute.class);
+    private static final Log log = LogFactory.getLog(SubjectTypeCheck.class);
 
-    public SubjectTypeAttribute(String uri, String value) {
+    public SubjectTypeCheck(String uri, String value) {
         super(uri, value);
     }
 
     @Override
-    public boolean match(AuthorizationRequest ar) {
+    public boolean check(AuthorizationRequest ar) {
         IdentifierBundle ac_subject = ar.getIds();
         String inputValue = IsRootUser.isRootUser(ac_subject) ? "ROOT_USER" : "";
-        if (AttributeValueTester.test(this, ar, inputValue)) {
+        if (AttributeValueChecker.test(this, ar, inputValue)) {
             log.debug("Attribute subject type match requested object type '");
             return true;
         } else {
@@ -30,7 +30,7 @@ public boolean match(AuthorizationRequest ar) {
     }
 
     @Override
-    public AttributeType getAttributeType() {
-        return AttributeType.SUBJECT_TYPE;
+    public Attribute getAttributeType() {
+        return Attribute.SUBJECT_TYPE;
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 9c2ac7da4c..5320699fd8 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -14,7 +14,7 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.CheckFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRuleFactory;
@@ -119,7 +119,7 @@ public class PolicyLoader {
             + "?policy rdf:type ao:Policy .\n"
             + "?policy ao:rules ?rules . \n"
             + "?rules ao:rule ?rule . \n"
-            + "?rule ao:attribute ?attribute .\n"
+            + "?rule ao:check ?attribute .\n"
             + "OPTIONAL {\n"
             + "  ?attribute ao:operator ?attributeTest .\n"
             + "  OPTIONAL {\n"
@@ -158,8 +158,8 @@ public class PolicyLoader {
             + "    ?policyDataSets ao:policyDataSet ?dataSet .\n"
             + "    ?rules rdf:type ao:Rules .\n"
             + "    ?rules ao:rule ?rule .\n"
-            + "    ?rule ao:attribute ?attribute .\n"
-            + "    ?attribute rdf:type ao:Attribute .\n"
+            + "    ?rule ao:check ?attribute .\n"
+            + "    ?attribute rdf:type ao:Check .\n"
             + "    OPTIONAL {\n"
             + "      ?attribute ao:operator ?attributeTest .\n"
             + "      OPTIONAL {\n"
@@ -244,7 +244,7 @@ public class PolicyLoader {
     public static final String RULE = "rule";
     public static final String LITERAL_VALUE = "lit_value";
     public static final String ATTR_VALUE = "value";
-    public static final String ATTRIBUTE = "attribute";
+    public static final String CHECK = "attribute";
     public static final String TEST_ID = "testId";
     public static final String TYPE_ID = "typeId";
     private static PolicyLoader INSTANCE;
@@ -681,11 +681,11 @@ private static void populateRule(AccessRule ar, QuerySolution qs) throws Excepti
         }
         String attributeUri = qs.getResource("attribute").getURI();
         if (ar.containsAttributeUri(attributeUri)) {
-            AttributeFactory.extendAttribute(ar.getAttribute(attributeUri), qs);
+            CheckFactory.extendAttribute(ar.getAttribute(attributeUri), qs);
             return;
         }
         try {
-            ar.addAttribute(AttributeFactory.createAttribute(qs));
+            ar.addAttribute(CheckFactory.createCheck(qs));
         } catch (Exception e) {
             log.error(e, e);
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
index bb3f065bad..8852866cbb 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
@@ -5,8 +5,8 @@
 import java.util.List;
 import java.util.Set;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Check;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeType;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
 public interface AccessRule {
@@ -19,19 +19,19 @@ public interface AccessRule {
 
     public void setRuleUri(String ruleUri);
 
-    public List<Attribute> getAttributes();
+    public List<Check> getAttributes();
 
     public boolean match(AuthorizationRequest ar);
 
-    public void addAttribute(Attribute attr);
+    public void addAttribute(Check attr);
 
     public Set<String> getAttributeUris();
 
     public boolean containsAttributeUri(String uri);
 
-    public Set<Attribute> getAttributesByType(AttributeType type);
+    public Set<Check> getAttributesByType(Attribute type);
 
     public long getAttributesCount();
 
-    public Attribute getAttribute(String uri);
+    public Check getAttribute(String uri);
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
index a662c02792..b4110eec1f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
@@ -2,7 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.rules;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.CheckFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -20,7 +20,7 @@ public static AccessRule createRule(QuerySolution qs) {
         }
 
         ar.setRuleUri(ruleUri);
-        ar.addAttribute(AttributeFactory.createAttribute(qs));
+        ar.addAttribute(CheckFactory.createCheck(qs));
         if (qs.contains("decision_id") && qs.get("decision_id").isLiteral()) {
             String decisionId = qs.getLiteral("decision_id").getString();
             if (RuleDecision.DENY.toString().equals(decisionId)) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
index 457c3c52e1..b5b19a347a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
@@ -11,8 +11,8 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Check;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeType;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
@@ -21,9 +21,9 @@
 
 public class AccessRuleImpl implements AccessRule {
     private static final Log log = LogFactory.getLog(AccessRuleImpl.class);
-    protected Map<String, Attribute> attributeMap = new HashMap<>();
-    protected List<Attribute> attributes = new ArrayList<Attribute>();
-    private static final Comparator<Attribute> comparator = getAttributeComparator();
+    protected Map<String, Check> attributeMap = new HashMap<>();
+    protected List<Check> attributes = new ArrayList<Check>();
+    private static final Comparator<Check> comparator = getAttributeComparator();
 
     private boolean allowMatched = true;
     private String ruleUri;
@@ -44,13 +44,13 @@ public void setRuleUri(String ruleUri) {
         this.ruleUri = ruleUri;
     }
 
-    public List<Attribute> getAttributes() {
+    public List<Check> getAttributes() {
         return attributes;
     }
 
     public boolean match(AuthorizationRequest ar) {
-        for (Attribute attribute : attributes) {
-            if (!attribute.match(ar)) {
+        for (Check attribute : attributes) {
+            if (!attribute.check(ar)) {
                 if (log.isDebugEnabled()) {
                     log.debug(String.format("Attribute %s didn't match", attribute.getUri()));
                 }
@@ -60,7 +60,7 @@ public boolean match(AuthorizationRequest ar) {
         return true;
     }
 
-    public void addAttribute(Attribute attr) {
+    public void addAttribute(Check attr) {
         if (attributeMap.containsKey(attr.getUri())) {
             log.error(String.format("attribute %s already exists in the rule", attr.getUri()));
         }
@@ -101,7 +101,7 @@ public boolean containsAttributeUri(String uri) {
         return attributeMap.containsKey(uri);
     }
 
-    public Set<Attribute> getAttributesByType(AttributeType type) {
+    public Set<Check> getAttributesByType(Attribute type) {
         return getAttributes().stream().filter(a -> a.getAttributeType().equals(type)).collect(Collectors.toSet());
     }
 
@@ -109,14 +109,14 @@ public long getAttributesCount() {
         return attributes.size();
     }
 
-    public Attribute getAttribute(String uri) {
+    public Check getAttribute(String uri) {
         return attributeMap.get(uri);
     }
 
-    private static Comparator<Attribute> getAttributeComparator() {
-        return new Comparator<Attribute>() {
+    private static Comparator<Check> getAttributeComparator() {
+        return new Comparator<Check>() {
             @Override
-            public int compare(Attribute latt, Attribute ratt) {
+            public int compare(Check latt, Check ratt) {
                 if (latt.getComputationalCost() > ratt.getComputationalCost()) {
                     return -1;
                 } else if (latt.getComputationalCost() < ratt.getComputationalCost()) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 3dde450584..f2d424832c 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -9,7 +9,7 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Check;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
@@ -104,7 +104,7 @@ protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<
                 }
             }
             assertTrue(attrCount.contains(ar.getAttributes().size()));
-            for (Attribute att : ar.getAttributes()) {
+            for (Check att : ar.getAttributes()) {
                 assertTrue(att.getValues().size() > 0);
             }
         }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
index e27bab4ad0..0171b90df7 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
@@ -4,9 +4,9 @@
 
 import java.util.List;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectUriAttribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.TestType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectUriCheck;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Check;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.CheckType;
 import org.junit.Test;
 
 public class AccessRuleTest {
@@ -14,16 +14,16 @@ public class AccessRuleTest {
     @Test
     public void testAttributeOrderByComputationalCost() {
         AccessRule rule = new AccessRuleImpl();
-        Attribute cheapAttribute = new AccessObjectUriAttribute("test:cheapAttributeUri", "test:objectUri");
-        cheapAttribute.setTestType(TestType.EQUALS);
-        Attribute affordableAttribute = new AccessObjectUriAttribute("test:affordableAttributeUri", "test:objectUri");
-        cheapAttribute.setTestType(TestType.ONE_OF);
-        Attribute expensiveAttribute = new AccessObjectUriAttribute("test:expensiveAttributeUri", "test:objectUri");
-        cheapAttribute.setTestType(TestType.SPARQL_SELECT_QUERY_CONTAINS);
+        Check cheapAttribute = new AccessObjectUriCheck("test:cheapAttributeUri", "test:objectUri");
+        cheapAttribute.setType(CheckType.EQUALS);
+        Check affordableAttribute = new AccessObjectUriCheck("test:affordableAttributeUri", "test:objectUri");
+        cheapAttribute.setType(CheckType.ONE_OF);
+        Check expensiveAttribute = new AccessObjectUriCheck("test:expensiveAttributeUri", "test:objectUri");
+        cheapAttribute.setType(CheckType.SPARQL_SELECT_QUERY_CONTAINS);
         rule.addAttribute(affordableAttribute);
         rule.addAttribute(expensiveAttribute);
         rule.addAttribute(cheapAttribute);
-        List<Attribute> list = rule.getAttributes();
+        List<Check> list = rule.getAttributes();
         assertEquals(cheapAttribute.getUri(), list.get(0).getUri());
         assertEquals(affordableAttribute.getUri(), list.get(1).getUri());
         assertEquals(expensiveAttribute.getUri(), list.get(2).getUri());
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
index 380380784a..a4cc5d2929 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
@@ -15,9 +15,9 @@ ai:ProximityRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowPersonEditOwnPublication .
           
 ai:AllowPersonEditOwnPublication rdf:type ao:Rule ;
-          ao:attribute ai:PublicationInProximityAttribute .
+          ao:check ai:PublicationInProximityAttribute .
           
-ai:PublicationInProximityAttribute rdf:type ao:Attribute ;
+ai:PublicationInProximityAttribute rdf:type ao:Check ;
          ao:operator ai:SparqlSelectQueryContains ;
          ao:type ai:StatementSubjectUri ;
          ao:value ai:PublicationProximityToPerson .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
index 06d7677d66..12c37ec4d6 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
@@ -15,14 +15,14 @@ ai:BrokenTestPolicyRuleSet rdf:type ao:Rules ;
           ao:rule ai:BrokenTestRule .
           
 ai:BrokenTestRule rdf:type ao:Rule ;
-          ao:attribute ai:ValidTestAttribute ;
-          ao:attribute ai:BrokenTestAttribute .
+          ao:check ai:ValidTestAttribute ;
+          ao:check ai:BrokenTestAttribute .
           
-ai:BrokenTestAttribute rdf:type ao:Attribute ;
+ai:BrokenTestAttribute rdf:type ao:Check ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
          
-ai:ValidTestAttribute rdf:type ao:Attribute ;
+ai:ValidTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
index 137ddb92bd..3a45999ad6 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
@@ -15,14 +15,14 @@ ai:BrokenTestPolicyRuleSet rdf:type ao:Rules ;
           ao:rule ai:BrokenTestRule .
           
 ai:BrokenTestRule rdf:type ao:Rule ;
-          ao:attribute ai:ValidTestAttribute ;
-          ao:attribute ai:BrokenTestAttribute .
+          ao:check ai:ValidTestAttribute ;
+          ao:check ai:BrokenTestAttribute .
           
-ai:BrokenTestAttribute rdf:type ao:Attribute ;
+ai:BrokenTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:value ai:PublishOperation .
          
-ai:ValidTestAttribute rdf:type ao:Attribute ;
+ai:ValidTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
index a30ef6d6af..9384cab90f 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
@@ -15,15 +15,15 @@ ai:BrokenTestPolicyRuleSet rdf:type ao:Rules ;
           ao:rule ai:BrokenTestRule .
           
 ai:BrokenTestRule rdf:type ao:Rule ;
-          ao:attribute ai:ValidTestAttribute ;
-          ao:attribute ai:BrokenTestAttribute .
+          ao:check ai:ValidTestAttribute ;
+          ao:check ai:BrokenTestAttribute .
           
-ai:BrokenTestAttribute rdf:type ao:Attribute ;
+ai:BrokenTestAttribute rdf:type ao:Check ;
          ao:operator ai:UnknownTest ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
          
-ai:ValidTestAttribute rdf:type ao:Attribute ;
+ai:ValidTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
index b4f19fffe2..aa2f58e0c2 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
@@ -15,15 +15,15 @@ ai:BrokenTestPolicyRuleSet rdf:type ao:Rules ;
           ao:rule ai:BrokenTestRule .
           
 ai:BrokenTestRule rdf:type ao:Rule ;
-          ao:attribute ai:ValidTestAttribute ;
-          ao:attribute ai:BrokenTestAttribute .
+          ao:check ai:ValidTestAttribute ;
+          ao:check ai:BrokenTestAttribute .
           
-ai:BrokenTestAttribute rdf:type ao:Attribute ;
+ai:BrokenTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:UnknownType ;
          ao:value ai:PublishOperation .
          
-ai:ValidTestAttribute rdf:type ao:Attribute ;
+ai:ValidTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index eb8d433153..b38755699d 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -16,15 +16,15 @@ ai:BrokenRuleSet rdf:type ao:Rules ;
           ao:rule ai:BrokenRule .
           
 ai:BrokenRule rdf:type ao:Rule ;
-          ao:attribute ai:BrokenAttribute1 ;
-          ao:attribute ai:BrokenAttribute2 .
+          ao:check ai:BrokenAttribute1 ;
+          ao:check ai:BrokenAttribute2 .
           
-ai:BrokenAttribute1 rdf:type ao:Attribute ;
+ai:BrokenAttribute1 rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:ObjectUri ;
          ao:setValue ai:valueSet1 .
          
-ai:BrokenAttribute2 rdf:type ao:Attribute ;
+ai:BrokenAttribute2 rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:ObjectUri ;
          ao:setValue ai:valueSet2 .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index 3e7adc4805..95fc71d843 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -16,16 +16,16 @@ ai:BrokenRuleSet rdf:type ao:Rules ;
     ao:rule ai:BrokenRule .
     
 ai:BrokenRule rdf:type ao:Rule ;
-    ao:attribute ai:BrokenSetAttribute1 ;
-    ao:attribute ai:BrokenSetAttribute2 .
+    ao:check ai:BrokenSetAttribute1 ;
+    ao:check ai:BrokenSetAttribute2 .
     
-ai:BrokenSetAttribute1 rdf:type ao:Attribute ;
+ai:BrokenSetAttribute1 rdf:type ao:Check ;
     ao:operator ai:NotOneOf ;
     ao:type ai:ObjectUri ;
     ao:templateValue ai:AttributeValueSet1 ;
     .
     
-ai:BrokenSetAttribute2 rdf:type ao:Attribute ;
+ai:BrokenSetAttribute2 rdf:type ao:Check ;
     ao:operator ai:NotOneOf ;
     ao:type ai:ObjectUri ;
     ao:templateValue ai:AttributeValueSet2 .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
index c718a6c7ac..8e3a1a1abd 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -16,9 +16,9 @@ ai:KeyTestRuleSet rdf:type ao:Rules ;
           ao:rule ai:KeyTestRule .
           
 ai:KeyTestRule rdf:type ao:Rule ;
-          ao:attribute ai:KeyTestAttribute .
+          ao:check ai:KeyTestAttribute .
           
-ai:KeyTestAttribute rdf:type ao:Attribute ;
+ai:KeyTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
index 9ec236dc09..484aa95d78 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
@@ -15,9 +15,9 @@ ai:ValidRuleSet rdf:type ao:Rules ;
           ao:rule ai:ValidRule .
           
 ai:ValidRule rdf:type ao:Rule ;
-          ao:attribute ai:ValidAttribute .
+          ao:check ai:ValidAttribute .
           
-ai:ValidAttribute rdf:type ao:Attribute ;
+ai:ValidAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index 5d9c04208e..8c393298ee 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -16,10 +16,10 @@ ai:ValidRuleSet rdf:type ao:Rules ;
       ao:rule ai:ValidRule .
       
 ai:ValidRule rdf:type ao:Rule ;
-      ao:attribute ai:ValidAttribute1 ;
-      ao:attribute ai:ValidAttribute2 .
+      ao:check ai:ValidAttribute1 ;
+      ao:check ai:ValidAttribute2 .
       
-ai:ValidAttribute1 rdf:type ao:Attribute ;
+ai:ValidAttribute1 rdf:type ao:Check ;
      ao:operator ai:Equals ;
      ao:type ai:AccessObjectUri ;
      ao:templateValue ai:AttributeValueSet1 ;
@@ -30,7 +30,7 @@ ai:AttributeValueSet1 a ao:AttributeValueSet  ;
      ao:attributeValue ai:valueSet3 ;
      .
      
-ai:ValidAttribute2 rdf:type ao:Attribute ;
+ai:ValidAttribute2 rdf:type ao:Check ;
      ao:operator ai:Equals ;
      ao:type ai:AccessObjectUri ;
      ao:templateValue ai:AttributeValueSet2 ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3 b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
index a63f98bf6c..301cabc2b5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
@@ -11,37 +11,37 @@
 ###########################################################################
 ### Subject attributes
 
-ai:IsRootUserAttribute rdf:type ao:Attribute ;
+ai:IsRootUserAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:SubjectType ;
          ao:value ai:RootUserSubject .
 
-ai:SubjectRoleEqualsAdminRoleAttribute rdf:type ao:Attribute ;
+ai:SubjectRoleEqualsAdminRoleAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:SubjectRole ;
          ao:value auth:ADMIN .
          
-ai:SubjectRoleEqualsCuratorRoleAttribute rdf:type ao:Attribute ;
+ai:SubjectRoleEqualsCuratorRoleAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:SubjectRole ;
          ao:value auth:CURATOR .
 
-ai:SubjectRoleEqualsEditorRoleAttribute rdf:type ao:Attribute ;
+ai:SubjectRoleEqualsEditorRoleAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:SubjectRole ;
          ao:value auth:EDITOR .
 
-ai:SubjectRoleEqualsSelfEditorRoleAttribute rdf:type ao:Attribute ;
+ai:SubjectRoleEqualsSelfEditorRoleAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:SubjectRole ;
          ao:value auth:SELF_EDITOR .
 
-ai:SubjectRoleEqualsPublicRoleAttribute rdf:type ao:Attribute ;
+ai:SubjectRoleEqualsPublicRoleAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:SubjectRole ;
          ao:value auth:PUBLIC .
          
-ai:SubjectRoleOneOfEditorsAttribute rdf:type ao:Attribute ;
+ai:SubjectRoleOneOfEditorsAttribute rdf:type ao:Check ;
          ao:operator ai:OneOf ;
          ao:type ai:SubjectRole ;
          ao:value auth:ADMIN ;
@@ -51,37 +51,37 @@ ai:SubjectRoleOneOfEditorsAttribute rdf:type ao:Attribute ;
 ###########################################################################
 ### Operation attributes
 
-ai:DisplayOperationAttribute rdf:type ao:Attribute ;
+ai:DisplayOperationAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:DisplayOperation .
          
-ai:PublishOperationAttribute rdf:type ao:Attribute ;
+ai:PublishOperationAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:PublishOperation .
          
-ai:UpdateOperationAttribute rdf:type ao:Attribute ;
+ai:UpdateOperationAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:UpdateOperation .
          
-ai:EditOperationAttribute rdf:type ao:Attribute ;
+ai:EditOperationAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:EditOperation .
          
-ai:DropOperationAttribute rdf:type ao:Attribute ;
+ai:DropOperationAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:DropOperation .
          
-ai:AddOperationAttribute rdf:type ao:Attribute ;
+ai:AddOperationAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:Operation ;
          ao:value ai:AddOperation .
          
-ai:UpdateAddEditOrDropOperationsAttribute rdf:type ao:Attribute ;
+ai:UpdateAddEditOrDropOperationsAttribute rdf:type ao:Check ;
          ao:operator ai:OneOf ;
          ao:type ai:Operation ;
          ao:value ai:UpdateOperation ;
@@ -92,52 +92,52 @@ ai:UpdateAddEditOrDropOperationsAttribute rdf:type ao:Attribute ;
 ###########################################################################
 ### Object attributes
 
-ai:ObjectPropertyTypeAttribute rdf:type ao:Attribute ;
+ai:ObjectPropertyTypeAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:ObjectPropertyAccesObject .
 
-ai:DataPropertyTypeAttribute rdf:type ao:Attribute ;
+ai:DataPropertyTypeAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:DataPropertyAccesObject .
 
-ai:ObjectPropertyStatementTypeAttribute rdf:type ao:Attribute ;
+ai:ObjectPropertyStatementTypeAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:ObjectPropertyStatementAccesObject .
          
-ai:DataPropertyStatementTypeAttribute rdf:type ao:Attribute ;
+ai:DataPropertyStatementTypeAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:DataPropertyStatementAccesObject .
 
-ai:FauxObjectPropertyStatementTypeAttribute rdf:type ao:Attribute ;
+ai:FauxObjectPropertyStatementTypeAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:FauxObjectPropertyStatementAccesObject .
          
-ai:FauxDataPropertyStatementTypeAttribute rdf:type ao:Attribute ;
+ai:FauxDataPropertyStatementTypeAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:FauxDataPropertyStatementAccesObject .
 
-ai:NamedObjectTypeAttribute rdf:type ao:Attribute ;
+ai:NamedObjectTypeAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:NamedObject .
          
-ai:ClassTypeAttribute rdf:type ao:Attribute ;
+ai:ClassTypeAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:Class .
          
-ai:FauxObjectPropertyTypeAttribute rdf:type ao:Attribute ;
+ai:FauxObjectPropertyTypeAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:FauxObjectPropertyAccesObject .
 
-ai:FauxDataPropertyTypeAttribute rdf:type ao:Attribute ;
+ai:FauxDataPropertyTypeAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:AccessObjectType ;
          ao:value ai:FauxDataPropertyAccesObject .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3 b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
index ab7b0c066e..2ac1c0ae19 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
@@ -37,7 +37,7 @@ ao:Rules a owl:Class ;
 ao:PolicyKey a owl:Class ;
      rdfs:label "Policy key"@en-US .
 
-ao:Attribute a owl:Class ;
+ao:Check a owl:Class ;
      rdfs:label "Access rule attribute"@en-US .
      
 ao:Operator a owl:Class ;
@@ -68,7 +68,7 @@ ao:Decision a owl:Class ;
 
 ao:attributeName a owl:DatatypeProperty ,
             owl:FunctionalProperty ;
-            rdfs:domain ao:Attribute ;
+            rdfs:domain ao:Check ;
             rdfs:range xsd:string ;
             rdfs:label "Attribute name"@en-US .
 
@@ -90,9 +90,9 @@ ao:priority a owl:DatatypeProperty ,
             
 #### Object properties
 
-ao:attribute a owl:ObjectProperty ;
+ao:check a owl:ObjectProperty ;
           rdfs:domain ao:Rule ;
-          rdfs:range ao:Attribute .
+          rdfs:range ao:Check .
           
 ao:decision a owl:ObjectProperty ;
           rdfs:domain ao:Rule ;
@@ -116,10 +116,10 @@ ao:containerType a owl:ObjectProperty ;
 ao:uri a owl:ObjectProperty .
 
 ao:value a owl:ObjectProperty ;
-          rdfs:domain ao:Attribute .
+          rdfs:domain ao:Check .
           
 ao:setValue a owl:ObjectProperty ;
-          rdfs:domain ao:Attribute .          
+          rdfs:domain ao:Check .          
     
 ao:operation a owl:ObjectProperty ;
           rdfs:domain ao:Rule ;
@@ -130,7 +130,7 @@ ao:rule a owl:ObjectProperty ;
           rdfs:range ao:Rule .
           
 ao:test a owl:ObjectProperty ;
-          rdfs:domain ao:Attribute ;
+          rdfs:domain ao:Check ;
           rdfs:range ao:Operator .
           
 ao:keyComponent a owl:ObjectProperty .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index b6c84a4eb2..9d0ee837ab 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -15,31 +15,31 @@ ai:EditIndividualPagesRuleSet rdf:type ao:Rules ;
     ao:rule ai:AllowEditIndividualPagesRule .
 
 ai:AllowEditIndividualPagesRule rdf:type ao:Rule;
-    ao:attribute ai:SubjectRoleOneOfEditorsAttribute ;
-    ao:attribute ai:AddOperationAttribute ;
-    ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-    ao:attribute ai:SomeObjectUriAttribute ;
-    ao:attribute ai:SomePredicateAttribute .
+    ao:check ai:SubjectRoleOneOfEditorsAttribute ;
+    ao:check ai:AddOperationAttribute ;
+    ao:check ai:ObjectPropertyStatementTypeAttribute ;
+    ao:check ai:SomeObjectUriAttribute ;
+    ao:check ai:SomePredicateAttribute .
 
 ai:AllowEditRelatedPagesRule rdf:type ao:Rule;
-    ao:attribute ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
-    ao:attribute ai:StatementObjectUriContainsSelfEditorResourceAttribute;
-    ao:attribute ai:AddOperationAttribute ;
-    ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-    ao:attribute ai:SomeObjectUriAttribute ;
-    ao:attribute ai:SomePredicateAttribute .
-
-ai:SomePredicateAttribute rdf:type ao:Attribute ;
+    ao:check ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+    ao:check ai:StatementObjectUriContainsSelfEditorResourceAttribute;
+    ao:check ai:AddOperationAttribute ;
+    ao:check ai:ObjectPropertyStatementTypeAttribute ;
+    ao:check ai:SomeObjectUriAttribute ;
+    ao:check ai:SomePredicateAttribute .
+
+ai:SomePredicateAttribute rdf:type ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:StatementPredicateUri ;
     ao:value ai:SomeUriTestData .
 
-ai:SomeObjectUriAttribute rdf:type ao:Attribute ;
+ai:SomeObjectUriAttribute rdf:type ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:StatementObjectUri ;
     ao:value ai:SomeUriTestData .
 
-ai:StatementObjectUriContainsSelfEditorResourceAttribute rdf:type ao:Attribute ;
+ai:StatementObjectUriContainsSelfEditorResourceAttribute rdf:type ao:Check ;
     ao:operator ai:SparqlSelectQueryContains ;
     ao:type ai:StatementSubjectUri ;
     ao:value ai:PersonProfileProximityToResourceUri .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
index bd92ce04f4..3660763951 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
@@ -18,24 +18,24 @@ ai:RestrictHomeMenuItemsEditingRuleSet rdf:type ao:Rules ;
           
 ai:RestrictEditHomeMenuItems rdf:type ao:Rule ;
           ao:decision ai:Deny ;
-          ao:attribute ai:EditOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute ;
-          ao:attribute ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute .
+          ao:check ai:EditOperationAttribute ;
+          ao:check ai:ObjectPropertyStatementTypeAttribute ;
+          ao:check ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute ;
+          ao:check ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute .
           
 ai:RestrictDropHomeMenuItems rdf:type ao:Rule ;
           ao:decision ai:Deny ;
-          ao:attribute ai:DropOperationAttribute ;
-          ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-          ao:attribute ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute ;
-          ao:attribute ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute .
+          ao:check ai:DropOperationAttribute ;
+          ao:check ai:ObjectPropertyStatementTypeAttribute ;
+          ao:check ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute ;
+          ao:check ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute .
           
-ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute rdf:type ao:Attribute ;
+ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:StatementPredicateUri ;
          ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem> .
 
-ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute rdf:type ao:Attribute ;
+ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
          ao:type ai:StatementObjectUri ;
          ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
index 17136dc769..5e3c605b2d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
@@ -27,61 +27,61 @@ ai:NotModifiableStatementsRuleSet a ao:Rules ;
 
 ai:RestrictObjectPropertyStatementsWithNotModifiableSubject a ao:Rule ;
     ao:decision ai:Deny ;
-    ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-    ao:attribute ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute ;
-    ao:attribute ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions .
+    ao:check ai:ObjectPropertyStatementTypeAttribute ;
+    ao:check ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute ;
+    ao:check ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions .
 
 ai:RestrictObjectPropertyStatementsWithNotModifiablePredicate a ao:Rule ;
     ao:decision ai:Deny ;
-    ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-    ao:attribute ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute ;
-    ao:attribute ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions .
+    ao:check ai:ObjectPropertyStatementTypeAttribute ;
+    ao:check ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute ;
+    ao:check ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions .
 
 ai:RestrictObjectPropertyStatementsWithNotModifiableObject a ao:Rule ;
     ao:decision ai:Deny ;
-    ao:attribute ai:ObjectPropertyStatementTypeAttribute ;
-    ao:attribute ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute ;
-    ao:attribute ai:PropertyStatementObjectUriEqualsToProhibitedExceptions .
+    ao:check ai:ObjectPropertyStatementTypeAttribute ;
+    ao:check ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute ;
+    ao:check ai:PropertyStatementObjectUriEqualsToProhibitedExceptions .
 
 ai:RestrictDataPropertyStatementsWithNotModifiableSubject a ao:Rule ;
     ao:decision ai:Deny ;
-    ao:attribute ai:DataPropertyStatementTypeAttribute ;
-    ao:attribute ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute ;
-    ao:attribute ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions .
+    ao:check ai:DataPropertyStatementTypeAttribute ;
+    ao:check ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute ;
+    ao:check ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions .
 
 ai:RestrictDataPropertyStatementsWithNotModifiablePredicate a ao:Rule ;
     ao:decision ai:Deny ;
-    ao:attribute ai:DataPropertyStatementTypeAttribute ;
-    ao:attribute ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute ;
-    ao:attribute ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions .
+    ao:check ai:DataPropertyStatementTypeAttribute ;
+    ao:check ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute ;
+    ao:check ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions .
 
 ### Not modifiable property statement attributes
-ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute a ao:Attribute ;
+ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute a ao:Check ;
     ao:operator ai:StartsWith ;
     ao:type ai:StatementPredicateUri ;
     ao:templateValue ai:ProhibitedNamespaceValueSet .
 
-ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions a ao:Attribute ;
+ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions a ao:Check ;
     ao:operator ai:NotOneOf ;
     ao:type ai:StatementPredicateUri ;
     ao:templateValue ai:ProhibitedNamespaceExceptionsValueSet .
     
-ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute a ao:Attribute ;
+ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute a ao:Check ;
     ao:operator ai:StartsWith ;
     ao:type ai:StatementSubjectUri ;
     ao:templateValue ai:ProhibitedNamespaceValueSet .
 
-ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions a ao:Attribute ;
+ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions a ao:Check ;
     ao:operator ai:NotOneOf ;
     ao:type ai:StatementSubjectUri ;
     ao:templateValue ai:ProhibitedNamespaceExceptionsValueSet .    
     
-ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute a ao:Attribute ;
+ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute a ao:Check ;
     ao:operator ai:StartsWith ;
     ao:type ai:StatementObjectUri ;
     ao:templateValue ai:ProhibitedNamespaceValueSet .
 
-ai:PropertyStatementObjectUriEqualsToProhibitedExceptions a ao:Attribute ;
+ai:PropertyStatementObjectUriEqualsToProhibitedExceptions a ao:Check ;
     ao:operator ai:NotOneOf ;
     ao:type ai:StatementObjectUri ;
     ao:templateValue ai:ProhibitedNamespaceExceptionsValueSet .  
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
index 1192d1749f..75702bbba5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
@@ -16,5 +16,5 @@ ai:RootRuleSet rdf:type ao:Rules ;
           ao:rule ai:AllowRootUserRule .
           
 ai:AllowRootUserRule rdf:type ao:Rule;
-          ao:attribute ai:IsRootUserAttribute .
+          ao:check ai:IsRootUserAttribute .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index e342c8eace..1c48e1c0b0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -234,12 +234,12 @@
     ao:rule :AllowMatchingClass .
 
 :AllowMatchingClass a ao:Rule;
-    ao:attribute :SubjectRoleCheck ;
-    ao:attribute :OperationCheck ;
-    ao:attribute :AccessObjectTypeCheck ;
-    ao:attribute :AccessObjectUriCheck .
+    ao:check :SubjectRoleCheck ;
+    ao:check :OperationCheck ;
+    ao:check :AccessObjectTypeCheck ;
+    ao:check :AccessObjectUriCheck .
 
-:AccessObjectTypeCheck rdf:type ao:Attribute ;
+:AccessObjectTypeCheck rdf:type ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:AccessObjectType ;
     ao:templateValue :AccessObjectTypeValueSet .
@@ -248,7 +248,7 @@
     ao:attributeValue ai:ClassAccesObjectValueContainer ;
     .
 
-:OperationCheck a ao:Attribute ;
+:OperationCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:Operation ;
     ao:templateValue :OperationValueSet .
@@ -259,7 +259,7 @@
     ao:attributeValue ai:UpdateOperationValueContainer ;
     .
 
-:SubjectRoleCheck a ao:Attribute ;
+:SubjectRoleCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:SubjectRole ;
     ao:templateValue :RoleValueSet .
@@ -271,7 +271,7 @@
     ao:attributeValue ai:CuratorRoleValueContainer ;
     ao:attributeValue ai:AdminRoleValueContainer .
 
-:AccessObjectUriCheck a ao:Attribute ;
+:AccessObjectUriCheck a ao:Check ;
     ao:operator ai:OneOf ;
     ao:type ai:AccessObjectUri ;
     ao:templateValue :AllowedClassUriValueSet .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 9c57ac7e00..174730d77e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -1143,12 +1143,12 @@
     ao:rule :AllowMatchingProperty .
 
 :AllowMatchingProperty a ao:Rule;
-    ao:attribute :SubjectRoleEqualsDataSetRoleAttribute ;
-    ao:attribute :OperationEqualsDataSetOperation ;
-    ao:attribute :AccessObjectTypeEqualsDataSetValue ;
-    ao:attribute :AccessObjectUriContainsInDataSet .
+    ao:check :SubjectRoleEqualsDataSetRoleAttribute ;
+    ao:check :OperationEqualsDataSetOperation ;
+    ao:check :AccessObjectTypeEqualsDataSetValue ;
+    ao:check :AccessObjectUriContainsInDataSet .
 
-:AccessObjectTypeEqualsDataSetValue rdf:type ao:Attribute ;
+:AccessObjectTypeEqualsDataSetValue rdf:type ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:AccessObjectType ;
     ao:templateValue :AccessObjectTypeValueSet .
@@ -1161,13 +1161,13 @@
     .
 
 :AllowMatchingPropertyStatement a ao:Rule;
-    ao:attribute :SubjectRoleEqualsDataSetRoleAttribute ;
-    ao:attribute :OperationEqualsDataSetOperation ;
-    ao:attribute :AccessObjectTypeStatementEquals ;
-    ao:attribute :StatementPredicateEquals ;
+    ao:check :SubjectRoleEqualsDataSetRoleAttribute ;
+    ao:check :OperationEqualsDataSetOperation ;
+    ao:check :AccessObjectTypeStatementEquals ;
+    ao:check :StatementPredicateEquals ;
     .
 
-:AccessObjectTypeStatementEquals rdf:type ao:Attribute ;
+:AccessObjectTypeStatementEquals rdf:type ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:AccessObjectType ;
     ao:templateValue :StatementAccessObjectTypeValueSet .
@@ -1179,7 +1179,7 @@
     ao:attributeValue ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     .
 
-:OperationEqualsDataSetOperation a ao:Attribute ;
+:OperationEqualsDataSetOperation a ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:Operation ;
     ao:templateValue :OperationValueSet .
@@ -1192,7 +1192,7 @@
     ao:attributeValue ai:DropOperationValueContainer ;
     .
 
-:SubjectRoleEqualsDataSetRoleAttribute a ao:Attribute ;
+:SubjectRoleEqualsDataSetRoleAttribute a ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:SubjectRole ;
     ao:templateValue :RoleValueSet .
@@ -1203,12 +1203,12 @@
     ao:attributeValue ai:CuratorRoleValueContainer ;
     ao:attributeValue ai:AdminRoleValueContainer .
 
-:StatementPredicateEquals a ao:Attribute ;
+:StatementPredicateEquals a ao:Check ;
     ao:operator ai:OneOf ;
     ao:type ai:StatementPredicateUri ;
     ao:templateValue :AllowedPropertyUriValueSet .
 
-:AccessObjectUriContainsInDataSet a ao:Attribute ;
+:AccessObjectUriContainsInDataSet a ao:Check ;
     ao:operator ai:OneOf ;
     ao:type ai:AccessObjectUri ;
     ao:templateValue :AllowedPropertyUriValueSet .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 550ec6d675..69187ddec3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -151,12 +151,12 @@
     ao:rule :AllowMatchingProperty .
 
 :AllowMatchingProperty a ao:Rule;
-    ao:attribute :SubjectRoleCheck ;
-    ao:attribute :OperationCheck ;
-    ao:attribute :AccessObjectTypeCheck ;
-    ao:attribute :AccessObjectUriCheck .
+    ao:check :SubjectRoleCheck ;
+    ao:check :OperationCheck ;
+    ao:check :AccessObjectTypeCheck ;
+    ao:check :AccessObjectUriCheck .
 
-:AccessObjectTypeCheck rdf:type ao:Attribute ;
+:AccessObjectTypeCheck rdf:type ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:AccessObjectType ;
     ao:templateValue :AccessObjectTypeValueSet .
@@ -169,13 +169,13 @@
     .
 
 :AllowMatchingPropertyStatement a ao:Rule;
-    ao:attribute :SubjectRoleCheck ;
-    ao:attribute :OperationCheck ;
-    ao:attribute :AccessObjectStatementTypeCheck ;
-    ao:attribute :StatementPredicateCheck ;
+    ao:check :SubjectRoleCheck ;
+    ao:check :OperationCheck ;
+    ao:check :AccessObjectStatementTypeCheck ;
+    ao:check :StatementPredicateCheck ;
     .
 
-:AccessObjectStatementTypeCheck rdf:type ao:Attribute ;
+:AccessObjectStatementTypeCheck rdf:type ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:AccessObjectType ;
     ao:templateValue :StatementAccessObjectTypeValueSet .
@@ -187,7 +187,7 @@
     ao:attributeValue ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     .
 
-:OperationCheck a ao:Attribute ;
+:OperationCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:Operation ;
     ao:templateValue :OperationValueSet .
@@ -197,7 +197,7 @@
     ao:attributeValue ai:PublishOperationValueContainer ;
     .
 
-:SubjectRoleCheck a ao:Attribute ;
+:SubjectRoleCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:SubjectRole ;
     ao:templateValue :RoleValueSet .
@@ -205,12 +205,12 @@
 :RoleValueSet a ao:AttributeValueSet ;
     ao:attributeValue ai:SelfEditorRoleValueContainer .
 
-:StatementPredicateCheck a ao:Attribute ;
+:StatementPredicateCheck a ao:Check ;
     ao:operator ai:OneOf ;
     ao:type ai:StatementPredicateUri ;
     ao:templateValue :AllowedPropertyUriValueSet .
 
-:AccessObjectUriCheck a ao:Attribute ;
+:AccessObjectUriCheck a ao:Check ;
     ao:operator ai:OneOf ;
     ao:type ai:AccessObjectUri ;
     ao:templateValue :AllowedPropertyUriValueSet .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 9973d22226..92135b84f4 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -89,11 +89,11 @@
     ao:rule :AllowSimplePermission .
       
 :AllowSimplePermission a ao:Rule;
-    ao:attribute ai:NamedObjectTypeAttribute ;
-    ao:attribute :PermissionNameAllowed ;
-    ao:attribute :SubjectRoleEqualsDataSetRole .
+    ao:check ai:NamedObjectTypeAttribute ;
+    ao:check :PermissionNameAllowed ;
+    ao:check :SubjectRoleEqualsDataSetRole .
       
-:PermissionNameAllowed a ao:Attribute ;
+:PermissionNameAllowed a ao:Check ;
     ao:operator ai:OneOf ;
     ao:type ai:AccessObjectUri ;
     ao:templateValue :TypeValueSet .
@@ -116,7 +116,7 @@ ai:CuratorSimplePermissionValueContainer a ao:ValueContainer ;
 ai:AdminSimplePermissionValueContainer a ao:ValueContainer ;
     ao:containerType ai:NamedObject .
 
-:SubjectRoleEqualsDataSetRole a ao:Attribute ;
+:SubjectRoleEqualsDataSetRole a ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:SubjectRole ;
     ao:templateValue :RoleValueSet .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 8931d1705d..9df906e754 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -218,12 +218,12 @@
     ao:rule :AllowMatchingProperty .
 
 :AllowMatchingProperty a ao:Rule;
-    ao:attribute :SubjectRoleCheck ;
-    ao:attribute :OperationCheck ;
-    ao:attribute :AccessObjectTypeCheck ;
-    ao:attribute :AccessObjectUriCheck .
+    ao:check :SubjectRoleCheck ;
+    ao:check :OperationCheck ;
+    ao:check :AccessObjectTypeCheck ;
+    ao:check :AccessObjectUriCheck .
 
-:AccessObjectTypeCheck rdf:type ao:Attribute ;
+:AccessObjectTypeCheck rdf:type ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:AccessObjectType ;
     ao:templateValue :AccessObjectTypeValueSet .
@@ -236,19 +236,19 @@
     .
 
 :AllowMatchingPropertyStatement a ao:Rule;
-    ao:attribute :SubjectRoleCheck ;
-    ao:attribute :OperationCheck ;
-    ao:attribute :AccessObjectStatementTypeCheck ;
-    ao:attribute :StatementPredicateCheck ;
-    ao:attribute :RelationCheck ;
+    ao:check :SubjectRoleCheck ;
+    ao:check :OperationCheck ;
+    ao:check :AccessObjectStatementTypeCheck ;
+    ao:check :StatementPredicateCheck ;
+    ao:check :RelationCheck ;
     .
 
-:RelationCheck rdf:type ao:Attribute ;
+:RelationCheck rdf:type ao:Check ;
     ao:operator ai:SparqlSelectQueryContains ;
     ao:type ai:StatementSubjectUri ;
     ao:value ai:PersonProfileProximityToResourceUri .
 
-:AccessObjectStatementTypeCheck rdf:type ao:Attribute ;
+:AccessObjectStatementTypeCheck rdf:type ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:AccessObjectType ;
     ao:templateValue :StatementAccessObjectTypeValueSet .
@@ -260,7 +260,7 @@
     ao:attributeValue ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     .
 
-:OperationCheck a ao:Attribute ;
+:OperationCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:Operation ;
     ao:templateValue :OperationValueSet .
@@ -271,7 +271,7 @@
     ao:attributeValue ai:EditOperationValueContainer ;
     .
 
-:SubjectRoleCheck a ao:Attribute ;
+:SubjectRoleCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:type ai:SubjectRole ;
     ao:templateValue :RoleValueSet .
@@ -279,12 +279,12 @@
 :RoleValueSet a ao:AttributeValueSet ;
     ao:attributeValue ai:SelfEditorRoleValueContainer .
 
-:StatementPredicateCheck a ao:Attribute ;
+:StatementPredicateCheck a ao:Check ;
     ao:operator ai:OneOf ;
     ao:type ai:StatementPredicateUri ;
     ao:templateValue :AllowedPropertyUriValueSet .
 
-:AccessObjectUriCheck a ao:Attribute ;
+:AccessObjectUriCheck a ao:Check ;
     ao:operator ai:OneOf ;
     ao:type ai:AccessObjectUri ;
     ao:templateValue :AllowedPropertyUriValueSet .

From ed139e21814344c2c8c064a62afd332b00273083 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 19 Oct 2023 17:36:53 +0200
Subject: [PATCH 057/148] refact: renamed Attribute to Check

---
 .../webapp/auth/policy/PolicyLoader.java      |   8 +-
 .../vitro/webapp/auth/rules/AccessRule.java   |  14 +-
 .../webapp/auth/rules/AccessRuleFactory.java  |   2 +-
 .../webapp/auth/rules/AccessRuleImpl.java     |  20 +-
 .../HomeMenuItemsRestrictionPolicyTest.java   |   2 +-
 .../NonModifiableStatementsPolicyTest.java    |   2 +-
 .../vitro/webapp/auth/policy/PolicyTest.java  |  10 +-
 .../webapp/auth/policy/ProximityTest.java     |   2 +-
 .../policy/SimplePermissionPolicyTest.java    |  10 +-
 .../webapp/auth/rules/AccessRuleTest.java     |   8 +-
 webapp/src/main/webapp/error.jsp              |  20 +-
 .../webapp/jenaIngest/csv2rdfSelectUri.jsp    |   9 +-
 .../webapp/jenaIngest/executeWorkflow.jsp     |  10 +-
 .../main/webapp/jenaIngest/merge_result.jsp   |   2 +-
 .../main/webapp/jenaIngest/permanentURI.jsp   |   5 +-
 .../jenaIngest/renameBNodesURISelect.jsp      |   9 +-
 .../main/webapp/jenaIngest/renameResult.jsp   |   4 +-
 .../webapp/jenaIngest/sparqlConstruct.jsp     |  52 ++--
 .../main/webapp/jenaIngest/workflowStep.jsp   |  12 +-
 .../jenaIngest/xmlFileUploadSuccess.jsp       |   2 +-
 .../webapp/jsp/checkDatatypeProperties.jsp    |  12 +-
 .../webapp/templates/alpha/alphaIndex.jsp     |   4 +-
 .../templates/edit/fetch/horizontal.jsp       | 262 ++++++++++--------
 .../webapp/templates/edit/fetch/vertical.jsp  | 147 ++++++----
 .../edit/specific/classgroups_edit.jsp        |   8 +-
 .../edit/specific/datatypes_edit.jsp          |   2 +-
 .../edit/specific/ents_edit_head.jsp          |   2 +-
 .../templates/edit/specific/merge_result.jsp  |   4 +-
 .../edit/specific/namespaces_edit.jsp         |   4 +-
 .../templates/entity/entityListForTabs.jsp    |  19 +-
 .../templates/entity/entityListPages.jsp      |   6 +-
 .../main/webapp/templates/page/bodyMsg.jsp    |  11 +-
 .../page/freemarkerTransition/footer.jsp      |   4 +-
 .../page/freemarkerTransition/menu.jsp        |   4 +-
 34 files changed, 388 insertions(+), 304 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 5320699fd8..93a1f3ad5a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -679,13 +679,13 @@ private static void populateRule(AccessRule ar, QuerySolution qs) throws Excepti
         if (ar == null) {
             return;
         }
-        String attributeUri = qs.getResource("attribute").getURI();
-        if (ar.containsAttributeUri(attributeUri)) {
-            CheckFactory.extendAttribute(ar.getAttribute(attributeUri), qs);
+        String checkUri = qs.getResource("attribute").getURI();
+        if (ar.containsCheckUri(checkUri)) {
+            CheckFactory.extendAttribute(ar.getCheck(checkUri), qs);
             return;
         }
         try {
-            ar.addAttribute(CheckFactory.createCheck(qs));
+            ar.addCheck(CheckFactory.createCheck(qs));
         } catch (Exception e) {
             log.error(e, e);
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
index 8852866cbb..5df38bec21 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
@@ -19,19 +19,19 @@ public interface AccessRule {
 
     public void setRuleUri(String ruleUri);
 
-    public List<Check> getAttributes();
+    public List<Check> getChecks();
 
     public boolean match(AuthorizationRequest ar);
 
-    public void addAttribute(Check attr);
+    public void addCheck(Check attr);
 
-    public Set<String> getAttributeUris();
+    public Set<String> getCheckUris();
 
-    public boolean containsAttributeUri(String uri);
+    public boolean containsCheckUri(String uri);
 
-    public Set<Check> getAttributesByType(Attribute type);
+    public Set<Check> getChecksByType(Attribute type);
 
-    public long getAttributesCount();
+    public long getChecksCount();
 
-    public Check getAttribute(String uri);
+    public Check getCheck(String uri);
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
index b4110eec1f..8e0a527f91 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
@@ -20,7 +20,7 @@ public static AccessRule createRule(QuerySolution qs) {
         }
 
         ar.setRuleUri(ruleUri);
-        ar.addAttribute(CheckFactory.createCheck(qs));
+        ar.addCheck(CheckFactory.createCheck(qs));
         if (qs.contains("decision_id") && qs.get("decision_id").isLiteral()) {
             String decisionId = qs.getLiteral("decision_id").getString();
             if (RuleDecision.DENY.toString().equals(decisionId)) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
index b5b19a347a..e114d7dad9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
@@ -44,7 +44,7 @@ public void setRuleUri(String ruleUri) {
         this.ruleUri = ruleUri;
     }
 
-    public List<Check> getAttributes() {
+    public List<Check> getChecks() {
         return attributes;
     }
 
@@ -60,7 +60,7 @@ public boolean match(AuthorizationRequest ar) {
         return true;
     }
 
-    public void addAttribute(Check attr) {
+    public void addCheck(Check attr) {
         if (attributeMap.containsKey(attr.getUri())) {
             log.error(String.format("attribute %s already exists in the rule", attr.getUri()));
         }
@@ -81,35 +81,35 @@ public boolean equals(Object object) {
 
         return new EqualsBuilder()
                 .append(getRuleUri(), compared.getRuleUri())
-                .append(getAttributes(), compared.getAttributes())
+                .append(getChecks(), compared.getChecks())
                 .isEquals();
     }
 
     @Override
     public int hashCode() {
         return new HashCodeBuilder(15, 101)
-                .append(getAttributes())
+                .append(getChecks())
                 .append(getRuleUri())
                 .toHashCode();
     }
 
-    public Set<String> getAttributeUris() {
+    public Set<String> getCheckUris() {
         return attributeMap.keySet();
     }
 
-    public boolean containsAttributeUri(String uri) {
+    public boolean containsCheckUri(String uri) {
         return attributeMap.containsKey(uri);
     }
 
-    public Set<Check> getAttributesByType(Attribute type) {
-        return getAttributes().stream().filter(a -> a.getAttributeType().equals(type)).collect(Collectors.toSet());
+    public Set<Check> getChecksByType(Attribute type) {
+        return getChecks().stream().filter(a -> a.getAttributeType().equals(type)).collect(Collectors.toSet());
     }
 
-    public long getAttributesCount() {
+    public long getChecksCount() {
         return attributes.size();
     }
 
-    public Check getAttribute(String uri) {
+    public Check getCheck(String uri) {
         return attributeMap.get(uri);
     }
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
index d08cf0ec59..660b19b8a7 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
@@ -26,7 +26,7 @@ public void testHomeMenuItemsRestrictionPolicy() {
         assertTrue(policy.getRules().size() > 0);
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(false, rule.isAllowMatched());
-        assertEquals(4, rule.getAttributesCount());
+        assertEquals(4, rule.getChecksCount());
 
         AccessObject ao = new ObjectPropertyStatementAccessObject(null, null,
                 new Property("http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem"),
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
index aedbe99c9d..4e6e4df7a3 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
@@ -35,7 +35,7 @@ public void testNonModifiableStatementsPolicy() {
         AccessRule rule = policy.getRules().iterator().next();
         assertEquals(false, rule.isAllowMatched());
         for (AccessRule irule : policy.getRules()) {
-            assertEquals(3, irule.getAttributesCount());
+            assertEquals(3, irule.getChecksCount());
         }
 
         AccessObject ao = new ObjectPropertyStatementAccessObject(null, VALID, null, null);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index f2d424832c..a501f56b4e 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -96,15 +96,15 @@ protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<
         }
         assertEquals(ruleCount, ruleMap.size());
         for (AccessRule ar : ruleMap.values()) {
-            if (!attrCount.contains(ar.getAttributes().size())) {
-                log.error(String.format("Attribute count %s doesn't match for policy %s", ar.getAttributes().size(),
+            if (!attrCount.contains(ar.getChecks().size())) {
+                log.error(String.format("Attribute count %s doesn't match for policy %s", ar.getChecks().size(),
                         policy.getUri()));
-                for (String att : ar.getAttributeUris()) {
+                for (String att : ar.getCheckUris()) {
                     log.error(String.format("Attribute uri %s", att));
                 }
             }
-            assertTrue(attrCount.contains(ar.getAttributes().size()));
-            for (Check att : ar.getAttributes()) {
+            assertTrue(attrCount.contains(ar.getChecks().size()));
+            for (Check att : ar.getChecks()) {
                 assertTrue(att.getValues().size() > 0);
             }
         }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
index 4bc9b08f12..21d2617925 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
@@ -30,7 +30,7 @@ public void testProximityPolicy() {
         assertTrue(policy.getRules().size() == 1);
         AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
-        assertEquals(1, rule.getAttributesCount());
+        assertEquals(1, rule.getChecksCount());
 
         Model targetModel = ModelFactory.createDefaultModel();
         try {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
index 6aca434e0b..bbfb94f097 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
@@ -31,7 +31,7 @@ public void testAdminSimplePermissionPolicy() {
         assertEquals(1, policy.getRules().size());
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
-        assertEquals(3, rule.getAttributesCount());
+        assertEquals(3, rule.getChecksCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "SeeSiteAdminPage");
         ar.setRoleUris(Arrays.asList(CURATOR));
@@ -51,7 +51,7 @@ public void testCuratorSimplePermissionPolicy() {
         assertEquals(1, policy.getRules().size());
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
-        assertEquals(3, rule.getAttributesCount());
+        assertEquals(3, rule.getChecksCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "EditOntology");
         ar.setRoleUris(Arrays.asList(EDITOR));
@@ -71,7 +71,7 @@ public void testEditorSimplePermissionPolicy() {
         assertEquals(1, policy.getRules().size());
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
-        assertEquals(3, rule.getAttributesCount());
+        assertEquals(3, rule.getChecksCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "DoBackEndEditing");
         ar.setRoleUris(Arrays.asList(SELF_EDITOR));
@@ -91,7 +91,7 @@ public void testSelfEditorSimplePermissionPolicy() {
         assertEquals(1, policy.getRules().size());
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
-        assertEquals(3, rule.getAttributesCount());
+        assertEquals(3, rule.getChecksCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "DoFrontEndEditing");
         ar.setRoleUris(Arrays.asList(PUBLIC));
@@ -111,7 +111,7 @@ public void testPublicSimplePermissionPolicy() {
         assertEquals(1, policy.getRules().size());
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
-        assertEquals(3, rule.getAttributesCount());
+        assertEquals(3, rule.getChecksCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "QueryFullModel");
         ar.setRoleUris(Arrays.asList(""));
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
index 0171b90df7..d7e9ce11c9 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
@@ -20,10 +20,10 @@ public void testAttributeOrderByComputationalCost() {
         cheapAttribute.setType(CheckType.ONE_OF);
         Check expensiveAttribute = new AccessObjectUriCheck("test:expensiveAttributeUri", "test:objectUri");
         cheapAttribute.setType(CheckType.SPARQL_SELECT_QUERY_CONTAINS);
-        rule.addAttribute(affordableAttribute);
-        rule.addAttribute(expensiveAttribute);
-        rule.addAttribute(cheapAttribute);
-        List<Check> list = rule.getAttributes();
+        rule.addCheck(affordableAttribute);
+        rule.addCheck(expensiveAttribute);
+        rule.addCheck(cheapAttribute);
+        List<Check> list = rule.getChecks();
         assertEquals(cheapAttribute.getUri(), list.get(0).getUri());
         assertEquals(affordableAttribute.getUri(), list.get(1).getUri());
         assertEquals(expensiveAttribute.getUri(), list.get(2).getUri());
diff --git a/webapp/src/main/webapp/error.jsp b/webapp/src/main/webapp/error.jsp
index 4bd25405cf..6490d96a20 100755
--- a/webapp/src/main/webapp/error.jsp
+++ b/webapp/src/main/webapp/error.jsp
@@ -8,9 +8,9 @@
 <%@page import="org.apache.commons.logging.Log"%>
 <%@page import="org.apache.commons.logging.LogFactory"%>
 <%
-   // We have seen that this page can throw its own error.
+// We have seen that this page can throw its own error.
    // Before it does so, be sure that we have written the original error to the log.
-    Object c = request.getAttribute("javax.servlet.jsp.jspException");
+    Object c = request.getCheck("javax.servlet.jsp.jspException");
     if (c instanceof Throwable) {
       Throwable cause = (Throwable) c;
       Log log = LogFactory.getLog(this.getClass());
@@ -18,15 +18,15 @@
     }
 
 
-            VitroRequest vreq = new VitroRequest(request);
-            ApplicationBean appBean = vreq.getAppBean();
-            String themeDir = appBean.getThemeDir();
+    VitroRequest vreq = new VitroRequest(request);
+    ApplicationBean appBean = vreq.getAppBean();
+    String themeDir = appBean.getThemeDir();
 
-            request.setAttribute("bodyJsp", "/errorbody.jsp");
-            request.setAttribute("title", "Error");
-            request.setAttribute("css", "");
-            request.setAttribute("themeDir", themeDir);
-            %>
+    request.setAttribute("bodyJsp", "/errorbody.jsp");
+    request.setAttribute("title", "Error");
+    request.setAttribute("css", "");
+    request.setAttribute("themeDir", themeDir);
+%>
 
 
     <jsp:include page="/templates/page/doctype.jsp"/>
diff --git a/webapp/src/main/webapp/jenaIngest/csv2rdfSelectUri.jsp b/webapp/src/main/webapp/jenaIngest/csv2rdfSelectUri.jsp
index 322abb0aeb..5de3df8d54 100644
--- a/webapp/src/main/webapp/jenaIngest/csv2rdfSelectUri.jsp
+++ b/webapp/src/main/webapp/jenaIngest/csv2rdfSelectUri.jsp
@@ -54,10 +54,11 @@ function disableProperties(){
     <input type="radio" value="pattern" name="concatenate" onclick="selectProperties()">Use pattern based on values of </input>
 
 
-    <% Map<String,LinkedList<String>> propertyMap = (Map) request.getAttribute("propertyMap");
-       Set<Entry<String,LinkedList<String>>> set = propertyMap.entrySet();
-       Iterator<Entry<String,LinkedList<String>>> itr = set.iterator();
-       Entry<String, LinkedList<String>> entry = null;
+    <%
+    Map<String,LinkedList<String>> propertyMap = (Map) request.getCheck("propertyMap");
+           Set<Entry<String,LinkedList<String>>> set = propertyMap.entrySet();
+           Iterator<Entry<String,LinkedList<String>>> itr = set.iterator();
+           Entry<String, LinkedList<String>> entry = null;
     %>
 
     <select name="property" id="properties" disabled="disabled">
diff --git a/webapp/src/main/webapp/jenaIngest/executeWorkflow.jsp b/webapp/src/main/webapp/jenaIngest/executeWorkflow.jsp
index 2a4c5e7cac..a9b7ca9828 100644
--- a/webapp/src/main/webapp/jenaIngest/executeWorkflow.jsp
+++ b/webapp/src/main/webapp/jenaIngest/executeWorkflow.jsp
@@ -24,15 +24,15 @@
         <select name="workflowURI">
 
         <%
-              OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
+        OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
               jenaOntModel.enterCriticalSection(Lock.READ);
               try {
-                  List savedQueries = (List) request.getAttribute("workflows");
-	          for (Iterator it = savedQueries.iterator(); it.hasNext();)  {
-	              Individual savedQuery = (Individual) it.next();
+                  List savedQueries = (List) request.getCheck("workflows");
+        	          for (Iterator it = savedQueries.iterator(); it.hasNext();)  {
+        	              Individual savedQuery = (Individual) it.next();
                       String queryURI = savedQuery.getURI();
                       String queryLabel = savedQuery.getLabel(null);
-                      %> <option value="<%=queryURI%>"><%=queryLabel%></option> <%
+        %> <option value="<%=queryURI%>"><%=queryLabel%></option> <%
                   }
               } finally {
                   jenaOntModel.leaveCriticalSection();
diff --git a/webapp/src/main/webapp/jenaIngest/merge_result.jsp b/webapp/src/main/webapp/jenaIngest/merge_result.jsp
index 1a6e73d207..c50f26cc38 100644
--- a/webapp/src/main/webapp/jenaIngest/merge_result.jsp
+++ b/webapp/src/main/webapp/jenaIngest/merge_result.jsp
@@ -13,7 +13,7 @@
 <h2><a class="ingestMenu" href="ingest">Ingest Menu</a> > Merge Individuals</h2>
 
 <%
-    MergeResult resultObj = (MergeResult) request.getAttribute("result");
+MergeResult resultObj = (MergeResult) request.getCheck("result");
     String result = resultObj.getResultText();
 %>
 
diff --git a/webapp/src/main/webapp/jenaIngest/permanentURI.jsp b/webapp/src/main/webapp/jenaIngest/permanentURI.jsp
index 9157d9991e..35656c8a81 100644
--- a/webapp/src/main/webapp/jenaIngest/permanentURI.jsp
+++ b/webapp/src/main/webapp/jenaIngest/permanentURI.jsp
@@ -29,13 +29,14 @@ URIs exactly of the form created through the GUI interface.</p>
 <input type="hidden" name="action" value="permanentURI" />
 <p>Current namespace of resources
 <select name=oldNamespace>
-<%List namespaces = (List)request.getAttribute("namespaceList");
+<%
+List namespaces = (List)request.getCheck("namespaceList");
 if(namespaces != null) {
 	Iterator namespaceItr = namespaces.iterator();
 	Integer count = 0;
 	while (namespaceItr.hasNext()){
 		String namespaceText = (String) namespaceItr.next();
-		%>
+%>
         <option value="<%=namespaceText%>"><%=namespaceText%></option>
 <%  }
 }%>
diff --git a/webapp/src/main/webapp/jenaIngest/renameBNodesURISelect.jsp b/webapp/src/main/webapp/jenaIngest/renameBNodesURISelect.jsp
index 76b81e8eb5..4d8991f743 100644
--- a/webapp/src/main/webapp/jenaIngest/renameBNodesURISelect.jsp
+++ b/webapp/src/main/webapp/jenaIngest/renameBNodesURISelect.jsp
@@ -58,10 +58,11 @@ function disableProperties(){
     <input type="radio" value="pattern" name="concatenate" onclick="selectProperties()">Use pattern based on values of </input>
 
 
-    <% Map<String,LinkedList<String>> propertyMap = (Map) request.getAttribute("propertyMap");
-       Set<Entry<String,LinkedList<String>>> set = propertyMap.entrySet();
-       Iterator<Entry<String,LinkedList<String>>> itr = set.iterator();
-       Entry<String, LinkedList<String>> entry = null;
+    <%
+    Map<String,LinkedList<String>> propertyMap = (Map) request.getCheck("propertyMap");
+           Set<Entry<String,LinkedList<String>>> set = propertyMap.entrySet();
+           Iterator<Entry<String,LinkedList<String>>> itr = set.iterator();
+           Entry<String, LinkedList<String>> entry = null;
     %>
     <%if(itr.hasNext()){%>
     <select name="property" id="properties" disabled="disabled">
diff --git a/webapp/src/main/webapp/jenaIngest/renameResult.jsp b/webapp/src/main/webapp/jenaIngest/renameResult.jsp
index a6c38dbb60..0825e679d7 100644
--- a/webapp/src/main/webapp/jenaIngest/renameResult.jsp
+++ b/webapp/src/main/webapp/jenaIngest/renameResult.jsp
@@ -9,5 +9,7 @@
 
 <h2><a class="ingestMenu" href="ingest">Ingest Menu</a> > Rename Resource</h2>
 
-<%String result = (String) request.getAttribute("result");%>
+<%
+String result = (String) request.getCheck("result");
+%>
 <p><b><%=result%></b></p>
diff --git a/webapp/src/main/webapp/jenaIngest/sparqlConstruct.jsp b/webapp/src/main/webapp/jenaIngest/sparqlConstruct.jsp
index 4d705c3e20..b5db792bc3 100644
--- a/webapp/src/main/webapp/jenaIngest/sparqlConstruct.jsp
+++ b/webapp/src/main/webapp/jenaIngest/sparqlConstruct.jsp
@@ -48,22 +48,22 @@
 <h3>SPARQL Query <select name="savedQuery">
 	<option value="">select saved query</option>
 	<%
-              OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
-              jenaOntModel.enterCriticalSection(Lock.READ);
-              try {
-                  List savedQueries = (List) request.getAttribute("savedQueries");
-	          for (Iterator it = savedQueries.iterator(); it.hasNext();)  {
-	              Individual savedQuery = (Individual) it.next();
-                      String queryURI = savedQuery.getURI();
-                      String queryLabel = savedQuery.getLabel(null);
-                      %>
+	OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
+	      jenaOntModel.enterCriticalSection(Lock.READ);
+	      try {
+	          List savedQueries = (List) request.getCheck("savedQueries");
+		          for (Iterator it = savedQueries.iterator(); it.hasNext();)  {
+		              Individual savedQuery = (Individual) it.next();
+	              String queryURI = savedQuery.getURI();
+	              String queryLabel = savedQuery.getLabel(null);
+	%>
 	<option value="<%=queryURI%>"><%=queryLabel%></option>
 	<%
-                  }
-              } finally {
-                  jenaOntModel.leaveCriticalSection();
-	      }
-        %>
+	}
+	      } finally {
+	          jenaOntModel.leaveCriticalSection();
+		      }
+	%>
 </select>
 
 <textarea rows="25" cols="40" name="sparqlQueryStr" class="maxWidth"><c:choose>
@@ -77,17 +77,19 @@ PREFIX owl:   &lt;http://www.w3.org/2002/07/owl#&gt;
 PREFIX xsd:   &lt;http://www.w3.org/2001/XMLSchema#&gt;
 PREFIX vitro: &lt;http://vitro.mannlib.cornell.edu/ns/vitro/0.7#&gt;
 PREFIX swrl:  &lt;http://www.w3.org/2003/11/swrl#&gt;
-PREFIX swrlb: &lt;http://www.w3.org/2003/11/swrlb#&gt;<%List prefixes = (List)request.getAttribute("prefixList");
-if(prefixes != null){
-	Iterator prefixItr = prefixes.iterator();
-	Integer count = 0;
-	while (prefixItr.hasNext()){
-		String prefixText = (String) prefixItr.next();
-		if(prefixText.equals("(not yet specified)")){
-			count++;
-			prefixText = "p." + count.toString();
-		}
-		String urlText = (String) prefixItr.next();%>
+PREFIX swrlb: &lt;http://www.w3.org/2003/11/swrlb#&gt;<%
+    List prefixes = (List)request.getCheck("prefixList");
+    if(prefixes != null){
+    	Iterator prefixItr = prefixes.iterator();
+    	Integer count = 0;
+    	while (prefixItr.hasNext()){
+    		String prefixText = (String) prefixItr.next();
+    		if(prefixText.equals("(not yet specified)")){
+    			count++;
+    			prefixText = "p." + count.toString();
+    		}
+    		String urlText = (String) prefixItr.next();
+    %>
 PREFIX <%=prefixText%>: <<%=urlText%>><%}}%>
 
 
diff --git a/webapp/src/main/webapp/jenaIngest/workflowStep.jsp b/webapp/src/main/webapp/jenaIngest/workflowStep.jsp
index 8f1201b84b..497ff6a992 100644
--- a/webapp/src/main/webapp/jenaIngest/workflowStep.jsp
+++ b/webapp/src/main/webapp/jenaIngest/workflowStep.jsp
@@ -26,16 +26,16 @@
 		<select name="workflowStepURI">
 
         <%
-              OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
+        OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
               jenaOntModel.enterCriticalSection(Lock.READ);
               try {
-                  List workflowSteps  = (List) request.getAttribute("workflowSteps");
-	          for (Iterator it = workflowSteps.iterator(); it.hasNext();)  {
-	              Individual workflowStep = (Individual) it.next();
+                  List workflowSteps  = (List) request.getCheck("workflowSteps");
+        	          for (Iterator it = workflowSteps.iterator(); it.hasNext();)  {
+        	              Individual workflowStep = (Individual) it.next();
                       String workflowStepURI = workflowStep.getURI();
                       String workflowStepLabel = workflowStep.getLabel(null);
-					  String workflowStepString = (workflowStepLabel != null) ? workflowStepLabel : workflowStepURI;
-                      %> <option value="<%=workflowStepURI%>"><%=workflowStepString%></option> <%
+        					  String workflowStepString = (workflowStepLabel != null) ? workflowStepLabel : workflowStepURI;
+        %> <option value="<%=workflowStepURI%>"><%=workflowStepString%></option> <%
                   }
               } finally {
                   jenaOntModel.leaveCriticalSection();
diff --git a/webapp/src/main/webapp/jenaIngest/xmlFileUploadSuccess.jsp b/webapp/src/main/webapp/jenaIngest/xmlFileUploadSuccess.jsp
index 90cb6d8a47..91b84385ac 100644
--- a/webapp/src/main/webapp/jenaIngest/xmlFileUploadSuccess.jsp
+++ b/webapp/src/main/webapp/jenaIngest/xmlFileUploadSuccess.jsp
@@ -11,6 +11,6 @@
 <vitro:confirmAuthorization />
 
 <p>Uploaded XML files and converted to RDF.</p>
-<p>Loaded <%= request.getAttribute("statementCount") %> statements to the model <%= request.getAttribute("targetModel") %>.</p>
+<p>Loaded <%=request.getCheck("statementCount")%> statements to the model <%=request.getCheck("targetModel")%>.</p>
 
 <h2><a class="ingestMenu" href="ingest">Ingest Menu</a></h2>
diff --git a/webapp/src/main/webapp/jsp/checkDatatypeProperties.jsp b/webapp/src/main/webapp/jsp/checkDatatypeProperties.jsp
index f52b232237..d1aa147b8c 100644
--- a/webapp/src/main/webapp/jsp/checkDatatypeProperties.jsp
+++ b/webapp/src/main/webapp/jsp/checkDatatypeProperties.jsp
@@ -6,13 +6,13 @@
 <%@ page import="edu.cornell.mannlib.vedit.beans.ButtonForm" %>
 
 <%
-if (request.getAttribute("title") != null) { %>
-    <h2><%=request.getAttribute("title")%></h2><%
-}
-
-ArrayList<String> logResults = (ArrayList<String>)request.getAttribute("results");
-
+if (request.getCheck("title") != null) {
 %>
+    <h2><%=request.getCheck("title")%></h2><%
+    }
+
+    ArrayList<String> logResults = (ArrayList<String>)request.getCheck("results");
+    %>
 
 <div class="editingForm">
 	<table style="margin-bottom:1.5ex;">
diff --git a/webapp/src/main/webapp/templates/alpha/alphaIndex.jsp b/webapp/src/main/webapp/templates/alpha/alphaIndex.jsp
index f264595642..39752c4c62 100644
--- a/webapp/src/main/webapp/templates/alpha/alphaIndex.jsp
+++ b/webapp/src/main/webapp/templates/alpha/alphaIndex.jsp
@@ -32,7 +32,9 @@
          </c:if>
     </c:forEach>
 
-    <%  if( request.getAttribute("alpha") != null && ! "all".equalsIgnoreCase((String)request.getAttribute("alpha"))) {  %>
+    <%
+    if( request.getCheck("alpha") != null && ! "all".equalsIgnoreCase((String)request.getCheck("alpha"))) {
+    %>
         <a href='<c:url value=".${requestScope.servlet}?&amp;alpha=all&amp;${requestScope.controllerParam}"/>'>all </a>
         <c:if test='${not empty requestScope.count }'>
             (${requestScope.count} that start with ${requestScope.alpha })
diff --git a/webapp/src/main/webapp/templates/edit/fetch/horizontal.jsp b/webapp/src/main/webapp/templates/edit/fetch/horizontal.jsp
index a9c4c99c00..6f4821dd3d 100644
--- a/webapp/src/main/webapp/templates/edit/fetch/horizontal.jsp
+++ b/webapp/src/main/webapp/templates/edit/fetch/horizontal.jsp
@@ -4,53 +4,70 @@
 <%@ page import="edu.cornell.mannlib.vedit.beans.ButtonForm" %>
 
 <%
-if (request.getAttribute("title") != null) { %>
-    <h2><%=request.getAttribute("title")%></h2><%
-}
+if (request.getCheck("title") != null) {
 %>
+    <h2><%=request.getCheck("title")%></h2><%
+    }
+    %>
 <%
-if (request.getAttribute("title") == "Tabs") { %>
+if (request.getCheck("title") == "Tabs") {
+%>
     <div id="flash-message" role="alert">Tabs have been deprecated with the 1.2 release and is no longer recommended for production VIVO instances. All development relating to tabs has ceased, and it will not be distributed in future releases.
     </div><%
-}
-%>
+    }
+    %>
 
 <table style="margin-bottom:1.5ex;">
 <tr>
   <td style="width:0;padding:0;margin:0;"/>
 
 
-<%if (request.getAttribute("horizontalJspAddButtonUrl") != null) {%>
+<%
+if (request.getCheck("horizontalJspAddButtonUrl") != null) {
+%>
   <td>
-    <form action="<%=request.getAttribute("horizontalJspAddButtonUrl")%>" method="get"><input type="submit" class="form-button" value="<%=request.getAttribute("horizontalJspAddButtonText")%>"/>
-<%  if (request.getAttribute("horizontalJspAddButtonControllerParam") != null) {%>
-        <input type="hidden" name="controller" value="<%=request.getAttribute("horizontalJspAddButtonControllerParam")%>"/>
-<%  }
-    if (request.getAttribute("home") != null) {%>
-        <input type="hidden" name="home" value="<%=request.getAttribute("home")%>"/>
-<%  }%>
+    <form action="<%=request.getCheck("horizontalJspAddButtonUrl")%>" method="get"><input type="submit" class="form-button" value="<%=request.getCheck("horizontalJspAddButtonText")%>"/>
+<%
+if (request.getCheck("horizontalJspAddButtonControllerParam") != null) {
+%>
+        <input type="hidden" name="controller" value="<%=request.getCheck("horizontalJspAddButtonControllerParam")%>"/>
+<%
+}
+    if (request.getCheck("home") != null) {
+%>
+        <input type="hidden" name="home" value="<%=request.getCheck("home")%>"/>
+<%
+}
+%>
     </form>
   </td>
 <%
 }
-List <ButtonForm> topButtons = (List)request.getAttribute("topButtons");
+List <ButtonForm> topButtons = (List)request.getCheck("topButtons");
 if (topButtons!=null) {
     Iterator iter = topButtons.iterator();
     while (iter.hasNext()){
-       ButtonForm b = (ButtonForm)iter.next();%>
+       ButtonForm b = (ButtonForm)iter.next();
+%>
        <td>
        <form <%=b.getCssClass()%> action="<%=b.getAction()%>" method="get">
-<%         HashMap<String,String> params=b.getParams();
+<%
+HashMap<String,String> params=b.getParams();
            if (params!=null) {
-               for (String key : b.getParams().keySet()) {%>
+       for (String key : b.getParams().keySet()) {
+%>
                    <input type="hidden" name="<%=key%>" value="<%=params.get(key)%>"/>
-<%             }
-           }%>
+<%
+}
+           }
+%>
            <input type="submit" class="form-button" value="<%=b.getLabel()%>"/>
        </form>
        </td>
-<%  }
-}%>
+<%
+}
+}
+%>
 
 </tr></table>
 
@@ -58,180 +75,201 @@ if (topButtons!=null) {
 
 <jsp:useBean id="results" class="java.util.ArrayList" scope="request" />
 
-<% int columns = 0;
+<%
+int columns = 0;
     boolean havePostQueryData = false;
 
-    String editFormStr = (String)request.getAttribute("editform");
-    String minEditRoleStr = (String)request.getAttribute("min_edit_role");
+    String editFormStr = (String)request.getCheck("editform");
+    String minEditRoleStr = (String)request.getCheck("min_edit_role");
 
     String firstValue = "null", secondValue = "null";
-    Integer columnCount = (Integer)request.getAttribute("columncount");
+    Integer columnCount = (Integer)request.getCheck("columncount");
     columns = columnCount.intValue();
 
-    String clickSortStr = (String)request.getAttribute("clicksort");
+    String clickSortStr = (String)request.getCheck("clicksort");
 
     if ( columns > 0 && results.size() > 0) {    // avoid divide by zero error in next statement
         /* start enclosing table cell that holds all results */
 %>
 
-<%      String suppressStr = null;
+<%
+String suppressStr = null;
         boolean isPostQHeaderRow = false;
 
-        if ( ( suppressStr = (String)request.getAttribute("suppressquery")) == null ) { // only inserted into request if true
+        if ( ( suppressStr = (String)request.getCheck("suppressquery")) == null ) { // only inserted into request if true
 %>
-<i><b><%=(results.size() - columns) / columns %></b> rows of results were retrieved in <b><%= columns %></b> columns for query "<%=request.getAttribute("querystring")%>".</i>
+<i><b><%=(results.size() - columns) / columns%></b> rows of results were retrieved in <b><%=columns%></b> columns for query "<%=request.getCheck("querystring")%>".</i>
 <br/>
-<%      }
+<%
+}
         Iterator iter = results.iterator();
         int resultCount = 0, primaryRowNumber=0, pageRowNumber=0;
         while (iter.hasNext()) {
-            String classString;
+    String classString;
 
-            String thisResult = (String)iter.next();
-            if ( "+".equals(thisResult) ) {
-                havePostQueryData = true;
-                classString = "database_postheader";
-                isPostQHeaderRow = true;
-                thisResult = "&nbsp;";
-            } else if ( thisResult != null && thisResult.indexOf("@@")== 0) {
-                classString=thisResult.substring(2);
-                thisResult ="&nbsp;"; //leave as follows for diagnostics: thisResult.substring(2);
-                isPostQHeaderRow = false;
-            } else {
-                classString = isPostQHeaderRow ? "database_postheader" : "row";
-                if ( thisResult == null || "".equals(thisResult) )
-                    thisResult = "&nbsp;";
-            }
-                if ( resultCount == 0 ) { // first pass : column names
+    String thisResult = (String)iter.next();
+    if ( "+".equals(thisResult) ) {
+        havePostQueryData = true;
+        classString = "database_postheader";
+        isPostQHeaderRow = true;
+        thisResult = "&nbsp;";
+    } else if ( thisResult != null && thisResult.indexOf("@@")== 0) {
+        classString=thisResult.substring(2);
+        thisResult ="&nbsp;"; //leave as follows for diagnostics: thisResult.substring(2);
+        isPostQHeaderRow = false;
+    } else {
+        classString = isPostQHeaderRow ? "database_postheader" : "row";
+        if ( thisResult == null || "".equals(thisResult) )
+            thisResult = "&nbsp;";
+    }
+        if ( resultCount == 0 ) { // first pass : column names
 %>
 
 <table border="0" cellpadding="2" cellspacing="0" width = "100%">
-                        <%              if ( clickSortStr != null && "true".equals(clickSortStr) ) {
-                    if ( (results.size() - columns) / columns > 2 ) {
-%>
+                        <%
+                        if ( clickSortStr != null && "true".equals(clickSortStr) ) {
+                                    if ( (results.size() - columns) / columns > 2 ) {
+                        %>
 <tr>
 <td class="database_upperleftcorner" colspan="<%=columns%>">
 <i>Click on the column header to sort rows by that column.</i>
 </td>
 </tr>
-<%                  }
-                }
+<%
+}
+        }
 %>
 
 <tr class="row">
     <td class="rownumheader">#</td>
-     <%             if ( !("XX".equals(thisResult) )) {
-%>
+     <%
+     if ( !("XX".equals(thisResult) )) {
+     %>
     <td class="database_header">
-<%              }
-                } else if ( resultCount == columns ) {  // end column names and start numbered list
-                ++ primaryRowNumber;
-                ++ pageRowNumber;
-                firstValue = thisResult;
+<%
+}
+        } else if ( resultCount == columns ) {  // end column names and start numbered list
+        ++ primaryRowNumber;
+        ++ pageRowNumber;
+        firstValue = thisResult;
 %>
 
 </tr>
 <tr valign="top" class="row">
     <td class="rownum">1</td>
-      <%                if ( !("XX".equals(thisResult) )) { %>
+      <%
+      if ( !("XX".equals(thisResult) )) {
+      %>
     <td class="row">
-<%              }
-            } else if ( resultCount % columns == 0 ) {  // end row and start next row with calculated row number
-                ++ pageRowNumber;
+<%
+}
+    } else if ( resultCount % columns == 0 ) {  // end row and start next row with calculated row number
+        ++ pageRowNumber;
 %>
 </tr>
 <!-- <tr valign="top" class="<%=classString%>" > -->
-      <%                if ( "row".equals(classString) ) {
-                    if ( havePostQueryData ) {
-%>
+      <%
+      if ( "row".equals(classString) ) {
+                  if ( havePostQueryData ) {
+      %>
 <tr><td>&nbsp;</td></tr>
-<%                      havePostQueryData = false;
-                    }
-                    ++ primaryRowNumber;
+<%
+havePostQueryData = false;
+            }
+            ++ primaryRowNumber;
 %>
 <tr valign="top" class="row">
-    <td class="rownum"><%= primaryRowNumber /*resultCount / columns*/%></td>
-<%              } else { // classString does not equal "row"
+    <td class="rownum"><%=primaryRowNumber /*resultCount / columns*/%></td>
+<%
+} else { // classString does not equal "row"
 %>
 <tr valign="top" class="<%=classString%>" >
-<%              }
-                if ( !("XX".equals(thisResult) )) {
+<%
+}
+        if ( !("XX".equals(thisResult) )) {
 %>
     <td class="<%=classString%>">
-<%              }
-            } else { // not the end of a row
-                if ( resultCount <= columns ) { // header rows
-                    if ( !("XX".equals(thisResult) )) {
+<%
+}
+    } else { // not the end of a row
+        if ( resultCount <= columns ) { // header rows
+            if ( !("XX".equals(thisResult) )) {
 %>
     <td class="database_header">
 <%
-                    }
-                } else if ( resultCount == columns + 1 ) {
-                    secondValue=thisResult;
-                    if ( !( "XX".equals(thisResult) )) {
+}
+        } else if ( resultCount == columns + 1 ) {
+            secondValue=thisResult;
+            if ( !( "XX".equals(thisResult) )) {
 %>
     <td class="row">
 <%
-                    }
-                } else  { // cells in later rows
-                    if ( !( "XX".equals(thisResult) )) {
-                        if ( "row".equals(classString) ) {
-                            if ( primaryRowNumber % 2 == 0 ) {
-                                if ( pageRowNumber % 2 == 0 ) {
+}
+        } else  { // cells in later rows
+            if ( !( "XX".equals(thisResult) )) {
+                if ( "row".equals(classString) ) {
+                    if ( primaryRowNumber % 2 == 0 ) {
+                        if ( pageRowNumber % 2 == 0 ) {
 %>
     <td class="rowalternate">
-<%                              } else {
+<%
+} else {
 %>
     <td class="row">
-<%                              }
-                            } else if ( pageRowNumber % 2 == 0 ) {
+<%
+}
+                    } else if ( pageRowNumber % 2 == 0 ) {
 %>
     <td class="rowalternate">
-<%                          } else {
+<%
+} else {
 %>
     <td class="row">
-<%                          }
-                        } else {
+<%
+}
+                } else {
 %>
     <td class="<%=classString%>" >
-<%                      }
-                    }
-                }
+<%
+}
             }
-                if ( !( "XX".equals(thisResult) )) {
+        }
+    }
+        if ( !( "XX".equals(thisResult) )) {
 %>
-                    <%= thisResult %>
+                    <%=thisResult%>
     </td>
 <%
-            }
-            ++ resultCount;
+}
+    ++ resultCount;
         }
 %>
   </tr>
 </table>
 <%
-    } else { /* results not > 0 */
+} else { /* results not > 0 */
         Iterator errorIter = results.iterator();
         while ( errorIter.hasNext()) {
-            String errorResult = (String)errorIter.next();
+    String errorResult = (String)errorIter.next();
 %>
-            <p>Error returned: <%= errorResult%></p>
+            <p>Error returned: <%=errorResult%></p>
 <%
-        }
+}
     }
 %>
 <%
 if ( editFormStr != null  && minEditRoleStr != null ) {
-    String loginStatus =(String)session.getAttribute("loginStatus");
+    String loginStatus =(String)session.getCheck("loginStatus");
     if ( loginStatus != null &&  "authenticated".equals(loginStatus) ) {
         String currentRemoteAddrStr = request.getRemoteAddr();
-        String storedRemoteAddr = (String)session.getAttribute("loginRemoteAddr");
+        String storedRemoteAddr = (String)session.getCheck("loginRemoteAddr");
         if ( storedRemoteAddr != null && currentRemoteAddrStr.equals( storedRemoteAddr ) ) {
-            int minEditRole = Integer.parseInt(  minEditRoleStr );
-            String authorizedRoleStr = (String)session.getAttribute("loginRole");
-            if ( authorizedRoleStr != null ) {
-                int authorizedRole = Integer.parseInt( authorizedRoleStr );
-                if ( authorizedRole >= minEditRole ) { %>
+    int minEditRole = Integer.parseInt(  minEditRoleStr );
+    String authorizedRoleStr = (String)session.getCheck("loginRole");
+    if ( authorizedRoleStr != null ) {
+        int authorizedRole = Integer.parseInt( authorizedRoleStr );
+        if ( authorizedRole >= minEditRole ) {
+%>
                     <jsp:include page="<%=editFormStr%>" flush="true">
                     <jsp:param name="firstvalue" value="<%=firstValue%>" />
                     <jsp:param name="secondvalue" value="<%=secondValue%>" />
diff --git a/webapp/src/main/webapp/templates/edit/fetch/vertical.jsp b/webapp/src/main/webapp/templates/edit/fetch/vertical.jsp
index fbe363869d..81d29af265 100644
--- a/webapp/src/main/webapp/templates/edit/fetch/vertical.jsp
+++ b/webapp/src/main/webapp/templates/edit/fetch/vertical.jsp
@@ -3,39 +3,52 @@
 <%@ page isThreadSafe = "false" %>
 <%@ page import="java.util.*,java.lang.String.*" %>
 
-<% if (request.getAttribute("title") != null) { %>
-  <h2><%=request.getAttribute("title")%></h2>
-<% } %>
+<%
+if (request.getCheck("title") != null) {
+%>
+  <h2><%=request.getCheck("title")%></h2>
+<%
+}
+%>
 
 <%
-String headerStr = (String)request.getAttribute("header");
-if ( headerStr == null || (!headerStr.equalsIgnoreCase("noheader")) ) { %>
-<%  } %>
+String headerStr = (String)request.getCheck("header");
+if ( headerStr == null || (!headerStr.equalsIgnoreCase("noheader")) ) {
+%>
+<%
+}
+%>
 <jsp:useBean id="results" class="java.util.ArrayList" scope="request" />
 <%
 int rows = 0;
 
-String minEditRoleStr = (String)request.getAttribute("min_edit_role");
+String minEditRoleStr = (String)request.getCheck("min_edit_role");
 
 String firstValue = "null";
-Integer columnCount = (Integer)request.getAttribute("columncount");
+Integer columnCount = (Integer)request.getCheck("columncount");
 rows = columnCount.intValue();
 
-String clickSortStr = (String)request.getAttribute("clicksort");
+String clickSortStr = (String)request.getCheck("clicksort");
 
 if ( rows > 0  && results.size() > rows ) { // avoid divide by zero error in next statement
     String suppressStr = null;
     int columns = results.size() / rows;
-    if ( ( suppressStr = (String)request.getAttribute("suppressquery")) == null ) { // only inserted into request if true %>
-        <p><i><b><%= columns - 1 %></b> results were retrieved in <b><%= rows %></b> rows for query "<%=request.getAttribute("querystring")%>".</i></p>
-<%  }
+    if ( ( suppressStr = (String)request.getCheck("suppressquery")) == null ) { // only inserted into request if true
+%>
+        <p><i><b><%=columns - 1%></b> results were retrieved in <b><%=rows%></b> rows for query "<%=request.getCheck("querystring")%>".</i></p>
+<%
+}
     if ( clickSortStr != null && clickSortStr.equals("true")) {
-        if ( columns > 2 ) { %>
+        if ( columns > 2 ) {
+%>
             <p><i>Click on the row header to sort columns by that row.</i></p>
-<%      }
-    }  %>
+<%
+}
+    }
+%>
     <table border="0" cellpadding="2" cellspacing="0" width="100%">
-<%  String[] resultsArray = new String[results.size()]; // see Core Java Vol. 1 p.216
+<%
+String[] resultsArray = new String[results.size()]; // see Core Java Vol. 1 p.216
     results.toArray( resultsArray );
     firstValue = resultsArray[ rows ];
     request.setAttribute("firstvalue",firstValue);
@@ -48,62 +61,80 @@ if ( rows > 0  && results.size() > rows ) { // avoid divide by zero error in nex
     for ( int thisrow = 0; thisrow < rows; thisrow++ ) {
         //int currentPostQCol = 0;
         boolean dropRow = false;
-            for ( int thiscol = 0; thiscol < columns; thiscol++ ) {
-            String thisResult= resultsArray[ (rows * thiscol) + thisrow ];
-            if ( "+".equals(thisResult) ) { /* occurs all in first row, so postQHeaderCols should be correctly initialized */
-                classString = "postheaderright";
-                postQHeaderCols[ thiscol ] = true;
-                //++currentPostQCol;
-                thisResult="&nbsp;";
-            } else if ( thisResult != null && thisResult.indexOf("@@")== 0) {
-                classString="postheadercenter";
-                thisResult ="query values"; //leave as follows for diagnostics: thisResult.substring(2);
-                thisResult = thisResult.substring(2);
-            } else {
-                if ( postQHeaderCols[ thiscol ] == true )
-                    classString = "postheaderright";
-                else if ( thiscol == 1 && thisrow < 1 ) // jc55 was thisrow<2
-                    classString = "rowbold";
-                else
-                    classString = "row";
-                if ( thisResult == null ||  "".equals(thisResult) )
-                    thisResult="&nbsp;";
-            }
-            if ( thiscol == 0 ) { // 1st column of new row
-                if ( thisrow > 0 ) { // first must close prior row %>
+    for ( int thiscol = 0; thiscol < columns; thiscol++ ) {
+    String thisResult= resultsArray[ (rows * thiscol) + thisrow ];
+    if ( "+".equals(thisResult) ) { /* occurs all in first row, so postQHeaderCols should be correctly initialized */
+        classString = "postheaderright";
+        postQHeaderCols[ thiscol ] = true;
+        //++currentPostQCol;
+        thisResult="&nbsp;";
+    } else if ( thisResult != null && thisResult.indexOf("@@")== 0) {
+        classString="postheadercenter";
+        thisResult ="query values"; //leave as follows for diagnostics: thisResult.substring(2);
+        thisResult = thisResult.substring(2);
+    } else {
+        if ( postQHeaderCols[ thiscol ] == true )
+            classString = "postheaderright";
+        else if ( thiscol == 1 && thisrow < 1 ) // jc55 was thisrow<2
+            classString = "rowbold";
+        else
+            classString = "row";
+        if ( thisResult == null ||  "".equals(thisResult) )
+            thisResult="&nbsp;";
+    }
+    if ( thiscol == 0 ) { // 1st column of new row
+        if ( thisrow > 0 ) { // first must close prior row
+%>
                     </tr>
-                        <%                  if ("XX".equals(thisResult) ) {
-                        dropRow = true;
-                    } %>
+                        <%
+                        if ("XX".equals(thisResult) ) {
+                                        dropRow = true;
+                                    }
+                        %>
                     <tr valign="top" class="rowvert">  <!-- okay to start even a dropRow because it will get no <td> elements -->
-<%              } else { %>
+<%
+} else {
+%>
                     <tr valign="top" class="header">  <!-- okay to start even a dropRow because it will get no <td> elements -->
-<%              }
-                if ( !dropRow ) { %>
+<%
+}
+        if ( !dropRow ) {
+%>
                     <td width="15%" class="verticalfieldlabel">
                     <%=thisResult%>
-<%              }
-            } else { // 2nd or higher column
-                if ( !dropRow ) { %>
+<%
+}
+    } else { // 2nd or higher column
+        if ( !dropRow ) {
+%>
                     <td class="<%=classString%>" >
-                        <%                  if ("XX".equals(thisResult) ) { %>
+                        <%
+                        if ("XX".equals(thisResult) ) {
+                        %>
                         <%="&nbsp;"%>
-<%                  } else { %>
+<%
+} else {
+%>
                         <%=thisResult%>
-<%                  }
-                }
-            }
-            if ( !dropRow ) { %>
+<%
+}
+        }
+    }
+    if ( !dropRow ) {
+%>
                 </td>
-<%          }
+<%
+}
         }
-    }  %>
+    }
+%>
     </tr>
     </table>
 <%
 } else {
-    System.out.println("No results reported when " + rows + " rows and a result array size of " + results.size()); %>
-    No results retrieved for query "<%=request.getAttribute("querystring")%>".
+    System.out.println("No results reported when " + rows + " rows and a result array size of " + results.size());
+%>
+    No results retrieved for query "<%=request.getCheck("querystring")%>".
 <%  Iterator errorIter = results.iterator();
     while ( errorIter.hasNext()) {
         String errorResult = (String)errorIter.next(); %>
diff --git a/webapp/src/main/webapp/templates/edit/specific/classgroups_edit.jsp b/webapp/src/main/webapp/templates/edit/specific/classgroups_edit.jsp
index 3b8f838bd2..7191caed9a 100644
--- a/webapp/src/main/webapp/templates/edit/specific/classgroups_edit.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/classgroups_edit.jsp
@@ -14,7 +14,7 @@
 			<input type="submit" class="form-button" value="display this class group's record"/>
 			<input type="hidden" name="queryspec" value="private_classgroup"/>
 			<input type="hidden" name="header" value="titleonly"/>
-			<input type="hidden" name="linkwhere" value="classgroups.id=<%=request.getAttribute("firstvalue")%>"/>
+			<input type="hidden" name="linkwhere" value="classgroups.id=<%=request.getCheck("firstvalue")%>"/>
 		</form>
 		<form action="fetch" method="get">
 			<input type="submit" class="form-button" value="see all class groups"/>
@@ -24,8 +24,8 @@
 	</td>
 	<td valign="bottom" align="center">
 		<form action="editForm" method="get">
-			<input name="id" type = "hidden" value="<%=request.getAttribute("firstvalue")%>" />
-			<input type="submit" class="form-button" value="edit class group <%=request.getAttribute("firstvalue")%>"/>
+			<input name="id" type = "hidden" value="<%=request.getCheck("firstvalue")%>" />
+			<input type="submit" class="form-button" value="edit class group <%=request.getCheck("firstvalue")%>"/>
 			<input type="hidden" name="controller" value="Classgroup"/>
 		</form>
 	</td>
@@ -36,7 +36,7 @@
 		</form>
 		<form action="editForm" method="get">
 			<input type="hidden" name="controller" value="Vclass"/>
-			<input type="hidden" name="GroupId" value="<%=request.getAttribute("firstvalue")%>"/>
+			<input type="hidden" name="GroupId" value="<%=request.getCheck("firstvalue")%>"/>
 			<input type="submit" class="form-button" value="add new class to this group"/>
 		</form>
 	</td>
diff --git a/webapp/src/main/webapp/templates/edit/specific/datatypes_edit.jsp b/webapp/src/main/webapp/templates/edit/specific/datatypes_edit.jsp
index f72f9210af..c1e20a2ac2 100644
--- a/webapp/src/main/webapp/templates/edit/specific/datatypes_edit.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/datatypes_edit.jsp
@@ -18,7 +18,7 @@
 	</td>
 	<td valign="bottom" align="center">
 		<form action="datatype_retry" method="get">
-			<input type="hidden" name="id" value="<%=request.getAttribute("firstvalue")%>"/>
+			<input type="hidden" name="id" value="<%=request.getCheck("firstvalue")%>"/>
 			<input type="submit" class="form-button" value="Edit This Datatype"/>
 		</form>
 	</td>
diff --git a/webapp/src/main/webapp/templates/edit/specific/ents_edit_head.jsp b/webapp/src/main/webapp/templates/edit/specific/ents_edit_head.jsp
index 23d65fce28..6cc44fed1f 100644
--- a/webapp/src/main/webapp/templates/edit/specific/ents_edit_head.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/ents_edit_head.jsp
@@ -9,7 +9,7 @@ String context = request.getContextPath();
 
 
 <%
-if (!(Boolean)request.getAttribute("dwrDisabled")) {
+if (!(Boolean)request.getCheck("dwrDisabled")) {
 %>
 <script type="text/javascript">
     // DWR 3 is a better citizen for co-existing with jQuery.
diff --git a/webapp/src/main/webapp/templates/edit/specific/merge_result.jsp b/webapp/src/main/webapp/templates/edit/specific/merge_result.jsp
index ce00e01f51..287a3f7af2 100644
--- a/webapp/src/main/webapp/templates/edit/specific/merge_result.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/merge_result.jsp
@@ -6,5 +6,7 @@
 <h2><a href="ingest">Ingest Home</a></h2>
 
 <h3>Merge Individuals</h3>
-<%String result = (String) request.getAttribute("result");%>
+<%
+String result = (String) request.getCheck("result");
+%>
 <p><b><%=result%></b></p>
diff --git a/webapp/src/main/webapp/templates/edit/specific/namespaces_edit.jsp b/webapp/src/main/webapp/templates/edit/specific/namespaces_edit.jsp
index bd38218c97..9fbba9464e 100644
--- a/webapp/src/main/webapp/templates/edit/specific/namespaces_edit.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/namespaces_edit.jsp
@@ -18,8 +18,8 @@
 	</td>
 	<td valign="bottom" align="center">
 		<form action="editForm" method="get">
-			<input type="submit" class="form-button" value="Edit Namespace <%=request.getAttribute("firstvalue")%>"/>
-			<input name="id" type = "hidden" value="<%=request.getAttribute("firstvalue")%>" />
+			<input type="submit" class="form-button" value="Edit Namespace <%=request.getCheck("firstvalue")%>"/>
+			<input name="id" type = "hidden" value="<%=request.getCheck("firstvalue")%>" />
 			<input type="hidden" name="controller" value="Namespace"/>
 		</form>
 	</td>
diff --git a/webapp/src/main/webapp/templates/entity/entityListForTabs.jsp b/webapp/src/main/webapp/templates/entity/entityListForTabs.jsp
index 3ea942a80a..7b9f6beeb8 100644
--- a/webapp/src/main/webapp/templates/entity/entityListForTabs.jsp
+++ b/webapp/src/main/webapp/templates/entity/entityListForTabs.jsp
@@ -3,7 +3,8 @@
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%><%/* this odd thing points to something in web.xml */ %>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
 <%@ page errorPage="/error.jsp"%>
-<%  /***********************************************
+<%
+/***********************************************
         Display a list of entities for a tab.
 
          request.attributes:
@@ -16,13 +17,15 @@
 
          bdc34 2006-01-27 created
     **********************************************/
-        if (request.getAttribute("entities") == null){
-            String e="entityListForTabs.jsp expects that request attribute 'entities' be set to a List of Entity objects.";
-            throw new JspException(e);
+        if (request.getCheck("entities") == null){
+    String e="entityListForTabs.jsp expects that request attribute 'entities' be set to a List of Entity objects.";
+    throw new JspException(e);
         }
 %>
 <c:set var="searchViewPrefix" value="/templates/search/"/>
-<c:set var='entities' value='${requestScope.entities}' /><%/* just moving this into page scope for easy use */ %>
+<c:set var='entities' value='${requestScope.entities}' /><%
+/* just moving this into page scope for easy use */
+%>
 <c:set var='IMG_WIDTH' value='75'/>
 <jsp:include page="/templates/alpha/alphaIndex.jsp"/>
 <ul class='tabEntities entityListForTab'>
@@ -87,10 +90,10 @@
 
 <%-- Show pages to select from --%>
 <%
-if( request.getAttribute("alpha") != null && ! "all".equalsIgnoreCase((String)request.getAttribute("alpha"))) {
-  request.setAttribute("pageAlpha",request.getAttribute("alpha"));
+if( request.getCheck("alpha") != null && ! "all".equalsIgnoreCase((String)request.getCheck("alpha"))) {
+  request.setAttribute("pageAlpha",request.getCheck("alpha"));
 }else{
-  request.setAttribute("pageAlpha",request.getAttribute("all"));
+  request.setAttribute("pageAlpha",request.getCheck("all"));
 }
 %>
 
diff --git a/webapp/src/main/webapp/templates/entity/entityListPages.jsp b/webapp/src/main/webapp/templates/entity/entityListPages.jsp
index 737b147ff1..1571a71848 100644
--- a/webapp/src/main/webapp/templates/entity/entityListPages.jsp
+++ b/webapp/src/main/webapp/templates/entity/entityListPages.jsp
@@ -5,10 +5,10 @@
 
 <%-- Show pages to select from --%>
 <%
-if( request.getAttribute("alpha") != null && ! "all".equalsIgnoreCase((String)request.getAttribute("alpha"))) {
-  request.setAttribute("pageAlpha",request.getAttribute("alpha"));
+if( request.getCheck("alpha") != null && ! "all".equalsIgnoreCase((String)request.getCheck("alpha"))) {
+  request.setAttribute("pageAlpha",request.getCheck("alpha"));
 }else{
-  request.setAttribute("pageAlpha",request.getAttribute("all"));
+  request.setAttribute("pageAlpha",request.getCheck("all"));
 }
 %>
 
diff --git a/webapp/src/main/webapp/templates/page/bodyMsg.jsp b/webapp/src/main/webapp/templates/page/bodyMsg.jsp
index db88240a2e..bc82e4b1a0 100644
--- a/webapp/src/main/webapp/templates/page/bodyMsg.jsp
+++ b/webapp/src/main/webapp/templates/page/bodyMsg.jsp
@@ -1,6 +1,7 @@
 <%-- $This file is distributed under the terms of the license in LICENSE$ --%>
 
-<%  /***********************************************
+<%
+/***********************************************
      A JSP for displaying a simple message.
      This JSP is intened to be wraped by basicPage.jsp
 
@@ -10,13 +11,13 @@
      bdc34 2009-02-03 created
      **********************************************/
 
-     if (request.getAttribute("msg") == null ){
+     if (request.getCheck("msg") == null ){
          throw new JspException(
-                 "bodyMsg.jsp expects that request parameter 'msg' be set to"
-                 + " the message for the page.\n"
+         "bodyMsg.jsp expects that request parameter 'msg' be set to"
+         + " the message for the page.\n"
           );
      }
    // only get the msg from the attributes, because of cross site exploits,
    // never from the parameters.
-   out.print( (String)request.getAttribute("msg") );
+   out.print( (String)request.getCheck("msg") );
 %>
diff --git a/webapp/src/main/webapp/templates/page/freemarkerTransition/footer.jsp b/webapp/src/main/webapp/templates/page/freemarkerTransition/footer.jsp
index b42e1e792b..139e0e904b 100644
--- a/webapp/src/main/webapp/templates/page/freemarkerTransition/footer.jsp
+++ b/webapp/src/main/webapp/templates/page/freemarkerTransition/footer.jsp
@@ -4,9 +4,9 @@
 
 <%@ page import="edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet" %>
 <%
-    // This is here as a safety net. We should have gotten the values in identity.jsp,
+// This is here as a safety net. We should have gotten the values in identity.jsp,
     // since it's the first jsp we hit.
-    String footer = (String) request.getAttribute("ftl_footer");
+    String footer = (String) request.getCheck("ftl_footer");
     if (footer == null) {
         FreemarkerHttpServlet.getFreemarkerComponentsForJsp(request);
     }
diff --git a/webapp/src/main/webapp/templates/page/freemarkerTransition/menu.jsp b/webapp/src/main/webapp/templates/page/freemarkerTransition/menu.jsp
index db4829370e..e70a8b2612 100644
--- a/webapp/src/main/webapp/templates/page/freemarkerTransition/menu.jsp
+++ b/webapp/src/main/webapp/templates/page/freemarkerTransition/menu.jsp
@@ -4,9 +4,9 @@
 
 <%@ page import="edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet" %>
 <%
-    // This is here as a safety net. We should have gotten the values in identity.jsp,
+// This is here as a safety net. We should have gotten the values in identity.jsp,
     // since it's the first jsp we hit.
-    String menu = (String) request.getAttribute("ftl_menu");
+    String menu = (String) request.getCheck("ftl_menu");
     if (menu == null) {
         FreemarkerHttpServlet.getFreemarkerComponentsForJsp(request);
     }

From 87e03fa538ee494d137b87ea00a6dff93d668a71 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 19 Oct 2023 17:49:05 +0200
Subject: [PATCH 058/148] refact: renamed Attribute to Check

---
 .../webapp/auth/policy/PolicyLoader.java      | 52 +++++++++----------
 .../webapp/auth/rules/AccessRuleImpl.java     | 30 +++++------
 .../vitro/webapp/auth/policy/PolicyTest.java  |  8 +--
 .../{attribute_types.n3 => check_types.n3}    |  0
 .../firsttime/{attributes.n3 => checks.n3}    |  0
 5 files changed, 45 insertions(+), 45 deletions(-)
 rename home/src/main/resources/rdf/accessControl/firsttime/{attribute_types.n3 => check_types.n3} (100%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{attributes.n3 => checks.n3} (100%)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 93a1f3ad5a..21be5b1fd9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -114,33 +114,33 @@ public class PolicyLoader {
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "SELECT DISTINCT ?policyUri ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id \n" + "WHERE {\n"
+            + "SELECT DISTINCT ?policyUri ?rules ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id \n" + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "?policy rdf:type ao:Policy .\n"
             + "?policy ao:rules ?rules . \n"
             + "?rules ao:rule ?rule . \n"
-            + "?rule ao:check ?attribute .\n"
+            + "?rule ao:check ?check .\n"
             + "OPTIONAL {\n"
-            + "  ?attribute ao:operator ?attributeTest .\n"
+            + "  ?check ao:operator ?checkTest .\n"
             + "  OPTIONAL {\n"
-            + "    ?attributeTest ao:id ?testId . \n"
+            + "    ?checkTest ao:id ?testId . \n"
             + "  }\n"
             + "}"
             + "OPTIONAL {\n"
-            + "  ?attribute ao:type ?attributeType . \n"
+            + "  ?check ao:type ?checkType . \n"
             + "  OPTIONAL {\n"
-            + "    ?attributeType ao:id ?typeId . \n"
+            + "    ?checkType ao:id ?typeId . \n"
             + "  }\n"
             + "}\n"
             + "OPTIONAL {\n"
             + "   ?rule ao:decision ?decision . \n"
             + "   ?decision ao:id ?decision_id . \n"
             + "}\n"
-            + "?attribute ao:value ?value . \n"
+            + "?check ao:value ?value . \n"
             + "OPTIONAL {?value ao:id ?lit_value . }\n"
             + "  }\n"
             + "BIND(?policy as ?policyUri)\n"
-            + "} ORDER BY ?rule ?attribute";
+            + "} ORDER BY ?rule ?check";
 
     private static final String DATASET_RULES_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
             + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
@@ -149,7 +149,7 @@ public class PolicyLoader {
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "SELECT DISTINCT ?policyUri ?rules ?rule ?attribute ?testId ?typeId ?value ?lit_value ?decision_id ?dataSetUri \n"
+            + "SELECT DISTINCT ?policyUri ?rules ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id ?dataSetUri \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?policy a ao:PolicyTemplate .\n"
@@ -158,18 +158,18 @@ public class PolicyLoader {
             + "    ?policyDataSets ao:policyDataSet ?dataSet .\n"
             + "    ?rules rdf:type ao:Rules .\n"
             + "    ?rules ao:rule ?rule .\n"
-            + "    ?rule ao:check ?attribute .\n"
-            + "    ?attribute rdf:type ao:Check .\n"
+            + "    ?rule ao:check ?check .\n"
+            + "    ?check rdf:type ao:Check .\n"
             + "    OPTIONAL {\n"
-            + "      ?attribute ao:operator ?attributeTest .\n"
+            + "      ?check ao:operator ?checkTest .\n"
             + "      OPTIONAL {\n"
-            + "        ?attributeTest ao:id ?testId .\n"
+            + "        ?checkTest ao:id ?testId .\n"
             + "      }\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?attribute ao:type ?attributeType .\n"
+            + "      ?check ao:type ?checkType .\n"
             + "      OPTIONAL {\n"
-            + "        ?attributeType ao:id ?typeId .\n"
+            + "        ?checkType ao:id ?typeId .\n"
             + "      }\n"
             + "    }\n"
             + "    OPTIONAL {\n"
@@ -177,7 +177,7 @@ public class PolicyLoader {
             + "       ?decision ao:id ?decision_id .\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "       ?attribute ao:templateValue ?attributeValueSet .\n"
+            + "       ?check ao:templateValue ?attributeValueSet .\n"
             + "       ?attributeValueSet a ao:AttributeValueSet .\n"
             + "       ?attributeValueSet ao:attributeValue ?attributeValue .\n"
             + "       ?attributeValue ao:dataValue ?value .\n"
@@ -185,13 +185,13 @@ public class PolicyLoader {
             + "       OPTIONAL {?value ao:id ?lit_value . }\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "       ?attribute ao:value ?value .\n"
+            + "       ?check ao:value ?value .\n"
             + "       OPTIONAL {?value ao:id ?lit_value . }\n"
             + "    }\n" 
             + "    BIND(?dataSet as ?dataSetUri)\n"
             + "    BIND(?policy as ?policyUri)\n"
             + "  }\n"
-            + "} ORDER BY ?rule ?attribute";
+            + "} ORDER BY ?rule ?check";
 
     private static final String policyKeyTemplatePrefix =
               "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
@@ -244,7 +244,7 @@ public class PolicyLoader {
     public static final String RULE = "rule";
     public static final String LITERAL_VALUE = "lit_value";
     public static final String ATTR_VALUE = "value";
-    public static final String CHECK = "attribute";
+    public static final String CHECK = "check";
     public static final String TEST_ID = "testId";
     public static final String TYPE_ID = "typeId";
     private static PolicyLoader INSTANCE;
@@ -679,7 +679,7 @@ private static void populateRule(AccessRule ar, QuerySolution qs) throws Excepti
         if (ar == null) {
             return;
         }
-        String checkUri = qs.getResource("attribute").getURI();
+        String checkUri = qs.getResource("check").getURI();
         if (ar.containsCheckUri(checkUri)) {
             CheckFactory.extendAttribute(ar.getCheck(checkUri), qs);
             return;
@@ -706,21 +706,21 @@ private static boolean isInvalidPolicySolution(QuerySolution qs) {
             return true;
         }
         String rule = qs.get("rule").asResource().getLocalName();
-        if (!qs.contains("attribute") || !qs.get("attribute").isResource()) {
-            log.error(String.format("Query solution for policy <%s> doesn't contain attribute uri", policy));
+        if (!qs.contains("check") || !qs.get("check").isResource()) {
+            log.error(String.format("Query solution for policy <%s> doesn't contain check uri", policy));
             return true;
         }
-        String attribute = qs.get("attribute").asResource().getLocalName();
+        String check = qs.get("check").asResource().getLocalName();
         if (!qs.contains("value")) {
-            log.error(String.format("Query solution for policy <%s> rule %s attribute %s doesn't contain value", policy, rule, attribute));
+            log.error(String.format("Query solution for policy <%s> rule %s check %s doesn't contain value", policy, rule, check));
             return true;
         }
         if (!qs.contains("typeId") || !qs.get("typeId").isLiteral()) {
-            log.error(String.format("Query solution for policy <%s> doesn't contain attribute type id", policy));
+            log.error(String.format("Query solution for policy <%s> doesn't contain check type id", policy));
             return true;
         }
         if (!qs.contains("testId") || !qs.get("testId").isLiteral()) {
-            log.error(String.format("Query solution for policy <%s> doesn't contain attribute test id", policy));
+            log.error(String.format("Query solution for policy <%s> doesn't contain check test id", policy));
             return true;
         }
         return false;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
index e114d7dad9..198cecbb79 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
@@ -21,8 +21,8 @@
 
 public class AccessRuleImpl implements AccessRule {
     private static final Log log = LogFactory.getLog(AccessRuleImpl.class);
-    protected Map<String, Check> attributeMap = new HashMap<>();
-    protected List<Check> attributes = new ArrayList<Check>();
+    protected Map<String, Check> checksMap = new HashMap<>();
+    protected List<Check> checks = new ArrayList<Check>();
     private static final Comparator<Check> comparator = getAttributeComparator();
 
     private boolean allowMatched = true;
@@ -45,14 +45,14 @@ public void setRuleUri(String ruleUri) {
     }
 
     public List<Check> getChecks() {
-        return attributes;
+        return checks;
     }
 
     public boolean match(AuthorizationRequest ar) {
-        for (Check attribute : attributes) {
-            if (!attribute.check(ar)) {
+        for (Check check : checks) {
+            if (!check.check(ar)) {
                 if (log.isDebugEnabled()) {
-                    log.debug(String.format("Attribute %s didn't match", attribute.getUri()));
+                    log.debug(String.format("Check %s didn't match", check.getUri()));
                 }
                 return false;
             }
@@ -61,12 +61,12 @@ public boolean match(AuthorizationRequest ar) {
     }
 
     public void addCheck(Check attr) {
-        if (attributeMap.containsKey(attr.getUri())) {
-            log.error(String.format("attribute %s already exists in the rule", attr.getUri()));
+        if (checksMap.containsKey(attr.getUri())) {
+            log.error(String.format("Check %s already exists in the rule", attr.getUri()));
         }
-        attributes.add(attr);
-        Collections.sort(attributes, comparator);
-        attributeMap.put(attr.getUri(), attr);
+        checks.add(attr);
+        Collections.sort(checks, comparator);
+        checksMap.put(attr.getUri(), attr);
     }
 
     @Override
@@ -94,11 +94,11 @@ public int hashCode() {
     }
 
     public Set<String> getCheckUris() {
-        return attributeMap.keySet();
+        return checksMap.keySet();
     }
 
     public boolean containsCheckUri(String uri) {
-        return attributeMap.containsKey(uri);
+        return checksMap.containsKey(uri);
     }
 
     public Set<Check> getChecksByType(Attribute type) {
@@ -106,11 +106,11 @@ public Set<Check> getChecksByType(Attribute type) {
     }
 
     public long getChecksCount() {
-        return attributes.size();
+        return checks.size();
     }
 
     public Check getCheck(String uri) {
-        return attributeMap.get(uri);
+        return checksMap.get(uri);
     }
 
     private static Comparator<Check> getAttributeComparator() {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index a501f56b4e..9b9ea0bfad 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -32,12 +32,12 @@ public class PolicyTest {
     protected static final String PUBLIC = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
 
     public static final String ONTOLOGY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "ontology.n3";
-    public static final String ATTRIBUTES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "attributes.n3";
+    public static final String CHECKS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "checks.n3";
     public static final String OPERATIONS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "operations.n3";
     public static final String OPERATION_GROUPS = USER_ACCOUNTS_HOME_FIRSTTIME + "operation_groups.n3";
     public static final String SUBJECT_TYPES = USER_ACCOUNTS_HOME_FIRSTTIME + "subject_types.n3";
     public static final String OBJECT_TYPES = USER_ACCOUNTS_HOME_FIRSTTIME + "object_types.n3";
-    public static final String ATTRIBUTE_TYPES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "attribute_types.n3";
+    public static final String CHECK_TYPES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "check_types.n3";
     public static final String OPERATORS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "operators.n3";
     public static final String TEST_VALUES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "test_values.n3";
     public static final String TEST_DECISIONS = USER_ACCOUNTS_HOME_FIRSTTIME + "decisions.n3";
@@ -69,12 +69,12 @@ public void init() {
         accessControlModel = ModelFactory.createDefaultModel();
         configurationDataSet = DatasetFactory.createTxnMem();
         configurationDataSet.addNamedModel(ModelNames.ACCESS_CONTROL, accessControlModel);
-        load(ATTRIBUTES_PATH);
+        load(CHECKS_PATH);
         load(OPERATIONS_PATH);
         load(OPERATION_GROUPS);
         load(SUBJECT_TYPES);
         load(OBJECT_TYPES);
-        load(ATTRIBUTE_TYPES_PATH);
+        load(CHECK_TYPES_PATH);
         load(OPERATORS_PATH);
         load(TEST_VALUES_PATH);
         load(TEST_DECISIONS);
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/attribute_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/check_types.n3
similarity index 100%
rename from home/src/main/resources/rdf/accessControl/firsttime/attribute_types.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/check_types.n3
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3 b/home/src/main/resources/rdf/accessControl/firsttime/checks.n3
similarity index 100%
rename from home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/checks.n3

From 85a502bcc902bb9c3c16eabd7ebfc57cb94d36c0 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 19 Oct 2023 18:01:52 +0200
Subject: [PATCH 059/148] refact: renamed Attribute to Check

---
 .../rdf/accessControl/firsttime/checks.n3     | 40 -------------------
 .../firsttime/policy_editable_pages.n3        | 17 +++++++-
 .../firsttime/policy_root_user.n3             | 16 +++++---
 3 files changed, 26 insertions(+), 47 deletions(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/checks.n3 b/home/src/main/resources/rdf/accessControl/firsttime/checks.n3
index 301cabc2b5..10ea03e74e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/checks.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/checks.n3
@@ -8,46 +8,6 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-###########################################################################
-### Subject attributes
-
-ai:IsRootUserAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:SubjectType ;
-         ao:value ai:RootUserSubject .
-
-ai:SubjectRoleEqualsAdminRoleAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:SubjectRole ;
-         ao:value auth:ADMIN .
-         
-ai:SubjectRoleEqualsCuratorRoleAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:SubjectRole ;
-         ao:value auth:CURATOR .
-
-ai:SubjectRoleEqualsEditorRoleAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:SubjectRole ;
-         ao:value auth:EDITOR .
-
-ai:SubjectRoleEqualsSelfEditorRoleAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:SubjectRole ;
-         ao:value auth:SELF_EDITOR .
-
-ai:SubjectRoleEqualsPublicRoleAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:SubjectRole ;
-         ao:value auth:PUBLIC .
-         
-ai:SubjectRoleOneOfEditorsAttribute rdf:type ao:Check ;
-         ao:operator ai:OneOf ;
-         ao:type ai:SubjectRole ;
-         ao:value auth:ADMIN ;
-         ao:value auth:CURATOR ;
-         ao:value auth:EDITOR .
-
 ###########################################################################
 ### Operation attributes
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index 9d0ee837ab..6f71556654 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -6,6 +6,7 @@
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/policy/edit-individual-pages/> .
 
 ai:EditIndividualPagesPolicy rdf:type ao:Policy ;
     ao:rules ai:EditIndividualPagesRuleSet .
@@ -15,14 +16,26 @@ ai:EditIndividualPagesRuleSet rdf:type ao:Rules ;
     ao:rule ai:AllowEditIndividualPagesRule .
 
 ai:AllowEditIndividualPagesRule rdf:type ao:Rule;
-    ao:check ai:SubjectRoleOneOfEditorsAttribute ;
+    ao:check :SubjectRoleOneOfEditorsCheck ;
     ao:check ai:AddOperationAttribute ;
     ao:check ai:ObjectPropertyStatementTypeAttribute ;
     ao:check ai:SomeObjectUriAttribute ;
     ao:check ai:SomePredicateAttribute .
 
+:SubjectRoleOneOfEditorsCheck rdf:type ao:Check ;
+    ao:operator ai:OneOf ;
+    ao:type ai:SubjectRole ;
+    ao:value auth:ADMIN ;
+    ao:value auth:CURATOR ;
+    ao:value auth:EDITOR .
+
+:SubjectRoleEqualsSelfEditorCheck rdf:type ao:Check ;
+    ao:operator ai:Equals ;
+    ao:type ai:SubjectRole ;
+    ao:value auth:SELF_EDITOR .
+
 ai:AllowEditRelatedPagesRule rdf:type ao:Rule;
-    ao:check ai:SubjectRoleEqualsSelfEditorRoleAttribute ;
+    ao:check :SubjectRoleEqualsSelfEditorCheck ;
     ao:check ai:StatementObjectUriContainsSelfEditorResourceAttribute;
     ao:check ai:AddOperationAttribute ;
     ao:check ai:ObjectPropertyStatementTypeAttribute ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
index 75702bbba5..d8dca27e50 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
@@ -7,14 +7,20 @@
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/policy/root-user/> .
 
 ai:RootUserPolicy rdf:type ao:Policy ;
-          ao:priority 10000 ;
-          ao:rules ai:RootRuleSet .
+    ao:priority 10000 ;
+    ao:rules ai:RootRuleSet .
 
 ai:RootRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowRootUserRule .
-          
+    ao:rule ai:AllowRootUserRule .
+
 ai:AllowRootUserRule rdf:type ao:Rule;
-          ao:check ai:IsRootUserAttribute .
+    ao:check :IsRootUserCheck .
+
+:IsRootUserCheck rdf:type ao:Check ;
+    ao:operator ai:Equals ;
+    ao:type ai:SubjectType ;
+    ao:value ai:RootUserSubject .
 

From d30df244b00868e0cdc4e9657d01832b7bf67b6b Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 20 Oct 2023 10:12:57 +0200
Subject: [PATCH 060/148] refact: renamed Attribute to Check

---
 .../webapp/auth/policy/PolicyLoader.java      |   4 +-
 .../auth/policy/EditablePagesPolicyTest.java  |   2 +-
 .../HomeMenuItemsRestrictionPolicyTest.java   |   2 +-
 .../NonModifiableStatementsPolicyTest.java    |   2 +-
 .../vitro/webapp/auth/policy/PolicyTest.java  |   2 -
 .../auth/policy/RootUserPolicyTest.java       |   2 +-
 .../auth/rules/proximity_test_policy.n3       |   2 +-
 .../webapp/auth/rules/test_policy_broken1.n3  |   4 +-
 .../webapp/auth/rules/test_policy_broken2.n3  |   2 +-
 .../webapp/auth/rules/test_policy_broken3.n3  |   4 +-
 .../webapp/auth/rules/test_policy_broken4.n3  |   4 +-
 .../webapp/auth/rules/test_policy_broken5.n3  |   4 +-
 .../auth/rules/test_policy_broken_set.n3      |   4 +-
 .../webapp/auth/rules/test_policy_key.n3      |   2 +-
 .../webapp/auth/rules/test_policy_valid.n3    |   2 +-
 .../auth/rules/test_policy_valid_set.n3       |   4 +-
 .../accessControl/firsttime/check_types.n3    |  38 ++--
 .../rdf/accessControl/firsttime/checks.n3     | 105 -----------
 .../rdf/accessControl/firsttime/decisions.n3  |   4 +-
 .../accessControl/firsttime/object_types.n3   |  26 +--
 .../rdf/accessControl/firsttime/ontology.n3   | 138 +++++++--------
 .../firsttime/operation_groups.n3             |  10 +-
 .../rdf/accessControl/firsttime/operations.n3 |   6 +-
 .../rdf/accessControl/firsttime/operators.n3  |  20 +--
 .../firsttime/policy_editable_pages.n3        |  62 ++++---
 .../firsttime/policy_menu_items_editing.n3    |  78 +++++----
 .../policy_not_modifiable_statements.n3       | 109 ++++++------
 .../firsttime/policy_root_user.n3             |  12 +-
 .../firsttime/simple_permissions_admin.n3     |  86 ++++-----
 .../firsttime/simple_permissions_curator.n3   |   2 +-
 .../firsttime/simple_permissions_public.n3    |   8 +-
 .../simple_permissions_self_editor.n3         |  22 +--
 .../template_access_allowed_class.n3          |  36 ++--
 .../template_access_allowed_property.n3       | 164 +++++++++---------
 ...emplate_access_related_allowed_property.n3 |  28 +--
 .../firsttime/template_simple_permissions.n3  |  15 +-
 ...emplate_update_related_allowed_property.n3 |  38 ++--
 .../accessControl/firsttime/test_values.n3    |   6 +-
 38 files changed, 494 insertions(+), 565 deletions(-)
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/checks.n3

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 21be5b1fd9..3ab2a307e0 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -127,7 +127,7 @@ public class PolicyLoader {
             + "  }\n"
             + "}"
             + "OPTIONAL {\n"
-            + "  ?check ao:type ?checkType . \n"
+            + "  ?check ao:attribute ?checkType . \n"
             + "  OPTIONAL {\n"
             + "    ?checkType ao:id ?typeId . \n"
             + "  }\n"
@@ -167,7 +167,7 @@ public class PolicyLoader {
             + "      }\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?check ao:type ?checkType .\n"
+            + "      ?check ao:attribute ?checkType .\n"
             + "      OPTIONAL {\n"
             + "        ?checkType ao:id ?typeId .\n"
             + "      }\n"
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
index 7b0b069f3e..1393aef56a 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
@@ -14,7 +14,7 @@ public class EditablePagesPolicyTest extends PolicyTest {
     @Test
     public void testLoadEditablePagesPolicy() {
         load(EDITABLE_PAGES_POLICY_PATH);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/EditIndividualPagesPolicy";
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/edit-individual-pages/Policy";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
         countRulesAndAttributes(policy, 2, new HashSet<>(Arrays.asList(5, 6)));
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
index 660b19b8a7..9095d1da9c 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
@@ -19,7 +19,7 @@ public class HomeMenuItemsRestrictionPolicyTest extends PolicyTest {
     @Test
     public void testHomeMenuItemsRestrictionPolicy() {
         load(MENU_ITEMS_POLICY_PATH);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/RestrictHomeMenuItemsEditingPolicy";
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/restrict-home-menu-items-editing/Policy";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
         assertEquals(9000, policy.getPriority());
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
index 4e6e4df7a3..7d621d186f 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
@@ -27,7 +27,7 @@ public void testNonModifiableStatementsPolicy() {
         load(USER_ACCOUNTS_HOME_FIRSTTIME + NOT_MODIFIABLE_STATEMENTS_POLICY_PATH + DATASET + EXT);
 
         String policyUri =
-                "https://vivoweb.org/ontology/vitro-application/auth/individual/NotModifiableStatementsPolicy";
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/template/non-modifiable-statements/PolicyTemplate";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
         assertEquals(8000, policy.getPriority());
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 9b9ea0bfad..73a6a826cc 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -32,7 +32,6 @@ public class PolicyTest {
     protected static final String PUBLIC = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
 
     public static final String ONTOLOGY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "ontology.n3";
-    public static final String CHECKS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "checks.n3";
     public static final String OPERATIONS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "operations.n3";
     public static final String OPERATION_GROUPS = USER_ACCOUNTS_HOME_FIRSTTIME + "operation_groups.n3";
     public static final String SUBJECT_TYPES = USER_ACCOUNTS_HOME_FIRSTTIME + "subject_types.n3";
@@ -69,7 +68,6 @@ public void init() {
         accessControlModel = ModelFactory.createDefaultModel();
         configurationDataSet = DatasetFactory.createTxnMem();
         configurationDataSet.addNamedModel(ModelNames.ACCESS_CONTROL, accessControlModel);
-        load(CHECKS_PATH);
         load(OPERATIONS_PATH);
         load(OPERATION_GROUPS);
         load(SUBJECT_TYPES);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
index 85144c7fd6..8cac718d27 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
@@ -14,7 +14,7 @@ public class RootUserPolicyTest extends PolicyTest {
     @Test
     public void testLoadRootUserPolicy() {
         load(ROOT_POLICY_PATH);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/RootUserPolicy";
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/root-user/Policy";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
         assertEquals(10000, policy.getPriority());
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
index a4cc5d2929..a754a7f240 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
@@ -19,7 +19,7 @@ ai:AllowPersonEditOwnPublication rdf:type ao:Rule ;
           
 ai:PublicationInProximityAttribute rdf:type ao:Check ;
          ao:operator ai:SparqlSelectQueryContains ;
-         ao:type ai:StatementSubjectUri ;
+         ao:attribute ai:StatementSubjectUri ;
          ao:value ai:PublicationProximityToPerson .
 
 ai:PublicationProximityToPerson rdf:type ao:ValueContainer ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
index 12c37ec4d6..c960b09939 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
@@ -19,11 +19,11 @@ ai:BrokenTestRule rdf:type ao:Rule ;
           ao:check ai:BrokenTestAttribute .
           
 ai:BrokenTestAttribute rdf:type ao:Check ;
-         ao:type ai:Operation ;
+         ao:attribute ai:Operation ;
          ao:value ai:PublishOperation .
          
 ai:ValidTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
-         ao:type ai:Operation ;
+         ao:attribute ai:Operation ;
          ao:value ai:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
index 3a45999ad6..63e1004002 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
@@ -24,6 +24,6 @@ ai:BrokenTestAttribute rdf:type ao:Check ;
          
 ai:ValidTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
-         ao:type ai:Operation ;
+         ao:attribute ai:Operation ;
          ao:value ai:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
index 9384cab90f..3bd31a52c9 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
@@ -20,11 +20,11 @@ ai:BrokenTestRule rdf:type ao:Rule ;
           
 ai:BrokenTestAttribute rdf:type ao:Check ;
          ao:operator ai:UnknownTest ;
-         ao:type ai:Operation ;
+         ao:attribute ai:Operation ;
          ao:value ai:PublishOperation .
          
 ai:ValidTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
-         ao:type ai:Operation ;
+         ao:attribute ai:Operation ;
          ao:value ai:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
index aa2f58e0c2..097314b97b 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
@@ -20,11 +20,11 @@ ai:BrokenTestRule rdf:type ao:Rule ;
           
 ai:BrokenTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
-         ao:type ai:UnknownType ;
+         ao:attribute ai:UnknownType ;
          ao:value ai:PublishOperation .
          
 ai:ValidTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
-         ao:type ai:Operation ;
+         ao:attribute ai:Operation ;
          ao:value ai:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index b38755699d..15486130b0 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -21,12 +21,12 @@ ai:BrokenRule rdf:type ao:Rule ;
           
 ai:BrokenAttribute1 rdf:type ao:Check ;
          ao:operator ai:Equals ;
-         ao:type ai:ObjectUri ;
+         ao:attribute ai:ObjectUri ;
          ao:setValue ai:valueSet1 .
          
 ai:BrokenAttribute2 rdf:type ao:Check ;
          ao:operator ai:Equals ;
-         ao:type ai:ObjectUri ;
+         ao:attribute ai:ObjectUri ;
          ao:setValue ai:valueSet2 .
 
 ai:testDataSets rdf:type ao:PolicyDataSets ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index 95fc71d843..ea4506012b 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -21,13 +21,13 @@ ai:BrokenRule rdf:type ao:Rule ;
     
 ai:BrokenSetAttribute1 rdf:type ao:Check ;
     ao:operator ai:NotOneOf ;
-    ao:type ai:ObjectUri ;
+    ao:attribute ai:ObjectUri ;
     ao:templateValue ai:AttributeValueSet1 ;
     .
     
 ai:BrokenSetAttribute2 rdf:type ao:Check ;
     ao:operator ai:NotOneOf ;
-    ao:type ai:ObjectUri ;
+    ao:attribute ai:ObjectUri ;
     ao:templateValue ai:AttributeValueSet2 .
 
 ai:testDataSets rdf:type ao:PolicyDataSets ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
index 8e3a1a1abd..6c5ed205cd 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -20,7 +20,7 @@ ai:KeyTestRule rdf:type ao:Rule ;
           
 ai:KeyTestAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
-         ao:type ai:Operation ;
+         ao:attribute ai:Operation ;
          ao:value ai:PublishOperation .
 
 ai:PolicyKeyTest rdf:type ao:PolicyKey ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
index 484aa95d78..94a007fb14 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
@@ -19,6 +19,6 @@ ai:ValidRule rdf:type ao:Rule ;
           
 ai:ValidAttribute rdf:type ao:Check ;
          ao:operator ai:Equals ;
-         ao:type ai:Operation ;
+         ao:attribute ai:Operation ;
          ao:value ai:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index 8c393298ee..8079c92aa1 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -21,7 +21,7 @@ ai:ValidRule rdf:type ao:Rule ;
       
 ai:ValidAttribute1 rdf:type ao:Check ;
      ao:operator ai:Equals ;
-     ao:type ai:AccessObjectUri ;
+     ao:attribute ai:AccessObjectUri ;
      ao:templateValue ai:AttributeValueSet1 ;
      .
 
@@ -32,7 +32,7 @@ ai:AttributeValueSet1 a ao:AttributeValueSet  ;
      
 ai:ValidAttribute2 rdf:type ao:Check ;
      ao:operator ai:Equals ;
-     ao:type ai:AccessObjectUri ;
+     ao:attribute ai:AccessObjectUri ;
      ao:templateValue ai:AttributeValueSet2 ;
      .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/check_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/check_types.n3
index 7e251b7b79..58f2d2f231 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/check_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/check_types.n3
@@ -9,37 +9,37 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ai:Subject rdf:type ao:AttributeType ;
-         ao:id "SUBJECT" .
+    ao:id "SUBJECT" .
 
 ai:SubjectRole rdf:type ao:AttributeType ;
-         ao:id "SUBJECT_ROLE_URI" .
-         
+    ao:id "SUBJECT_ROLE_URI" .
+
 ai:SubjectType rdf:type ao:AttributeType ;
-         ao:id "SUBJECT_TYPE" .
+    ao:id "SUBJECT_TYPE" .
 
 ai:AccessObjectUri rdf:type ao:AttributeType ;
-         ao:id "ACCESS_OBJECT_URI" .
-         
+    ao:id "ACCESS_OBJECT_URI" .
+
 ai:AccessObjectType rdf:type ao:AttributeType ;
-         ao:id "ACCESS_OBJECT_TYPE" .
+    ao:id "ACCESS_OBJECT_TYPE" .
 
 ai:Operation rdf:type ao:AttributeType ;
-         ao:id "OPERATION" .
-         
+    ao:id "OPERATION" .
+
 ai:SubjectNotMatch rdf:type ao:AttributeType ;
-         ao:id "SUBJECT_NOT_MATCH" .
-         
+    ao:id "SUBJECT_NOT_MATCH" .
+
 ai:ObjectNotMatch rdf:type ao:AttributeType ;
-         ao:id "OBJECT_NOT_MATCH" .
-         
+    ao:id "OBJECT_NOT_MATCH" .
+
 ai:RelatesToSubjectProfile rdf:type ao:AttributeType ;
-         ao:id "RELATES_TO_SUBJECT_PROFILE" .
-         
+    ao:id "RELATES_TO_SUBJECT_PROFILE" .
+
 ai:StatementPredicateUri rdf:type ao:AttributeType ;
-         ao:id "STATEMENT_PREDICATE_URI" .
-         
+    ao:id "STATEMENT_PREDICATE_URI" .
+
 ai:StatementSubjectUri rdf:type ao:AttributeType ;
-         ao:id "STATEMENT_SUBJECT_URI" .
+    ao:id "STATEMENT_SUBJECT_URI" .
 
 ai:StatementObjectUri rdf:type ao:AttributeType ;
-         ao:id "STATEMENT_OBJECT_URI" .
+    ao:id "STATEMENT_OBJECT_URI" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/checks.n3 b/home/src/main/resources/rdf/accessControl/firsttime/checks.n3
deleted file mode 100644
index 10ea03e74e..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/checks.n3
+++ /dev/null
@@ -1,105 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-###########################################################################
-### Operation attributes
-
-ai:DisplayOperationAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:Operation ;
-         ao:value ai:DisplayOperation .
-         
-ai:PublishOperationAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:Operation ;
-         ao:value ai:PublishOperation .
-         
-ai:UpdateOperationAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:Operation ;
-         ao:value ai:UpdateOperation .
-         
-ai:EditOperationAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:Operation ;
-         ao:value ai:EditOperation .
-         
-ai:DropOperationAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:Operation ;
-         ao:value ai:DropOperation .
-         
-ai:AddOperationAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:Operation ;
-         ao:value ai:AddOperation .
-         
-ai:UpdateAddEditOrDropOperationsAttribute rdf:type ao:Check ;
-         ao:operator ai:OneOf ;
-         ao:type ai:Operation ;
-         ao:value ai:UpdateOperation ;
-         ao:value ai:AddOperation ;
-         ao:value ai:EditOperation ;
-         ao:value ai:DropOperation .
-         
-###########################################################################
-### Object attributes
-
-ai:ObjectPropertyTypeAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:AccessObjectType ;
-         ao:value ai:ObjectPropertyAccesObject .
-
-ai:DataPropertyTypeAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:AccessObjectType ;
-         ao:value ai:DataPropertyAccesObject .
-
-ai:ObjectPropertyStatementTypeAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:AccessObjectType ;
-         ao:value ai:ObjectPropertyStatementAccesObject .
-         
-ai:DataPropertyStatementTypeAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:AccessObjectType ;
-         ao:value ai:DataPropertyStatementAccesObject .
-
-ai:FauxObjectPropertyStatementTypeAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:AccessObjectType ;
-         ao:value ai:FauxObjectPropertyStatementAccesObject .
-         
-ai:FauxDataPropertyStatementTypeAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:AccessObjectType ;
-         ao:value ai:FauxDataPropertyStatementAccesObject .
-
-ai:NamedObjectTypeAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:AccessObjectType ;
-         ao:value ai:NamedObject .
-         
-ai:ClassTypeAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:AccessObjectType ;
-         ao:value ai:Class .
-         
-ai:FauxObjectPropertyTypeAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:AccessObjectType ;
-         ao:value ai:FauxObjectPropertyAccesObject .
-
-ai:FauxDataPropertyTypeAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:AccessObjectType ;
-         ao:value ai:FauxDataPropertyAccesObject .
-
-         
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
index e064a0299a..8f48786905 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
@@ -9,7 +9,7 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ai:Deny rdf:type ao:Decision;
-         ao:id "DENY" .
+    ao:id "DENY" .
 
 ai:Allow rdf:type ao:Decision;
-         ao:id "ALLOW" .
+    ao:id "ALLOW" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
index d7c03b062a..670bd4bfa8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
@@ -7,36 +7,36 @@
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-   
+
 ai:ObjectPropertyAccesObject rdf:type ao:ObjectType ;
-     ao:id "OBJECT_PROPERTY" .
+    ao:id "OBJECT_PROPERTY" .
 
 ai:DataPropertyAccesObject rdf:type ao:ObjectType ;
-     ao:id "DATA_PROPERTY" .
-     
+    ao:id "DATA_PROPERTY" .
+
 ai:FauxDataPropertyAccesObject rdf:type ao:ObjectType ;
-     ao:id "FAUX_DATA_PROPERTY" .
+    ao:id "FAUX_DATA_PROPERTY" .
 
 ai:FauxObjectPropertyAccesObject rdf:type ao:ObjectType ;
-     ao:id "FAUX_OBJECT_PROPERTY" .
+    ao:id "FAUX_OBJECT_PROPERTY" .
 
 ai:ObjectPropertyStatementAccesObject rdf:type ao:ObjectType ;
-     ao:id "OBJECT_PROPERTY_STATEMENT" .
+    ao:id "OBJECT_PROPERTY_STATEMENT" .
 
 ai:DataPropertyStatementAccesObject rdf:type ao:ObjectType ;
-     ao:id "DATA_PROPERTY_STATEMENT" .
+    ao:id "DATA_PROPERTY_STATEMENT" .
 
 ai:FauxObjectPropertyStatementAccesObject rdf:type ao:ObjectType ;
-     ao:id "FAUX_OBJECT_PROPERTY_STATEMENT" .
+    ao:id "FAUX_OBJECT_PROPERTY_STATEMENT" .
 
 ai:FauxDataPropertyStatementAccesObject rdf:type ao:ObjectType ;
-     ao:id "FAUX_DATA_PROPERTY_STATEMENT" .
+    ao:id "FAUX_DATA_PROPERTY_STATEMENT" .
 
 ai:Class rdf:type ao:ObjectType ;
-     ao:id "CLASS" .
-     
+    ao:id "CLASS" .
+
 ai:NamedObject rdf:type ao:ObjectType ;
-     ao:id "NAMED_OBJECT" .
+    ao:id "NAMED_OBJECT" .
 
 #Object type value containers
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3 b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
index 2ac1c0ae19..7efe76c92e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
@@ -14,128 +14,128 @@
 #### Classes
 
 ao:PolicyTemplate a owl:Class ;
-     rdfs:label "Access rule policy template"@en-US .
+    rdfs:label "Access rule policy template"@en-US .
 
 ao:Policy a owl:Class ;
-     rdfs:label "Access rule policy"@en-US .
+    rdfs:label "Access rule policy"@en-US .
 
 ao:PolicyDataSet a owl:Class ;
-     rdfs:label "Test datasets"@en-US .
-     
+    rdfs:label "Test datasets"@en-US .
+
 ao:ValueContainer a owl:Class ;
-     rdfs:label "Test data"@en-US .
-     
+    rdfs:label "Test data"@en-US .
+
 ao:TestValue a owl:Class ;
-     rdfs:label "Test value"@en-US .
+    rdfs:label "Test value"@en-US .
 
 ao:Rule a owl:Class ;
-     rdfs:label "Access rule"@en-US .
-     
+    rdfs:label "Access rule"@en-US .
+
 ao:Rules a owl:Class ;
-     rdfs:label "Access rule set"@en-US .
-     
+    rdfs:label "Access rule set"@en-US .
+
 ao:PolicyKey a owl:Class ;
-     rdfs:label "Policy key"@en-US .
+    rdfs:label "Policy key"@en-US .
 
 ao:Check a owl:Class ;
-     rdfs:label "Access rule attribute"@en-US .
-     
+    rdfs:label "Access rule attribute"@en-US .
+
 ao:Operator a owl:Class ;
-     rdfs:label "Operator"@en-US .
+    rdfs:label "Operator"@en-US .
 
 ao:Operation a owl:Class ;
-     rdfs:label "Operation"@en-US .
+    rdfs:label "Operation"@en-US .
 
 ao:OperationGroup a owl:Class ;
-     rdfs:label "Operation group"@en-US .
+    rdfs:label "Operation group"@en-US .
 
 ao:ObjectType a owl:Class ;
-     rdfs:label "Object type"@en-US .
-     
+    rdfs:label "Object type"@en-US .
+
 ao:SubjectType a owl:Class ;
-     rdfs:label "Subject type"@en-US .
+    rdfs:label "Subject type"@en-US .
 
 ao:AccesObject a owl:Class ;
-     rdfs:label "Access object"@en-US .
+    rdfs:label "Access object"@en-US .
 
 ao:AttributeType a owl:Class ;
-     rdfs:label "Attribute type"@en-US .
-     
+    rdfs:label "Attribute type"@en-US .
+
 ao:Decision a owl:Class ;
-     rdfs:label "Decision"@en-US .
-     
+    rdfs:label "Decision"@en-US .
+
 #### Data properties
 
 ao:attributeName a owl:DatatypeProperty ,
-            owl:FunctionalProperty ;
-            rdfs:domain ao:Check ;
-            rdfs:range xsd:string ;
-            rdfs:label "Attribute name"@en-US .
+    owl:FunctionalProperty ;
+    rdfs:domain ao:Check ;
+    rdfs:range xsd:string ;
+    rdfs:label "Attribute name"@en-US .
 
 ao:id a owl:DatatypeProperty ,
-            owl:FunctionalProperty ;
-            rdfs:domain ao:AttributeType ;
-            rdfs:range xsd:string ;
-            rdfs:label "id"@en-US .
+    owl:FunctionalProperty ;
+    rdfs:domain ao:AttributeType ;
+    rdfs:range xsd:string ;
+    rdfs:label "id"@en-US .
 
 ao:stringValue a owl:DatatypeProperty ,
-            owl:FunctionalProperty ;
-            rdfs:range xsd:string ;
-            rdfs:label "id"@en-US .            
+    owl:FunctionalProperty ;
+    rdfs:range xsd:string ;
+    rdfs:label "id"@en-US .    
 
 ao:priority a owl:DatatypeProperty ,
-            owl:FunctionalProperty ;
-            rdfs:range xsd:integer ;
-            rdfs:label "priority"@en-US . 
-            
+    owl:FunctionalProperty ;
+    rdfs:range xsd:integer ;
+    rdfs:label "priority"@en-US . 
+
 #### Object properties
 
 ao:check a owl:ObjectProperty ;
-          rdfs:domain ao:Rule ;
-          rdfs:range ao:Check .
-          
+    rdfs:domain ao:Rule ;
+    rdfs:range ao:Check .
+
 ao:decision a owl:ObjectProperty ;
-          rdfs:domain ao:Rule ;
-          rdfs:range ao:Decision .          
-          
+    rdfs:domain ao:Rule ;
+    rdfs:range ao:Decision .    
+
 ao:rules a owl:ObjectProperty ;
-          rdfs:domain ao:Policy ;
-          rdfs:range ao:Rules .
+    rdfs:domain ao:Policy ;
+    rdfs:range ao:Rules .
 
 ao:policyDataSets a owl:ObjectProperty ;
-          rdfs:domain ao:Policy ;
-          rdfs:range ao:PolicyDataSet .
+    rdfs:domain ao:Policy ;
+    rdfs:range ao:PolicyDataSet .
 
 ao:testData a owl:ObjectProperty ;
-          rdfs:domain ao:PolicyDataSet ;
-          rdfs:range ao:ValueContainer .
+    rdfs:domain ao:PolicyDataSet ;
+    rdfs:range ao:ValueContainer .
 
 ao:containerType a owl:ObjectProperty ;
-          rdfs:domain ao:ValueContainer .
+    rdfs:domain ao:ValueContainer .
 
 ao:uri a owl:ObjectProperty .
 
 ao:value a owl:ObjectProperty ;
-          rdfs:domain ao:Check .
-          
+    rdfs:domain ao:Check .
+
 ao:setValue a owl:ObjectProperty ;
-          rdfs:domain ao:Check .          
-    
+    rdfs:domain ao:Check .    
+
 ao:operation a owl:ObjectProperty ;
-          rdfs:domain ao:Rule ;
-          rdfs:range ao:Operation .
-          
+    rdfs:domain ao:Rule ;
+    rdfs:range ao:Operation .
+
 ao:rule a owl:ObjectProperty ;
-          rdfs:domain ao:Policy ;
-          rdfs:range ao:Rule .
-          
+    rdfs:domain ao:Policy ;
+    rdfs:range ao:Rule .
+
 ao:test a owl:ObjectProperty ;
-          rdfs:domain ao:Check ;
-          rdfs:range ao:Operator .
-          
+    rdfs:domain ao:Check ;
+    rdfs:range ao:Operator .
+
 ao:keyComponent a owl:ObjectProperty .
-          
+
 ao:policyKey a owl:ObjectProperty ;
-          rdfs:domain ao:Policy ;
-          rdfs:range ao:PolicyKey .            
+    rdfs:domain ao:Policy ;
+    rdfs:range ao:PolicyKey .    
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3
index b8de6b2682..cd65857d29 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3
@@ -9,10 +9,10 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ai:DisplayOperationGroup rdf:type ao:OperationGroup ;
-         ao:id "DISPLAY_GROUP" .
-         
+    ao:id "DISPLAY_GROUP" .
+
 ai:UpdateOperationGroup rdf:type ao:OperationGroup ;
-         ao:id "UPDATE_GROUP" .
-         
+    ao:id "UPDATE_GROUP" .
+
 ai:PublishOperationGroup rdf:type ao:OperationGroup ;
-         ao:id "PUBLISH_GROUP" .         
+    ao:id "PUBLISH_GROUP" .    
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/operations.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
index d596165168..f1bfd9da03 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
@@ -10,16 +10,16 @@
 
 ai:DisplayOperation rdf:type ao:Operation ;
     ao:id "DISPLAY" .
-    
+
 ai:UpdateOperation rdf:type ao:Operation ;
     ao:id "UPDATE" .
-    
+
 ai:PublishOperation rdf:type ao:Operation ;
     ao:id "PUBLISH" .    
 
 ai:AddOperation rdf:type ao:Operation ;
     ao:id "ADD" .
-    
+
 ai:DropOperation rdf:type ao:Operation ;
     ao:id "DROP" .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/operators.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operators.n3
index 7d1f697670..98e93cf9c1 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/operators.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/operators.n3
@@ -9,19 +9,19 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ai:Equals rdf:type ao:Operator;
-         ao:id "EQUALS" .
+    ao:id "EQUALS" .
 
 ai:NotEquals rdf:type ao:Operator;
-         ao:id "NOT_EQUALS" .
-         
+    ao:id "NOT_EQUALS" .
+
 ai:OneOf rdf:type ao:Operator;
-         ao:id "ONE_OF" .
-         
+    ao:id "ONE_OF" .
+
 ai:NotOneOf rdf:type ao:Operator;
-         ao:id "NOT_ONE_OF" .
-         
+    ao:id "NOT_ONE_OF" .
+
 ai:StartsWith rdf:type ao:Operator;
-         ao:id "STARTS_WITH" .
-         
+    ao:id "STARTS_WITH" .
+
 ai:SparqlSelectQueryContains rdf:type ao:Operator;
-         ao:id "SPARQL_SELECT_QUERY_CONTAINS" .
+    ao:id "SPARQL_SELECT_QUERY_CONTAINS" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index 6f71556654..9e7acb4945 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -8,52 +8,62 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/policy/edit-individual-pages/> .
 
-ai:EditIndividualPagesPolicy rdf:type ao:Policy ;
-    ao:rules ai:EditIndividualPagesRuleSet .
+:Policy rdf:type ao:Policy ;
+    ao:rules :RuleSet .
 
-ai:EditIndividualPagesRuleSet rdf:type ao:Rules ;
-    ao:rule ai:AllowEditRelatedPagesRule ;
-    ao:rule ai:AllowEditIndividualPagesRule .
+:RuleSet rdf:type ao:Rules ;
+    ao:rule :AllowEditRelatedPagesRule ;
+    ao:rule :AllowEditIndividualPagesRule .
 
-ai:AllowEditIndividualPagesRule rdf:type ao:Rule;
+:AllowEditIndividualPagesRule rdf:type ao:Rule;
     ao:check :SubjectRoleOneOfEditorsCheck ;
-    ao:check ai:AddOperationAttribute ;
-    ao:check ai:ObjectPropertyStatementTypeAttribute ;
-    ao:check ai:SomeObjectUriAttribute ;
-    ao:check ai:SomePredicateAttribute .
+    ao:check :IsAddOperation ;
+    ao:check :IsObjectPropertyStatement ;
+    ao:check :ObjectUriIsSomeUri ;
+    ao:check :PredicateIsSomePredicate .
 
 :SubjectRoleOneOfEditorsCheck rdf:type ao:Check ;
     ao:operator ai:OneOf ;
-    ao:type ai:SubjectRole ;
+    ao:attribute ai:SubjectRole ;
     ao:value auth:ADMIN ;
     ao:value auth:CURATOR ;
     ao:value auth:EDITOR .
 
-:SubjectRoleEqualsSelfEditorCheck rdf:type ao:Check ;
+:SubjectRoleIsSelfEditor rdf:type ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:SubjectRole ;
+    ao:attribute ai:SubjectRole ;
     ao:value auth:SELF_EDITOR .
 
-ai:AllowEditRelatedPagesRule rdf:type ao:Rule;
-    ao:check :SubjectRoleEqualsSelfEditorCheck ;
-    ao:check ai:StatementObjectUriContainsSelfEditorResourceAttribute;
-    ao:check ai:AddOperationAttribute ;
-    ao:check ai:ObjectPropertyStatementTypeAttribute ;
-    ao:check ai:SomeObjectUriAttribute ;
-    ao:check ai:SomePredicateAttribute .
+:IsAddOperation rdf:type ao:Check ;
+    ao:operator ai:Equals ;
+    ao:attribute ai:Operation ;
+    ao:value ai:AddOperation .
+
+:AllowEditRelatedPagesRule rdf:type ao:Rule;
+    ao:check :SubjectRoleIsSelfEditor ;
+    ao:check :SubjectUriIsProfileRelatedResource ;
+    ao:check :IsAddOperation ;
+    ao:check :IsObjectPropertyStatement ;
+    ao:check :ObjectUriIsSomeUri ;
+    ao:check :PredicateIsSomePredicate .
 
-ai:SomePredicateAttribute rdf:type ao:Check ;
+:PredicateIsSomePredicate rdf:type ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:StatementPredicateUri ;
+    ao:attribute ai:StatementPredicateUri ;
     ao:value ai:SomeUriTestData .
 
-ai:SomeObjectUriAttribute rdf:type ao:Check ;
+:ObjectUriIsSomeUri rdf:type ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:StatementObjectUri ;
+    ao:attribute ai:StatementObjectUri ;
     ao:value ai:SomeUriTestData .
 
-ai:StatementObjectUriContainsSelfEditorResourceAttribute rdf:type ao:Check ;
+:SubjectUriIsProfileRelatedResource rdf:type ao:Check ;
     ao:operator ai:SparqlSelectQueryContains ;
-    ao:type ai:StatementSubjectUri ;
+    ao:attribute ai:StatementSubjectUri ;
     ao:value ai:PersonProfileProximityToResourceUri .
 
+:IsObjectPropertyStatement rdf:type ao:Check ;
+    ao:operator ai:Equals ;
+    ao:attribute ai:AccessObjectType ;
+    ao:value ai:ObjectPropertyStatementAccesObject .
+
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
index 3660763951..3ea80cbea8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
@@ -7,35 +7,51 @@
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/policy/restrict-home-menu-items-editing/> .
 
-ai:RestrictHomeMenuItemsEditingPolicy rdf:type ao:Policy ;
-          ao:priority 9000 ;
-          ao:rules ai:RestrictHomeMenuItemsEditingRuleSet .
-
-ai:RestrictHomeMenuItemsEditingRuleSet rdf:type ao:Rules ;
-          ao:rule ai:RestrictEditHomeMenuItems ;
-          ao:rule ai:RestrictDropHomeMenuItems .
-          
-ai:RestrictEditHomeMenuItems rdf:type ao:Rule ;
-          ao:decision ai:Deny ;
-          ao:check ai:EditOperationAttribute ;
-          ao:check ai:ObjectPropertyStatementTypeAttribute ;
-          ao:check ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute ;
-          ao:check ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute .
-          
-ai:RestrictDropHomeMenuItems rdf:type ao:Rule ;
-          ao:decision ai:Deny ;
-          ao:check ai:DropOperationAttribute ;
-          ao:check ai:ObjectPropertyStatementTypeAttribute ;
-          ao:check ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute ;
-          ao:check ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute .
-          
-ai:ObjectPropertyStatementPredicateUriEqualsToHasHomeAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:StatementPredicateUri ;
-         ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem> .
-
-ai:ObjectPropertyStatementObjectUriEqualsToHomeMenuItemAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:type ai:StatementObjectUri ;
-         ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement> .
+:Policy rdf:type ao:Policy ;
+    ao:priority 9000 ;
+    ao:rules :RuleSet .
+
+:RuleSet rdf:type ao:Rules ;
+    ao:rule :RestrictEdit ;
+    ao:rule :RestrictDrop .
+
+:RestrictEdit rdf:type ao:Rule ;
+    ao:decision ai:Deny ;
+    ao:check :IsEditOperationCheck ;
+    ao:check :IsObjectPropertyStatement ;
+    ao:check :PredicateUriEqualsHomeMenuItem ;
+    ao:check :ObjectUriEqualsHasElement .
+
+:RestrictDrop rdf:type ao:Rule ;
+    ao:decision ai:Deny ;
+    ao:check :IsDropOperationCheck ;
+    ao:check :IsObjectPropertyStatement ;
+    ao:check :PredicateUriEqualsHomeMenuItem ;
+    ao:check :ObjectUriEqualsHasElement .
+
+:IsEditOperationCheck rdf:type ao:Check ;
+    ao:operator ai:Equals ;
+    ao:attribute ai:Operation ;
+    ao:value ai:EditOperation .
+
+:IsDropOperationCheck rdf:type ao:Check ;
+    ao:operator ai:Equals ;
+    ao:attribute ai:Operation ;
+    ao:value ai:DropOperation .
+
+:IsObjectPropertyStatement rdf:type ao:Check ;
+    ao:operator ai:Equals ;
+    ao:attribute ai:AccessObjectType ;
+    ao:value ai:ObjectPropertyStatementAccesObject .
+
+:PredicateUriEqualsHomeMenuItem rdf:type ao:Check ;
+    ao:operator ai:Equals ;
+    ao:attribute ai:StatementPredicateUri ;
+    ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem> .
+
+:ObjectUriEqualsHasElement rdf:type ao:Check ;
+    ao:operator ai:Equals ;
+    ao:attribute ai:StatementObjectUri ;
+    ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
index 5e3c605b2d..317a331868 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
@@ -7,89 +7,96 @@
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/non-modifiable-statements/> .
 
-ai:NotModifiableStatementsPolicy a ao:PolicyTemplate ;
+:PolicyTemplate a ao:PolicyTemplate ;
     ao:priority 8000 ;
-    ao:policyDataSets ai:NotModifiableStatementsPolicyDataSets ;
-    ao:rules ai:NotModifiableStatementsRuleSet .
-
-ai:NotModifiableStatementsRuleSet a ao:Rules ;
-    ao:rule ai:RestrictObjectPropertyStatementsWithNotModifiablePredicate ;
-    
-    ao:rule ai:RestrictObjectPropertyStatementsWithNotModifiableSubject ;
-    
-    ao:rule ai:RestrictObjectPropertyStatementsWithNotModifiableObject ;
-    
-    ao:rule ai:RestrictDataPropertyStatementsWithNotModifiableSubject ;
-    
-    ao:rule ai:RestrictDataPropertyStatementsWithNotModifiablePredicate ;
+    ao:policyDataSets :DataSets ;
+    ao:rules :RuleSet .
+
+:RuleSet a ao:Rules ;
+    ao:rule :RestrictObjectPropertyStatementsWithNotModifiablePredicate ;
+    ao:rule :RestrictObjectPropertyStatementsWithNotModifiableSubject ;
+    ao:rule :RestrictObjectPropertyStatementsWithNotModifiableObject ;
+    ao:rule :RestrictDataPropertyStatementsWithNotModifiableSubject ;
+    ao:rule :RestrictDataPropertyStatementsWithNotModifiablePredicate ;
     .
 
-ai:RestrictObjectPropertyStatementsWithNotModifiableSubject a ao:Rule ;
+:RestrictObjectPropertyStatementsWithNotModifiableSubject a ao:Rule ;
     ao:decision ai:Deny ;
-    ao:check ai:ObjectPropertyStatementTypeAttribute ;
-    ao:check ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute ;
-    ao:check ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions .
+    ao:check :IsObjectPropertyStatement ;
+    ao:check :SubjectUriStartWithProhibitedNamespace ;
+    ao:check :StatementSubjectNotOneOfProhibitedExceptions .
 
-ai:RestrictObjectPropertyStatementsWithNotModifiablePredicate a ao:Rule ;
+:RestrictObjectPropertyStatementsWithNotModifiablePredicate a ao:Rule ;
     ao:decision ai:Deny ;
-    ao:check ai:ObjectPropertyStatementTypeAttribute ;
-    ao:check ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute ;
-    ao:check ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions .
+    ao:check :IsObjectPropertyStatement ;
+    ao:check :PredicateUriStartWithProhibitedNamespace ;
+    ao:check :PredicateNotANamespaceException .
 
-ai:RestrictObjectPropertyStatementsWithNotModifiableObject a ao:Rule ;
+:RestrictObjectPropertyStatementsWithNotModifiableObject a ao:Rule ;
     ao:decision ai:Deny ;
-    ao:check ai:ObjectPropertyStatementTypeAttribute ;
-    ao:check ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute ;
-    ao:check ai:PropertyStatementObjectUriEqualsToProhibitedExceptions .
+    ao:check :IsObjectPropertyStatement ;
+    ao:check :StatementObjectUriStartsWithProhibitedNameSpace ;
+    ao:check :ObjectUriNotOneOfProhibitedExceptions .
 
-ai:RestrictDataPropertyStatementsWithNotModifiableSubject a ao:Rule ;
+:RestrictDataPropertyStatementsWithNotModifiableSubject a ao:Rule ;
     ao:decision ai:Deny ;
-    ao:check ai:DataPropertyStatementTypeAttribute ;
-    ao:check ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute ;
-    ao:check ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions .
+    ao:check :IsDataPropertyStatement ;
+    ao:check :SubjectUriStartWithProhibitedNamespace ;
+    ao:check :StatementSubjectNotOneOfProhibitedExceptions .
 
-ai:RestrictDataPropertyStatementsWithNotModifiablePredicate a ao:Rule ;
+:RestrictDataPropertyStatementsWithNotModifiablePredicate a ao:Rule ;
     ao:decision ai:Deny ;
-    ao:check ai:DataPropertyStatementTypeAttribute ;
-    ao:check ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute ;
-    ao:check ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions .
+    ao:check :IsDataPropertyStatement ;
+    ao:check :PredicateUriStartWithProhibitedNamespace ;
+    ao:check :PredicateNotANamespaceException .
+
+:IsObjectPropertyStatement rdf:type ao:Check ;
+    ao:operator ai:Equals ;
+    ao:attribute ai:AccessObjectType ;
+    ao:value ai:ObjectPropertyStatementAccesObject .
+
+:IsDataPropertyStatement rdf:type ao:Check ;
+    ao:operator ai:Equals ;
+    ao:attribute ai:AccessObjectType ;
+    ao:value ai:DataPropertyStatementAccesObject .
 
 ### Not modifiable property statement attributes
-ai:PropertyStatementPredicateUriStartWithProhibitedNameSpaceAttribute a ao:Check ;
+:PredicateUriStartWithProhibitedNamespace a ao:Check ;
     ao:operator ai:StartsWith ;
-    ao:type ai:StatementPredicateUri ;
+    ao:attribute ai:StatementPredicateUri ;
     ao:templateValue ai:ProhibitedNamespaceValueSet .
 
-ai:PropertyStatementPredicateUriEqualsToProhibitedExceptions a ao:Check ;
+:PredicateNotANamespaceException a ao:Check ;
     ao:operator ai:NotOneOf ;
-    ao:type ai:StatementPredicateUri ;
+    ao:attribute ai:StatementPredicateUri ;
     ao:templateValue ai:ProhibitedNamespaceExceptionsValueSet .
-    
-ai:PropertyStatementSubjectUriStartWithProhibitedNameSpaceAttribute a ao:Check ;
+
+:SubjectUriStartWithProhibitedNamespace a ao:Check ;
     ao:operator ai:StartsWith ;
-    ao:type ai:StatementSubjectUri ;
+    ao:attribute ai:StatementSubjectUri ;
     ao:templateValue ai:ProhibitedNamespaceValueSet .
 
-ai:PropertyStatementSubjectUriEqualsToProhibitedExceptions a ao:Check ;
+:StatementSubjectNotOneOfProhibitedExceptions a ao:Check ;
     ao:operator ai:NotOneOf ;
-    ao:type ai:StatementSubjectUri ;
+    ao:attribute ai:StatementSubjectUri ;
     ao:templateValue ai:ProhibitedNamespaceExceptionsValueSet .    
-    
-ai:PropertyStatementObjectUriStartWithProhibitedNameSpaceAttribute a ao:Check ;
+
+:StatementObjectUriStartsWithProhibitedNameSpace a ao:Check ;
     ao:operator ai:StartsWith ;
-    ao:type ai:StatementObjectUri ;
+    ao:attribute ai:StatementObjectUri ;
     ao:templateValue ai:ProhibitedNamespaceValueSet .
 
-ai:PropertyStatementObjectUriEqualsToProhibitedExceptions a ao:Check ;
+:ObjectUriNotOneOfProhibitedExceptions a ao:Check ;
     ao:operator ai:NotOneOf ;
-    ao:type ai:StatementObjectUri ;
+    ao:attribute ai:StatementObjectUri ;
     ao:templateValue ai:ProhibitedNamespaceExceptionsValueSet .  
-    
+
 ### Not modifiable data property statement attributes    
 
 ###DataSets
-ai:NotModifiableStatementsPolicyDataSets a ao:PolicyDataSets ;
+:DataSets a ao:PolicyDataSets ;
     ao:policyDataSet ai:NotModifiableStatementsPolicyDataSet .
 
 ai:NotModifiableStatementsPolicyDataSet a ao:PolicyDataSet ;
@@ -104,7 +111,7 @@ ai:ProhibitedNamespaceExceptionsValueSet a ao:AttributeValueSet ;
 
 ai:ProhibitedNamespaceExceptionsValueContainer a ao:ValueContainer ;
     .
-    
+
 ai:ProhibitedNamespaceValueContainer a ao:ValueContainer ;
     .
     
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
index d8dca27e50..27de2c0b1d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
@@ -9,18 +9,18 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/policy/root-user/> .
 
-ai:RootUserPolicy rdf:type ao:Policy ;
+:Policy rdf:type ao:Policy ;
     ao:priority 10000 ;
-    ao:rules ai:RootRuleSet .
+    ao:rules :RuleSet .
 
-ai:RootRuleSet rdf:type ao:Rules ;
-    ao:rule ai:AllowRootUserRule .
+:RuleSet rdf:type ao:Rules ;
+    ao:rule :AllowRootUserRule .
 
-ai:AllowRootUserRule rdf:type ao:Rule;
+:AllowRootUserRule rdf:type ao:Rule;
     ao:check :IsRootUserCheck .
 
 :IsRootUserCheck rdf:type ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:SubjectType ;
+    ao:attribute ai:SubjectType ;
     ao:value ai:RootUserSubject .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3
index 2963e086ae..f05cd6a7fc 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3
@@ -10,51 +10,51 @@
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 
 ai:AdminSimplePermissionValueContainer
-        ao:dataValue simplePermission:AccessSpecialDataModels ;
-        ao:dataValue simplePermission:EnableDeveloperPanel ;
-        ao:dataValue simplePermission:LoginDuringMaintenance ;
-        ao:dataValue simplePermission:ManageMenus ;
-        ao:dataValue simplePermission:ManageProxies ;
-        ao:dataValue simplePermission:ManageSearchIndex ;
-        ao:dataValue simplePermission:ManageUserAccounts ;
-        ao:dataValue simplePermission:RefreshVisualizationCache ;
-        ao:dataValue simplePermission:SeeConfiguration ;
-        ao:dataValue simplePermission:SeeStartupStatus ;
-        ao:dataValue simplePermission:UseAdvancedDataToolsPages ;
-        ao:dataValue simplePermission:UseMiscellaneousAdminPages ;
-        ao:dataValue simplePermission:UseSparqlQueryPage ;
-        ao:dataValue simplePermission:PageViewableAdmin ;
+    ao:dataValue simplePermission:AccessSpecialDataModels ;
+    ao:dataValue simplePermission:EnableDeveloperPanel ;
+    ao:dataValue simplePermission:LoginDuringMaintenance ;
+    ao:dataValue simplePermission:ManageMenus ;
+    ao:dataValue simplePermission:ManageProxies ;
+    ao:dataValue simplePermission:ManageSearchIndex ;
+    ao:dataValue simplePermission:ManageUserAccounts ;
+    ao:dataValue simplePermission:RefreshVisualizationCache ;
+    ao:dataValue simplePermission:SeeConfiguration ;
+    ao:dataValue simplePermission:SeeStartupStatus ;
+    ao:dataValue simplePermission:UseAdvancedDataToolsPages ;
+    ao:dataValue simplePermission:UseMiscellaneousAdminPages ;
+    ao:dataValue simplePermission:UseSparqlQueryPage ;
+    ao:dataValue simplePermission:PageViewableAdmin ;
 
-        # Uncomment the following permission line to enable the SPARQL update API.
-        # Before enabling, be sure that the URL api/sparqlUpdate is secured by HTTPS,
-        # so passwords will not be sent in clear text.
-        #ao:dataValue simplePermission:UseSparqlUpdateApi ;
+    # Uncomment the following permission line to enable the SPARQL update API.
+    # Before enabling, be sure that the URL api/sparqlUpdate is secured by HTTPS,
+    # so passwords will not be sent in clear text.
+    #ao:dataValue simplePermission:UseSparqlUpdateApi ;
 
-        # permissions for CURATOR and above.
-        ao:dataValue simplePermission:EditOntology ;
-        ao:dataValue simplePermission:EditSiteInformation ;
-        ao:dataValue simplePermission:SeeVerbosePropertyInformation ;
-        ao:dataValue simplePermission:UseMiscellaneousCuratorPages ;
-        ao:dataValue simplePermission:PageViewableCurator ;
+    # permissions for CURATOR and above.
+    ao:dataValue simplePermission:EditOntology ;
+    ao:dataValue simplePermission:EditSiteInformation ;
+    ao:dataValue simplePermission:SeeVerbosePropertyInformation ;
+    ao:dataValue simplePermission:UseMiscellaneousCuratorPages ;
+    ao:dataValue simplePermission:PageViewableCurator ;
 
-        # permissions for EDITOR and above.
-        ao:dataValue simplePermission:DoBackEndEditing ;
-        ao:dataValue simplePermission:SeeIndividualEditingPanel ;
-        ao:dataValue simplePermission:SeeRevisionInfo ;
-        ao:dataValue simplePermission:SeeSiteAdminPage ;
-        ao:dataValue simplePermission:UseIndividualControlPanel ;
-        ao:dataValue simplePermission:PageViewableEditor ;
+    # permissions for EDITOR and above.
+    ao:dataValue simplePermission:DoBackEndEditing ;
+    ao:dataValue simplePermission:SeeIndividualEditingPanel ;
+    ao:dataValue simplePermission:SeeRevisionInfo ;
+    ao:dataValue simplePermission:SeeSiteAdminPage ;
+    ao:dataValue simplePermission:UseIndividualControlPanel ;
+    ao:dataValue simplePermission:PageViewableEditor ;
 
-        # permissions for ANY logged-in user.
-        ao:dataValue simplePermission:DoFrontEndEditing ;
-        ao:dataValue simplePermission:EditOwnAccount ;
-        ao:dataValue simplePermission:ManageOwnProxies ;
-        ao:dataValue simplePermission:QueryUserAccountsModel ;
-        ao:dataValue simplePermission:UseBasicAjaxControllers ;
-        ao:dataValue simplePermission:UseMiscellaneousPages ;
-        ao:dataValue simplePermission:PageViewableLoggedIn ;
+    # permissions for ANY logged-in user.
+    ao:dataValue simplePermission:DoFrontEndEditing ;
+    ao:dataValue simplePermission:EditOwnAccount ;
+    ao:dataValue simplePermission:ManageOwnProxies ;
+    ao:dataValue simplePermission:QueryUserAccountsModel ;
+    ao:dataValue simplePermission:UseBasicAjaxControllers ;
+    ao:dataValue simplePermission:UseMiscellaneousPages ;
+    ao:dataValue simplePermission:PageViewableLoggedIn ;
 
-        # permissions for ANY user, even if they are not logged in.
-        ao:dataValue simplePermission:QueryFullModel ;
-        ao:dataValue simplePermission:PageViewablePublic ;
-        .
+    # permissions for ANY user, even if they are not logged in.
+    ao:dataValue simplePermission:QueryFullModel ;
+    ao:dataValue simplePermission:PageViewablePublic ;
+    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3
index 14739614ad..34225255ff 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3
@@ -36,4 +36,4 @@ ai:CuratorSimplePermissionValueContainer
     # permissions for ANY user, even if they are not logged in.
     ao:dataValue simplePermission:QueryFullModel ;
     ao:dataValue simplePermission:PageViewablePublic ;
-        .
+    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3
index 54f7c8dff4..c8c1e3cea6 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3
@@ -10,7 +10,7 @@
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 
 ai:PublicSimplePermissionValueContainer  
-        # permissions for ANY user, even if they are not logged in.
-        ao:dataValue simplePermission:QueryFullModel ;
-        ao:dataValue simplePermission:PageViewablePublic ;
-        .
+    # permissions for ANY user, even if they are not logged in.
+    ao:dataValue simplePermission:QueryFullModel ;
+    ao:dataValue simplePermission:PageViewablePublic ;
+    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3
index 43ee4e2872..fa2f17fe4c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3
@@ -10,16 +10,16 @@
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 
 ai:SelfEditorSimplePermissionValueContainer
-        # permissions for ANY logged-in user.
-        ao:dataValue simplePermission:DoFrontEndEditing ;
-        ao:dataValue simplePermission:EditOwnAccount ;
-        ao:dataValue simplePermission:ManageOwnProxies ;
-        ao:dataValue simplePermission:QueryUserAccountsModel ;
-        ao:dataValue simplePermission:UseBasicAjaxControllers ;
-        ao:dataValue simplePermission:UseMiscellaneousPages ;
-        ao:dataValue simplePermission:PageViewableLoggedIn ;
+    # permissions for ANY logged-in user.
+    ao:dataValue simplePermission:DoFrontEndEditing ;
+    ao:dataValue simplePermission:EditOwnAccount ;
+    ao:dataValue simplePermission:ManageOwnProxies ;
+    ao:dataValue simplePermission:QueryUserAccountsModel ;
+    ao:dataValue simplePermission:UseBasicAjaxControllers ;
+    ao:dataValue simplePermission:UseMiscellaneousPages ;
+    ao:dataValue simplePermission:PageViewableLoggedIn ;
 
-        # permissions for ANY user, even if they are not logged in.
-        ao:dataValue simplePermission:QueryFullModel ;
+    # permissions for ANY user, even if they are not logged in.
+    ao:dataValue simplePermission:QueryFullModel ;
 	ao:dataValue simplePermission:PageViewablePublic ;
-        .
+    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 1c48e1c0b0..d67debd08d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -40,7 +40,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:PublicDisplayClassValueContainer .
-    
+
 :PublicDisplayClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:PUBLIC ;
@@ -54,7 +54,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDisplayClassValueContainer .
-    
+
 :SelfEditorDisplayClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -68,7 +68,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:EditorDisplayClassValueContainer .
-    
+
 :EditorDisplayClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:EDITOR ;
@@ -82,7 +82,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:CuratorDisplayClassValueContainer .
-    
+
 :CuratorDisplayClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:CURATOR ;
@@ -96,7 +96,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:AdminDisplayClassValueContainer .
-    
+
 :AdminDisplayClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:ADMIN ;
@@ -110,7 +110,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:PublicUpdateClassValueContainer .
-    
+
 :PublicUpdateClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:PUBLIC ;
@@ -124,7 +124,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorUpdateClassValueContainer .
-    
+
 :SelfEditorUpdateClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -138,7 +138,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:EditorUpdateClassValueContainer .
-    
+
 :EditorUpdateClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:EDITOR ;
@@ -152,7 +152,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:CuratorUpdateClassValueContainer .
-    
+
 :CuratorUpdateClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:CURATOR ;
@@ -166,7 +166,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:AdminUpdateClassValueContainer .
-    
+
 :AdminUpdateClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:ADMIN ;
@@ -180,7 +180,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorPublishClassValueContainer .
-    
+
 :SelfEditorPublishClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -194,7 +194,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:EditorPublishClassValueContainer .
-    
+
 :EditorPublishClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:EDITOR ;
@@ -208,7 +208,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:CuratorPublishClassValueContainer .
-    
+
 :CuratorPublishClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:CURATOR ;
@@ -222,7 +222,7 @@
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:AdminPublishClassValueContainer .
-    
+
 :AdminPublishClassUriDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:ADMIN ;
@@ -241,7 +241,7 @@
 
 :AccessObjectTypeCheck rdf:type ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:AccessObjectType ;
+    ao:attribute ai:AccessObjectType ;
     ao:templateValue :AccessObjectTypeValueSet .
 
 :AccessObjectTypeValueSet a ao:AttributeValueSet ;
@@ -250,7 +250,7 @@
 
 :OperationCheck a ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:Operation ;
+    ao:attribute ai:Operation ;
     ao:templateValue :OperationValueSet .
 
 :OperationValueSet a ao:AttributeValueSet ;
@@ -261,7 +261,7 @@
 
 :SubjectRoleCheck a ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:SubjectRole ;
+    ao:attribute ai:SubjectRole ;
     ao:templateValue :RoleValueSet .
 
 :RoleValueSet a ao:AttributeValueSet ;
@@ -273,7 +273,7 @@
 
 :AccessObjectUriCheck a ao:Check ;
     ao:operator ai:OneOf ;
-    ao:type ai:AccessObjectUri ;
+    ao:attribute ai:AccessObjectUri ;
     ao:templateValue :AllowedClassUriValueSet .
 
 :AllowedClassUriValueSet a ao:AttributeValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 174730d77e..5f154ea72a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -116,7 +116,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:PublicDropFauxDataPropertyValueContainer .
-    
+
 :PublicDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -129,7 +129,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:EditorDropFauxDataPropertyValueContainer .
-    
+
 :EditorDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -142,7 +142,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:CuratorDropFauxDataPropertyValueContainer .
-    
+
 :CuratorDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -155,7 +155,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:AdminDropFauxDataPropertyValueContainer .
-    
+
 :AdminDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -170,7 +170,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:PublicAddFauxDataPropertyValueContainer .
-    
+
 :PublicAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -183,7 +183,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:EditorAddFauxDataPropertyValueContainer .
-    
+
 :EditorAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -196,7 +196,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:CuratorAddFauxDataPropertyValueContainer .
-    
+
 :CuratorAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -209,7 +209,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:AdminAddFauxDataPropertyValueContainer .
-    
+
 :AdminAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -224,7 +224,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:PublicEditFauxDataPropertyValueContainer .
-    
+
 :PublicEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -237,7 +237,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:EditorEditFauxDataPropertyValueContainer .
-    
+
 :EditorEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -250,7 +250,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:CuratorEditFauxDataPropertyValueContainer .
-    
+
 :CuratorEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -263,7 +263,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:AdminEditFauxDataPropertyValueContainer .
-    
+
 :AdminEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -278,7 +278,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:PublicDropFauxObjectPropertyValueContainer .
-    
+
 :PublicDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -291,7 +291,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:EditorDropFauxObjectPropertyValueContainer .
-    
+
 :EditorDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -304,7 +304,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:CuratorDropFauxObjectPropertyValueContainer .
-    
+
 :CuratorDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -317,7 +317,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:AdminDropFauxObjectPropertyValueContainer .
-    
+
 :AdminDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -332,7 +332,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:PublicAddFauxObjectPropertyValueContainer .
-    
+
 :PublicAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -345,7 +345,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:EditorAddFauxObjectPropertyValueContainer .
-    
+
 :EditorAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -358,7 +358,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:CuratorAddFauxObjectPropertyValueContainer .
-    
+
 :CuratorAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -371,7 +371,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:AdminAddFauxObjectPropertyValueContainer .
-    
+
 :AdminAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -386,7 +386,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:PublicEditFauxObjectPropertyValueContainer .
-    
+
 :PublicEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -399,7 +399,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:EditorEditFauxObjectPropertyValueContainer .
-    
+
 :EditorEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -412,7 +412,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:CuratorEditFauxObjectPropertyValueContainer .
-    
+
 :CuratorEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -425,7 +425,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:AdminEditFauxObjectPropertyValueContainer .
-    
+
 :AdminEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -440,7 +440,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:PublicDropDataPropertyValueContainer .
-    
+
 :PublicDropDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -453,7 +453,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:EditorDropDataPropertyValueContainer .
-    
+
 :EditorDropDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -466,7 +466,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:CuratorDropDataPropertyValueContainer .
-    
+
 :CuratorDropDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -479,7 +479,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:AdminDropDataPropertyValueContainer .
-    
+
 :AdminDropDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -494,7 +494,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:PublicAddDataPropertyValueContainer .
-    
+
 :PublicAddDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -507,7 +507,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:EditorAddDataPropertyValueContainer .
-    
+
 :EditorAddDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -520,7 +520,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:CuratorAddDataPropertyValueContainer .
-    
+
 :CuratorAddDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -533,7 +533,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:AdminAddDataPropertyValueContainer .
-    
+
 :AdminAddDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -548,7 +548,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:PublicEditDataPropertyValueContainer .
-    
+
 :PublicEditDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -561,7 +561,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:EditorEditDataPropertyValueContainer .
-    
+
 :EditorEditDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -574,7 +574,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:CuratorEditDataPropertyValueContainer .
-    
+
 :CuratorEditDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -587,7 +587,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:AdminEditDataPropertyValueContainer .
-    
+
 :AdminEditDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -602,7 +602,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:PublicDropObjectPropertyValueContainer .
-    
+
 :PublicDropObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -615,7 +615,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:EditorDropObjectPropertyValueContainer .
-    
+
 :EditorDropObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -628,7 +628,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:CuratorDropObjectPropertyValueContainer .
-    
+
 :CuratorDropObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -641,7 +641,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:AdminDropObjectPropertyValueContainer .
-    
+
 :AdminDropObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -656,7 +656,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:PublicAddObjectPropertyValueContainer .
-    
+
 :PublicAddObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -669,7 +669,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:EditorAddObjectPropertyValueContainer .
-    
+
 :EditorAddObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -682,7 +682,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:CuratorAddObjectPropertyValueContainer .
-    
+
 :CuratorAddObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -695,7 +695,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:AdminAddObjectPropertyValueContainer .
-    
+
 :AdminAddObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -710,7 +710,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:PublicEditObjectPropertyValueContainer .
-    
+
 :PublicEditObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -723,7 +723,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:EditorEditObjectPropertyValueContainer .
-    
+
 :EditorEditObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -736,7 +736,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:CuratorEditObjectPropertyValueContainer .
-    
+
 :CuratorEditObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -749,7 +749,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:AdminEditObjectPropertyValueContainer .
-    
+
 :AdminEditObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -765,7 +765,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:PublicDisplayObjectPropertyValueContainer .
-    
+
 :PublicDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -778,7 +778,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:EditorDisplayObjectPropertyValueContainer .
-    
+
 :EditorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -791,7 +791,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:CuratorDisplayObjectPropertyValueContainer .
-    
+
 :CuratorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -804,7 +804,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:AdminDisplayObjectPropertyValueContainer .
-    
+
 :AdminDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -819,7 +819,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:PublicDisplayDataPropertyValueContainer .
-    
+
 :PublicDisplayDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -832,7 +832,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:EditorDisplayDataPropertyValueContainer .
-    
+
 :EditorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -845,7 +845,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:CuratorDisplayDataPropertyValueContainer .
-    
+
 :CuratorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -858,7 +858,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:AdminDisplayDataPropertyValueContainer .
-    
+
 :AdminDisplayDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -873,7 +873,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:PublicDisplayFauxObjectPropertyValueContainer .
-    
+
 :PublicDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -886,7 +886,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:EditorDisplayFauxObjectPropertyValueContainer .
-    
+
 :EditorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -899,7 +899,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:CuratorDisplayFauxObjectPropertyValueContainer .
-    
+
 :CuratorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -912,7 +912,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:AdminDisplayFauxObjectPropertyValueContainer .
-    
+
 :AdminDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -927,7 +927,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:PublicDisplayFauxDataPropertyValueContainer .
-    
+
 :PublicDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:PUBLIC ;
@@ -940,7 +940,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:EditorDisplayFauxDataPropertyValueContainer .
-    
+
 :EditorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -953,7 +953,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:CuratorDisplayFauxDataPropertyValueContainer .
-    
+
 :CuratorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -966,7 +966,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:AdminDisplayFauxDataPropertyValueContainer .
-    
+
 :AdminDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -981,7 +981,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:EditorPublishObjectPropertyValueContainer .
-    
+
 :EditorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -994,7 +994,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:CuratorPublishObjectPropertyValueContainer .
-    
+
 :CuratorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -1007,7 +1007,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:AdminPublishObjectPropertyValueContainer .
-    
+
 :AdminPublishObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -1022,7 +1022,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:EditorPublishDataPropertyValueContainer .
-    
+
 :EditorPublishDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -1035,7 +1035,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:CuratorPublishDataPropertyValueContainer .
-    
+
 :CuratorPublishDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -1048,7 +1048,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:AdminPublishDataPropertyValueContainer .
-    
+
 :AdminPublishDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -1063,7 +1063,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:EditorPublishFauxObjectPropertyValueContainer .
-    
+
 :EditorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -1076,7 +1076,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:CuratorPublishFauxObjectPropertyValueContainer .
-    
+
 :CuratorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -1089,7 +1089,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:AdminPublishFauxObjectPropertyValueContainer .
-    
+
 :AdminPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -1104,7 +1104,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:EditorPublishFauxDataPropertyValueContainer .
-    
+
 :EditorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:EDITOR ;
@@ -1117,7 +1117,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:CuratorPublishFauxDataPropertyValueContainer .
-    
+
 :CuratorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:CURATOR ;
@@ -1130,7 +1130,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:AdminPublishFauxDataPropertyValueContainer .
-    
+
 :AdminPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:ADMIN ;
@@ -1150,7 +1150,7 @@
 
 :AccessObjectTypeEqualsDataSetValue rdf:type ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:AccessObjectType ;
+    ao:attribute ai:AccessObjectType ;
     ao:templateValue :AccessObjectTypeValueSet .
 
 :AccessObjectTypeValueSet a ao:AttributeValueSet ;
@@ -1169,7 +1169,7 @@
 
 :AccessObjectTypeStatementEquals rdf:type ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:AccessObjectType ;
+    ao:attribute ai:AccessObjectType ;
     ao:templateValue :StatementAccessObjectTypeValueSet .
 
 :StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
@@ -1181,7 +1181,7 @@
 
 :OperationEqualsDataSetOperation a ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:Operation ;
+    ao:attribute ai:Operation ;
     ao:templateValue :OperationValueSet .
 
 :OperationValueSet a ao:AttributeValueSet ;
@@ -1194,7 +1194,7 @@
 
 :SubjectRoleEqualsDataSetRoleAttribute a ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:SubjectRole ;
+    ao:attribute ai:SubjectRole ;
     ao:templateValue :RoleValueSet .
 
 :RoleValueSet a ao:AttributeValueSet ;
@@ -1205,12 +1205,12 @@
 
 :StatementPredicateEquals a ao:Check ;
     ao:operator ai:OneOf ;
-    ao:type ai:StatementPredicateUri ;
+    ao:attribute ai:StatementPredicateUri ;
     ao:templateValue :AllowedPropertyUriValueSet .
 
 :AccessObjectUriContainsInDataSet a ao:Check ;
     ao:operator ai:OneOf ;
-    ao:type ai:AccessObjectUri ;
+    ao:attribute ai:AccessObjectUri ;
     ao:templateValue :AllowedPropertyUriValueSet .
 
 :AllowedPropertyUriValueSet a ao:AttributeValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 69187ddec3..6b3bea8f04 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -33,7 +33,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDisplayObjectPropertyValueContainer .
-    
+
 :SelfEditorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -48,7 +48,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDisplayDataPropertyValueContainer .
-    
+
 :SelfEditorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -63,7 +63,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDisplayFauxObjectPropertyValueContainer .
-    
+
 :SelfEditorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -78,7 +78,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDisplayFauxDataPropertyValueContainer .
-    
+
 :SelfEditorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -93,7 +93,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorPublishObjectPropertyValueContainer .
-    
+
 :SelfEditorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -108,7 +108,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorPublishDataPropertyValueContainer .
-    
+
 :SelfEditorPublishDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -123,7 +123,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorPublishFauxObjectPropertyValueContainer .
-    
+
 :SelfEditorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -138,7 +138,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorPublishFauxDataPropertyValueContainer .
-    
+
 :SelfEditorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -158,7 +158,7 @@
 
 :AccessObjectTypeCheck rdf:type ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:AccessObjectType ;
+    ao:attribute ai:AccessObjectType ;
     ao:templateValue :AccessObjectTypeValueSet .
 
 :AccessObjectTypeValueSet a ao:AttributeValueSet ;
@@ -177,7 +177,7 @@
 
 :AccessObjectStatementTypeCheck rdf:type ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:AccessObjectType ;
+    ao:attribute ai:AccessObjectType ;
     ao:templateValue :StatementAccessObjectTypeValueSet .
 
 :StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
@@ -189,7 +189,7 @@
 
 :OperationCheck a ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:Operation ;
+    ao:attribute ai:Operation ;
     ao:templateValue :OperationValueSet .
 
 :OperationValueSet a ao:AttributeValueSet ;
@@ -199,7 +199,7 @@
 
 :SubjectRoleCheck a ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:SubjectRole ;
+    ao:attribute ai:SubjectRole ;
     ao:templateValue :RoleValueSet .
 
 :RoleValueSet a ao:AttributeValueSet ;
@@ -207,12 +207,12 @@
 
 :StatementPredicateCheck a ao:Check ;
     ao:operator ai:OneOf ;
-    ao:type ai:StatementPredicateUri ;
+    ao:attribute ai:StatementPredicateUri ;
     ao:templateValue :AllowedPropertyUriValueSet .
 
 :AccessObjectUriCheck a ao:Check ;
     ao:operator ai:OneOf ;
-    ao:type ai:AccessObjectUri ;
+    ao:attribute ai:AccessObjectUri ;
     ao:templateValue :AllowedPropertyUriValueSet .
 
 :AllowedPropertyUriValueSet a ao:AttributeValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 92135b84f4..f7979eb338 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -87,17 +87,22 @@
 
 :RuleSet a ao:Rules ;
     ao:rule :AllowSimplePermission .
-      
+
 :AllowSimplePermission a ao:Rule;
-    ao:check ai:NamedObjectTypeAttribute ;
+    ao:check :IsSimplePermission ;
     ao:check :PermissionNameAllowed ;
     ao:check :SubjectRoleEqualsDataSetRole .
-      
+
 :PermissionNameAllowed a ao:Check ;
     ao:operator ai:OneOf ;
-    ao:type ai:AccessObjectUri ;
+    ao:attribute ai:AccessObjectUri ;
     ao:templateValue :TypeValueSet .
 
+:IsSimplePermission rdf:type ao:Check ;
+    ao:operator ai:Equals ;
+    ao:attribute ai:AccessObjectType ;
+    ao:value ai:NamedObject .
+
 :TypeValueSet a ao:AttributeValueSet ;
     ao:attributeValue ai:PublicSimplePermissionValueContainer ;
     ao:attributeValue ai:SelfEditorSimplePermissionValueContainer ;
@@ -118,7 +123,7 @@ ai:AdminSimplePermissionValueContainer a ao:ValueContainer ;
 
 :SubjectRoleEqualsDataSetRole a ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:SubjectRole ;
+    ao:attribute ai:SubjectRole ;
     ao:templateValue :RoleValueSet .
 
 :RoleValueSet a ao:AttributeValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 9df906e754..3dd64100c6 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -40,7 +40,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorAddObjectPropertyValueContainer .
-    
+
 :SelfEditorAddObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -55,7 +55,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorAddDataPropertyValueContainer .
-    
+
 :SelfEditorAddDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -70,7 +70,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorAddFauxObjectPropertyValueContainer .
-    
+
 :SelfEditorAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -85,7 +85,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorAddFauxDataPropertyValueContainer .
-    
+
 :SelfEditorAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -100,7 +100,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDropObjectPropertyValueContainer .
-    
+
 :SelfEditorDropObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -115,7 +115,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDropDataPropertyValueContainer .
-    
+
 :SelfEditorDropDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -130,7 +130,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDropFauxObjectPropertyValueContainer .
-    
+
 :SelfEditorDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -145,7 +145,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDropFauxDataPropertyValueContainer .
-    
+
 :SelfEditorDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -160,7 +160,7 @@
     ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorEditObjectPropertyValueContainer .
-    
+
 :SelfEditorEditObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:ObjectPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -175,7 +175,7 @@
     ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorEditDataPropertyValueContainer .
-    
+
 :SelfEditorEditDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:DataPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -190,7 +190,7 @@
     ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorEditFauxObjectPropertyValueContainer .
-    
+
 :SelfEditorEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxObjectPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -205,7 +205,7 @@
     ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorEditFauxDataPropertyValueContainer .
-    
+
 :SelfEditorEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:FauxDataPropertyAccesObject ;
     ao:keyComponent auth:SELF_EDITOR ;
@@ -225,7 +225,7 @@
 
 :AccessObjectTypeCheck rdf:type ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:AccessObjectType ;
+    ao:attribute ai:AccessObjectType ;
     ao:templateValue :AccessObjectTypeValueSet .
 
 :AccessObjectTypeValueSet a ao:AttributeValueSet ;
@@ -245,12 +245,12 @@
 
 :RelationCheck rdf:type ao:Check ;
     ao:operator ai:SparqlSelectQueryContains ;
-    ao:type ai:StatementSubjectUri ;
+    ao:attribute ai:StatementSubjectUri ;
     ao:value ai:PersonProfileProximityToResourceUri .
 
 :AccessObjectStatementTypeCheck rdf:type ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:AccessObjectType ;
+    ao:attribute ai:AccessObjectType ;
     ao:templateValue :StatementAccessObjectTypeValueSet .
 
 :StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
@@ -262,7 +262,7 @@
 
 :OperationCheck a ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:Operation ;
+    ao:attribute ai:Operation ;
     ao:templateValue :OperationValueSet .
 
 :OperationValueSet a ao:AttributeValueSet ;
@@ -273,7 +273,7 @@
 
 :SubjectRoleCheck a ao:Check ;
     ao:operator ai:Equals ;
-    ao:type ai:SubjectRole ;
+    ao:attribute ai:SubjectRole ;
     ao:templateValue :RoleValueSet .
 
 :RoleValueSet a ao:AttributeValueSet ;
@@ -281,12 +281,12 @@
 
 :StatementPredicateCheck a ao:Check ;
     ao:operator ai:OneOf ;
-    ao:type ai:StatementPredicateUri ;
+    ao:attribute ai:StatementPredicateUri ;
     ao:templateValue :AllowedPropertyUriValueSet .
 
 :AccessObjectUriCheck a ao:Check ;
     ao:operator ai:OneOf ;
-    ao:type ai:AccessObjectUri ;
+    ao:attribute ai:AccessObjectUri ;
     ao:templateValue :AllowedPropertyUriValueSet .
 
 :AllowedPropertyUriValueSet a ao:AttributeValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3 b/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
index 5f35d827b5..e2ae315a0c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
@@ -80,13 +80,11 @@ ai:PersonProfileProximityToResourceUri rdf:type ao:ValueContainer ;
     }
     """ .
 
-
 ai:SomeUriTestData rdf:type ao:ValueContainer ;
-        ao:id "?SOME_URI" .
+    ao:id "?SOME_URI" .
 
 ai:SomeLiteralTestData rdf:type ao:ValueContainer ;
-        ao:id "?SOME_LITERAL" .
-
+    ao:id "?SOME_LITERAL" .
 
 #Role value containers 
 

From 2269f17d0478a5448d2c1316c2aaf96be15cedac Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 20 Oct 2023 10:17:46 +0200
Subject: [PATCH 061/148] clean up

---
 .../accessControl/firsttime/check_types.n3    | 24 +++++++++----------
 .../rdf/accessControl/firsttime/decisions.n3  |  4 ++--
 .../accessControl/firsttime/object_types.n3   | 20 ++++++++--------
 .../firsttime/operation_groups.n3             |  6 ++---
 .../rdf/accessControl/firsttime/operations.n3 | 14 +++++------
 .../rdf/accessControl/firsttime/operators.n3  | 12 +++++-----
 .../firsttime/policy_editable_pages.n3        | 22 ++++++++---------
 .../firsttime/policy_menu_items_editing.n3    | 18 +++++++-------
 .../policy_not_modifiable_statements.n3       |  4 ++--
 ...olicy_not_modifiable_statements_dataset.n3 |  2 +-
 .../firsttime/policy_root_user.n3             |  8 +++----
 .../accessControl/firsttime/subject_types.n3  |  2 +-
 .../template_access_allowed_class.n3          |  2 +-
 .../template_access_allowed_property.n3       |  4 ++--
 ...emplate_access_related_allowed_property.n3 |  4 ++--
 .../firsttime/template_simple_permissions.n3  |  2 +-
 ...emplate_update_related_allowed_property.n3 |  6 ++---
 .../accessControl/firsttime/test_values.n3    |  6 ++---
 18 files changed, 80 insertions(+), 80 deletions(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/check_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/check_types.n3
index 58f2d2f231..fd388fa3e0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/check_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/check_types.n3
@@ -8,38 +8,38 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:Subject rdf:type ao:AttributeType ;
+ai:Subject a ao:AttributeType ;
     ao:id "SUBJECT" .
 
-ai:SubjectRole rdf:type ao:AttributeType ;
+ai:SubjectRole a ao:AttributeType ;
     ao:id "SUBJECT_ROLE_URI" .
 
-ai:SubjectType rdf:type ao:AttributeType ;
+ai:SubjectType a ao:AttributeType ;
     ao:id "SUBJECT_TYPE" .
 
-ai:AccessObjectUri rdf:type ao:AttributeType ;
+ai:AccessObjectUri a ao:AttributeType ;
     ao:id "ACCESS_OBJECT_URI" .
 
-ai:AccessObjectType rdf:type ao:AttributeType ;
+ai:AccessObjectType a ao:AttributeType ;
     ao:id "ACCESS_OBJECT_TYPE" .
 
-ai:Operation rdf:type ao:AttributeType ;
+ai:Operation a ao:AttributeType ;
     ao:id "OPERATION" .
 
-ai:SubjectNotMatch rdf:type ao:AttributeType ;
+ai:SubjectNotMatch a ao:AttributeType ;
     ao:id "SUBJECT_NOT_MATCH" .
 
-ai:ObjectNotMatch rdf:type ao:AttributeType ;
+ai:ObjectNotMatch a ao:AttributeType ;
     ao:id "OBJECT_NOT_MATCH" .
 
-ai:RelatesToSubjectProfile rdf:type ao:AttributeType ;
+ai:RelatesToSubjectProfile a ao:AttributeType ;
     ao:id "RELATES_TO_SUBJECT_PROFILE" .
 
-ai:StatementPredicateUri rdf:type ao:AttributeType ;
+ai:StatementPredicateUri a ao:AttributeType ;
     ao:id "STATEMENT_PREDICATE_URI" .
 
-ai:StatementSubjectUri rdf:type ao:AttributeType ;
+ai:StatementSubjectUri a ao:AttributeType ;
     ao:id "STATEMENT_SUBJECT_URI" .
 
-ai:StatementObjectUri rdf:type ao:AttributeType ;
+ai:StatementObjectUri a ao:AttributeType ;
     ao:id "STATEMENT_OBJECT_URI" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
index 8f48786905..deea2c2aee 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
@@ -8,8 +8,8 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:Deny rdf:type ao:Decision;
+ai:Deny a ao:Decision;
     ao:id "DENY" .
 
-ai:Allow rdf:type ao:Decision;
+ai:Allow a ao:Decision;
     ao:id "ALLOW" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
index 670bd4bfa8..e74129a5b3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
@@ -8,34 +8,34 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:ObjectPropertyAccesObject rdf:type ao:ObjectType ;
+ai:ObjectPropertyAccesObject a ao:ObjectType ;
     ao:id "OBJECT_PROPERTY" .
 
-ai:DataPropertyAccesObject rdf:type ao:ObjectType ;
+ai:DataPropertyAccesObject a ao:ObjectType ;
     ao:id "DATA_PROPERTY" .
 
-ai:FauxDataPropertyAccesObject rdf:type ao:ObjectType ;
+ai:FauxDataPropertyAccesObject a ao:ObjectType ;
     ao:id "FAUX_DATA_PROPERTY" .
 
-ai:FauxObjectPropertyAccesObject rdf:type ao:ObjectType ;
+ai:FauxObjectPropertyAccesObject a ao:ObjectType ;
     ao:id "FAUX_OBJECT_PROPERTY" .
 
-ai:ObjectPropertyStatementAccesObject rdf:type ao:ObjectType ;
+ai:ObjectPropertyStatementAccesObject a ao:ObjectType ;
     ao:id "OBJECT_PROPERTY_STATEMENT" .
 
-ai:DataPropertyStatementAccesObject rdf:type ao:ObjectType ;
+ai:DataPropertyStatementAccesObject a ao:ObjectType ;
     ao:id "DATA_PROPERTY_STATEMENT" .
 
-ai:FauxObjectPropertyStatementAccesObject rdf:type ao:ObjectType ;
+ai:FauxObjectPropertyStatementAccesObject a ao:ObjectType ;
     ao:id "FAUX_OBJECT_PROPERTY_STATEMENT" .
 
-ai:FauxDataPropertyStatementAccesObject rdf:type ao:ObjectType ;
+ai:FauxDataPropertyStatementAccesObject a ao:ObjectType ;
     ao:id "FAUX_DATA_PROPERTY_STATEMENT" .
 
-ai:Class rdf:type ao:ObjectType ;
+ai:Class a ao:ObjectType ;
     ao:id "CLASS" .
 
-ai:NamedObject rdf:type ao:ObjectType ;
+ai:NamedObject a ao:ObjectType ;
     ao:id "NAMED_OBJECT" .
 
 #Object type value containers
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3
index cd65857d29..b97d32d411 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3
@@ -8,11 +8,11 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:DisplayOperationGroup rdf:type ao:OperationGroup ;
+ai:DisplayOperationGroup a ao:OperationGroup ;
     ao:id "DISPLAY_GROUP" .
 
-ai:UpdateOperationGroup rdf:type ao:OperationGroup ;
+ai:UpdateOperationGroup a ao:OperationGroup ;
     ao:id "UPDATE_GROUP" .
 
-ai:PublishOperationGroup rdf:type ao:OperationGroup ;
+ai:PublishOperationGroup a ao:OperationGroup ;
     ao:id "PUBLISH_GROUP" .    
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/operations.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
index f1bfd9da03..1cda7e21aa 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
@@ -8,25 +8,25 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:DisplayOperation rdf:type ao:Operation ;
+ai:DisplayOperation a ao:Operation ;
     ao:id "DISPLAY" .
 
-ai:UpdateOperation rdf:type ao:Operation ;
+ai:UpdateOperation a ao:Operation ;
     ao:id "UPDATE" .
 
-ai:PublishOperation rdf:type ao:Operation ;
+ai:PublishOperation a ao:Operation ;
     ao:id "PUBLISH" .    
 
-ai:AddOperation rdf:type ao:Operation ;
+ai:AddOperation a ao:Operation ;
     ao:id "ADD" .
 
-ai:DropOperation rdf:type ao:Operation ;
+ai:DropOperation a ao:Operation ;
     ao:id "DROP" .
 
-ai:EditOperation rdf:type ao:Operation ;
+ai:EditOperation a ao:Operation ;
     ao:id "EDIT" .
 
-ai:ExecuteOperation rdf:type ao:Operation ;
+ai:ExecuteOperation a ao:Operation ;
     ao:id "EXECUTE" .
 
 ai:DisplayOperationValueContainer a ao:ValueContainer ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/operators.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operators.n3
index 98e93cf9c1..30bcb3685b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/operators.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/operators.n3
@@ -8,20 +8,20 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:Equals rdf:type ao:Operator;
+ai:Equals a ao:Operator;
     ao:id "EQUALS" .
 
-ai:NotEquals rdf:type ao:Operator;
+ai:NotEquals a ao:Operator;
     ao:id "NOT_EQUALS" .
 
-ai:OneOf rdf:type ao:Operator;
+ai:OneOf a ao:Operator;
     ao:id "ONE_OF" .
 
-ai:NotOneOf rdf:type ao:Operator;
+ai:NotOneOf a ao:Operator;
     ao:id "NOT_ONE_OF" .
 
-ai:StartsWith rdf:type ao:Operator;
+ai:StartsWith a ao:Operator;
     ao:id "STARTS_WITH" .
 
-ai:SparqlSelectQueryContains rdf:type ao:Operator;
+ai:SparqlSelectQueryContains a ao:Operator;
     ao:id "SPARQL_SELECT_QUERY_CONTAINS" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index 9e7acb4945..6750fe5b8e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -8,38 +8,38 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/policy/edit-individual-pages/> .
 
-:Policy rdf:type ao:Policy ;
+:Policy a ao:Policy ;
     ao:rules :RuleSet .
 
-:RuleSet rdf:type ao:Rules ;
+:RuleSet a ao:Rules ;
     ao:rule :AllowEditRelatedPagesRule ;
     ao:rule :AllowEditIndividualPagesRule .
 
-:AllowEditIndividualPagesRule rdf:type ao:Rule;
+:AllowEditIndividualPagesRule a ao:Rule;
     ao:check :SubjectRoleOneOfEditorsCheck ;
     ao:check :IsAddOperation ;
     ao:check :IsObjectPropertyStatement ;
     ao:check :ObjectUriIsSomeUri ;
     ao:check :PredicateIsSomePredicate .
 
-:SubjectRoleOneOfEditorsCheck rdf:type ao:Check ;
+:SubjectRoleOneOfEditorsCheck a ao:Check ;
     ao:operator ai:OneOf ;
     ao:attribute ai:SubjectRole ;
     ao:value auth:ADMIN ;
     ao:value auth:CURATOR ;
     ao:value auth:EDITOR .
 
-:SubjectRoleIsSelfEditor rdf:type ao:Check ;
+:SubjectRoleIsSelfEditor a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:SubjectRole ;
     ao:value auth:SELF_EDITOR .
 
-:IsAddOperation rdf:type ao:Check ;
+:IsAddOperation a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:Operation ;
     ao:value ai:AddOperation .
 
-:AllowEditRelatedPagesRule rdf:type ao:Rule;
+:AllowEditRelatedPagesRule a ao:Rule;
     ao:check :SubjectRoleIsSelfEditor ;
     ao:check :SubjectUriIsProfileRelatedResource ;
     ao:check :IsAddOperation ;
@@ -47,22 +47,22 @@
     ao:check :ObjectUriIsSomeUri ;
     ao:check :PredicateIsSomePredicate .
 
-:PredicateIsSomePredicate rdf:type ao:Check ;
+:PredicateIsSomePredicate a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:StatementPredicateUri ;
     ao:value ai:SomeUriTestData .
 
-:ObjectUriIsSomeUri rdf:type ao:Check ;
+:ObjectUriIsSomeUri a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:StatementObjectUri ;
     ao:value ai:SomeUriTestData .
 
-:SubjectUriIsProfileRelatedResource rdf:type ao:Check ;
+:SubjectUriIsProfileRelatedResource a ao:Check ;
     ao:operator ai:SparqlSelectQueryContains ;
     ao:attribute ai:StatementSubjectUri ;
     ao:value ai:PersonProfileProximityToResourceUri .
 
-:IsObjectPropertyStatement rdf:type ao:Check ;
+:IsObjectPropertyStatement a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
     ao:value ai:ObjectPropertyStatementAccesObject .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
index 3ea80cbea8..b1b9e81483 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
@@ -9,49 +9,49 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/policy/restrict-home-menu-items-editing/> .
 
-:Policy rdf:type ao:Policy ;
+:Policy a ao:Policy ;
     ao:priority 9000 ;
     ao:rules :RuleSet .
 
-:RuleSet rdf:type ao:Rules ;
+:RuleSet a ao:Rules ;
     ao:rule :RestrictEdit ;
     ao:rule :RestrictDrop .
 
-:RestrictEdit rdf:type ao:Rule ;
+:RestrictEdit a ao:Rule ;
     ao:decision ai:Deny ;
     ao:check :IsEditOperationCheck ;
     ao:check :IsObjectPropertyStatement ;
     ao:check :PredicateUriEqualsHomeMenuItem ;
     ao:check :ObjectUriEqualsHasElement .
 
-:RestrictDrop rdf:type ao:Rule ;
+:RestrictDrop a ao:Rule ;
     ao:decision ai:Deny ;
     ao:check :IsDropOperationCheck ;
     ao:check :IsObjectPropertyStatement ;
     ao:check :PredicateUriEqualsHomeMenuItem ;
     ao:check :ObjectUriEqualsHasElement .
 
-:IsEditOperationCheck rdf:type ao:Check ;
+:IsEditOperationCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:Operation ;
     ao:value ai:EditOperation .
 
-:IsDropOperationCheck rdf:type ao:Check ;
+:IsDropOperationCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:Operation ;
     ao:value ai:DropOperation .
 
-:IsObjectPropertyStatement rdf:type ao:Check ;
+:IsObjectPropertyStatement a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
     ao:value ai:ObjectPropertyStatementAccesObject .
 
-:PredicateUriEqualsHomeMenuItem rdf:type ao:Check ;
+:PredicateUriEqualsHomeMenuItem a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:StatementPredicateUri ;
     ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem> .
 
-:ObjectUriEqualsHasElement rdf:type ao:Check ;
+:ObjectUriEqualsHasElement a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:StatementObjectUri ;
     ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
index 317a331868..f723cc3cf8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
@@ -52,12 +52,12 @@
     ao:check :PredicateUriStartWithProhibitedNamespace ;
     ao:check :PredicateNotANamespaceException .
 
-:IsObjectPropertyStatement rdf:type ao:Check ;
+:IsObjectPropertyStatement a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
     ao:value ai:ObjectPropertyStatementAccesObject .
 
-:IsDataPropertyStatement rdf:type ao:Check ;
+:IsDataPropertyStatement a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
     ao:value ai:DataPropertyStatementAccesObject .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3
index c15da5f8c3..e9c664e575 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3
@@ -23,5 +23,5 @@ ai:ProhibitedNamespaceValueContainer
     ao:dataValue  ai:prohibitedNamespacePrefix ; 
     .
 
-ai:prohibitedNamespacePrefix rdf:type ao:TestValue ;
+ai:prohibitedNamespacePrefix a ao:TestValue ;
     ao:id "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#" ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
index 27de2c0b1d..ef86561a6f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
@@ -9,17 +9,17 @@
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/policy/root-user/> .
 
-:Policy rdf:type ao:Policy ;
+:Policy a ao:Policy ;
     ao:priority 10000 ;
     ao:rules :RuleSet .
 
-:RuleSet rdf:type ao:Rules ;
+:RuleSet a ao:Rules ;
     ao:rule :AllowRootUserRule .
 
-:AllowRootUserRule rdf:type ao:Rule;
+:AllowRootUserRule a ao:Rule;
     ao:check :IsRootUserCheck .
 
-:IsRootUserCheck rdf:type ao:Check ;
+:IsRootUserCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:SubjectType ;
     ao:value ai:RootUserSubject .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/subject_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/subject_types.n3
index 814424aa95..ad00aa491c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/subject_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/subject_types.n3
@@ -8,5 +8,5 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:RootUserSubject rdf:type ao:SubjectType ;
+ai:RootUserSubject a ao:SubjectType ;
      ao:id "ROOT_USER" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index d67debd08d..cca65d80e7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -239,7 +239,7 @@
     ao:check :AccessObjectTypeCheck ;
     ao:check :AccessObjectUriCheck .
 
-:AccessObjectTypeCheck rdf:type ao:Check ;
+:AccessObjectTypeCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
     ao:templateValue :AccessObjectTypeValueSet .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 5f154ea72a..063a94e9e3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -1148,7 +1148,7 @@
     ao:check :AccessObjectTypeEqualsDataSetValue ;
     ao:check :AccessObjectUriContainsInDataSet .
 
-:AccessObjectTypeEqualsDataSetValue rdf:type ao:Check ;
+:AccessObjectTypeEqualsDataSetValue a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
     ao:templateValue :AccessObjectTypeValueSet .
@@ -1167,7 +1167,7 @@
     ao:check :StatementPredicateEquals ;
     .
 
-:AccessObjectTypeStatementEquals rdf:type ao:Check ;
+:AccessObjectTypeStatementEquals a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
     ao:templateValue :StatementAccessObjectTypeValueSet .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 6b3bea8f04..9addad4ab7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -156,7 +156,7 @@
     ao:check :AccessObjectTypeCheck ;
     ao:check :AccessObjectUriCheck .
 
-:AccessObjectTypeCheck rdf:type ao:Check ;
+:AccessObjectTypeCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
     ao:templateValue :AccessObjectTypeValueSet .
@@ -175,7 +175,7 @@
     ao:check :StatementPredicateCheck ;
     .
 
-:AccessObjectStatementTypeCheck rdf:type ao:Check ;
+:AccessObjectStatementTypeCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
     ao:templateValue :StatementAccessObjectTypeValueSet .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index f7979eb338..8125388176 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -98,7 +98,7 @@
     ao:attribute ai:AccessObjectUri ;
     ao:templateValue :TypeValueSet .
 
-:IsSimplePermission rdf:type ao:Check ;
+:IsSimplePermission a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
     ao:value ai:NamedObject .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 3dd64100c6..1ef2386d8a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -223,7 +223,7 @@
     ao:check :AccessObjectTypeCheck ;
     ao:check :AccessObjectUriCheck .
 
-:AccessObjectTypeCheck rdf:type ao:Check ;
+:AccessObjectTypeCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
     ao:templateValue :AccessObjectTypeValueSet .
@@ -243,12 +243,12 @@
     ao:check :RelationCheck ;
     .
 
-:RelationCheck rdf:type ao:Check ;
+:RelationCheck a ao:Check ;
     ao:operator ai:SparqlSelectQueryContains ;
     ao:attribute ai:StatementSubjectUri ;
     ao:value ai:PersonProfileProximityToResourceUri .
 
-:AccessObjectStatementTypeCheck rdf:type ao:Check ;
+:AccessObjectStatementTypeCheck a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
     ao:templateValue :StatementAccessObjectTypeValueSet .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3 b/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
index e2ae315a0c..5ae1dcc490 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
@@ -8,7 +8,7 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:PersonProfileProximityToResourceUri rdf:type ao:ValueContainer ;
+ai:PersonProfileProximityToResourceUri a ao:ValueContainer ;
     ao:id """
     SELECT ?resourceUri WHERE {
         {
@@ -80,10 +80,10 @@ ai:PersonProfileProximityToResourceUri rdf:type ao:ValueContainer ;
     }
     """ .
 
-ai:SomeUriTestData rdf:type ao:ValueContainer ;
+ai:SomeUriTestData a ao:ValueContainer ;
     ao:id "?SOME_URI" .
 
-ai:SomeLiteralTestData rdf:type ao:ValueContainer ;
+ai:SomeLiteralTestData a ao:ValueContainer ;
     ao:id "?SOME_LITERAL" .
 
 #Role value containers 

From bdf1c695b5e86687ad47f1185c969702d517641e Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 20 Oct 2023 10:23:41 +0200
Subject: [PATCH 062/148] refact: renamed AttributeType to Attribute

---
 .../vitro/webapp/auth/policy/PolicyTest.java  |  4 +--
 .../{check_types.n3 => attributes.n3}         | 27 +++++++------------
 .../rdf/accessControl/firsttime/ontology.n3   |  8 +++---
 3 files changed, 15 insertions(+), 24 deletions(-)
 rename home/src/main/resources/rdf/accessControl/firsttime/{check_types.n3 => attributes.n3} (58%)

diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 73a6a826cc..a70d20827d 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -36,7 +36,7 @@ public class PolicyTest {
     public static final String OPERATION_GROUPS = USER_ACCOUNTS_HOME_FIRSTTIME + "operation_groups.n3";
     public static final String SUBJECT_TYPES = USER_ACCOUNTS_HOME_FIRSTTIME + "subject_types.n3";
     public static final String OBJECT_TYPES = USER_ACCOUNTS_HOME_FIRSTTIME + "object_types.n3";
-    public static final String CHECK_TYPES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "check_types.n3";
+    public static final String ATTRIBUTES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "attributes.n3";
     public static final String OPERATORS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "operators.n3";
     public static final String TEST_VALUES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "test_values.n3";
     public static final String TEST_DECISIONS = USER_ACCOUNTS_HOME_FIRSTTIME + "decisions.n3";
@@ -72,7 +72,7 @@ public void init() {
         load(OPERATION_GROUPS);
         load(SUBJECT_TYPES);
         load(OBJECT_TYPES);
-        load(CHECK_TYPES_PATH);
+        load(ATTRIBUTES_PATH);
         load(OPERATORS_PATH);
         load(TEST_VALUES_PATH);
         load(TEST_DECISIONS);
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/check_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
similarity index 58%
rename from home/src/main/resources/rdf/accessControl/firsttime/check_types.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
index fd388fa3e0..67a54d6cb7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/check_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
@@ -8,38 +8,29 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:Subject a ao:AttributeType ;
+ai:Subject a ao:Attribute ;
     ao:id "SUBJECT" .
 
-ai:SubjectRole a ao:AttributeType ;
+ai:SubjectRole a ao:Attribute ;
     ao:id "SUBJECT_ROLE_URI" .
 
-ai:SubjectType a ao:AttributeType ;
+ai:SubjectType a ao:Attribute ;
     ao:id "SUBJECT_TYPE" .
 
-ai:AccessObjectUri a ao:AttributeType ;
+ai:AccessObjectUri a ao:Attribute ;
     ao:id "ACCESS_OBJECT_URI" .
 
-ai:AccessObjectType a ao:AttributeType ;
+ai:AccessObjectType a ao:Attribute ;
     ao:id "ACCESS_OBJECT_TYPE" .
 
-ai:Operation a ao:AttributeType ;
+ai:Operation a ao:Attribute ;
     ao:id "OPERATION" .
 
-ai:SubjectNotMatch a ao:AttributeType ;
-    ao:id "SUBJECT_NOT_MATCH" .
-
-ai:ObjectNotMatch a ao:AttributeType ;
-    ao:id "OBJECT_NOT_MATCH" .
-
-ai:RelatesToSubjectProfile a ao:AttributeType ;
-    ao:id "RELATES_TO_SUBJECT_PROFILE" .
-
-ai:StatementPredicateUri a ao:AttributeType ;
+ai:StatementPredicateUri a ao:Attribute ;
     ao:id "STATEMENT_PREDICATE_URI" .
 
-ai:StatementSubjectUri a ao:AttributeType ;
+ai:StatementSubjectUri a ao:Attribute ;
     ao:id "STATEMENT_SUBJECT_URI" .
 
-ai:StatementObjectUri a ao:AttributeType ;
+ai:StatementObjectUri a ao:Attribute ;
     ao:id "STATEMENT_OBJECT_URI" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3 b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
index 7efe76c92e..de6e71bb0e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
@@ -38,7 +38,7 @@ ao:PolicyKey a owl:Class ;
     rdfs:label "Policy key"@en-US .
 
 ao:Check a owl:Class ;
-    rdfs:label "Access rule attribute"@en-US .
+    rdfs:label "Access rule check"@en-US .
 
 ao:Operator a owl:Class ;
     rdfs:label "Operator"@en-US .
@@ -58,8 +58,8 @@ ao:SubjectType a owl:Class ;
 ao:AccesObject a owl:Class ;
     rdfs:label "Access object"@en-US .
 
-ao:AttributeType a owl:Class ;
-    rdfs:label "Attribute type"@en-US .
+ao:Attribute a owl:Class ;
+    rdfs:label "Attribute"@en-US .
 
 ao:Decision a owl:Class ;
     rdfs:label "Decision"@en-US .
@@ -74,7 +74,7 @@ ao:attributeName a owl:DatatypeProperty ,
 
 ao:id a owl:DatatypeProperty ,
     owl:FunctionalProperty ;
-    rdfs:domain ao:AttributeType ;
+    rdfs:domain ao:Attribute ;
     rdfs:range xsd:string ;
     rdfs:label "id"@en-US .
 

From 2cd695edc0c8eac6facf6ac445157d14e4b2daf7 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 20 Oct 2023 10:41:53 +0200
Subject: [PATCH 063/148] clean ups

---
 .../vitro/webapp/auth/policy/PolicyTest.java  | 12 +++++-----
 .../webapp/auth/rules/test_policy_key.n3      |  2 +-
 .../firsttime/policy_editable_pages.n3        | 10 +++++++--
 ...t_values.n3 => profile_proximity_query.n3} | 22 -------------------
 .../{operation_groups.n3 => roles.n3}         | 18 ++++++++++-----
 5 files changed, 27 insertions(+), 37 deletions(-)
 rename home/src/main/resources/rdf/accessControl/firsttime/{test_values.n3 => profile_proximity_query.n3} (86%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{operation_groups.n3 => roles.n3} (55%)

diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index a70d20827d..7c680eaab6 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -33,21 +33,21 @@ public class PolicyTest {
 
     public static final String ONTOLOGY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "ontology.n3";
     public static final String OPERATIONS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "operations.n3";
-    public static final String OPERATION_GROUPS = USER_ACCOUNTS_HOME_FIRSTTIME + "operation_groups.n3";
     public static final String SUBJECT_TYPES = USER_ACCOUNTS_HOME_FIRSTTIME + "subject_types.n3";
     public static final String OBJECT_TYPES = USER_ACCOUNTS_HOME_FIRSTTIME + "object_types.n3";
     public static final String ATTRIBUTES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "attributes.n3";
     public static final String OPERATORS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "operators.n3";
-    public static final String TEST_VALUES_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "test_values.n3";
+    public static final String PROFILE_PROXIMITY_QUERY = USER_ACCOUNTS_HOME_FIRSTTIME + "profile_proximity_query.n3";
     public static final String TEST_DECISIONS = USER_ACCOUNTS_HOME_FIRSTTIME + "decisions.n3";
-    
+    public static final String ROLES = USER_ACCOUNTS_HOME_FIRSTTIME + "roles.n3";
+
     protected static final String RESOURCES_RULES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
     protected static final String RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/";
 
     public static final String VALID_POLICY = RESOURCES_RULES_PREFIX + "test_policy_valid.n3";
     public static final String VALID_POLICY_TEMPLATE = RESOURCES_RULES_PREFIX + "test_policy_valid_set.n3";
     public static final String BROKEN_POLICY_TEMPLATE = RESOURCES_RULES_PREFIX + "test_policy_broken_set.n3";
-    public static final String POLICY_KEY_TEST = RESOURCES_RULES_PREFIX + "test_policy_key.n3";
+    //TODO:Implement public static final String POLICY_KEY_TEST = RESOURCES_RULES_PREFIX + "test_policy_key.n3";
 
     protected static final List<String> ROLE_LIST = Arrays.asList(ADMIN, CURATOR, EDITOR,
             SELF_EDITOR, PUBLIC);
@@ -69,12 +69,12 @@ public void init() {
         configurationDataSet = DatasetFactory.createTxnMem();
         configurationDataSet.addNamedModel(ModelNames.ACCESS_CONTROL, accessControlModel);
         load(OPERATIONS_PATH);
-        load(OPERATION_GROUPS);
+        load(ROLES);
         load(SUBJECT_TYPES);
         load(OBJECT_TYPES);
         load(ATTRIBUTES_PATH);
         load(OPERATORS_PATH);
-        load(TEST_VALUES_PATH);
+        load(PROFILE_PROXIMITY_QUERY);
         load(TEST_DECISIONS);
         RDFServiceModel rdfService = new RDFServiceModel(configurationDataSet);
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
index 6c5ed205cd..a2dbb4fd34 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -26,4 +26,4 @@ ai:KeyTestAttribute rdf:type ao:Check ;
 ai:PolicyKeyTest rdf:type ao:PolicyKey ;
           ao:keyComponent ai:ObjectPropertyAccesObject ;
           ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:DisplayOperationGroup .
+          ao:keyComponent ai:DisplayOperation .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index 6750fe5b8e..2903585cb9 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -50,12 +50,12 @@
 :PredicateIsSomePredicate a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:StatementPredicateUri ;
-    ao:value ai:SomeUriTestData .
+    ao:value :SomeUri .
 
 :ObjectUriIsSomeUri a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:StatementObjectUri ;
-    ao:value ai:SomeUriTestData .
+    ao:value :SomeUri .
 
 :SubjectUriIsProfileRelatedResource a ao:Check ;
     ao:operator ai:SparqlSelectQueryContains ;
@@ -67,3 +67,9 @@
     ao:attribute ai:AccessObjectType ;
     ao:value ai:ObjectPropertyStatementAccesObject .
 
+
+:SomeUri a ao:ValueContainer ;
+    ao:id "?SOME_URI" .
+
+:SomeLiteral a ao:ValueContainer ;
+    ao:id "?SOME_LITERAL" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3 b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
similarity index 86%
rename from home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
index 5ae1dcc490..1433d74e82 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/test_values.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
@@ -80,25 +80,3 @@ ai:PersonProfileProximityToResourceUri a ao:ValueContainer ;
     }
     """ .
 
-ai:SomeUriTestData a ao:ValueContainer ;
-    ao:id "?SOME_URI" .
-
-ai:SomeLiteralTestData a ao:ValueContainer ;
-    ao:id "?SOME_LITERAL" .
-
-#Role value containers 
-
-ai:PublicRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:PUBLIC .
-
-ai:SelfEditorRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:SELF_EDITOR .
-
-ai:EditorRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:EDITOR .
-
-ai:CuratorRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:CURATOR .
-
-ai:AdminRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:ADMIN .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3 b/home/src/main/resources/rdf/accessControl/firsttime/roles.n3
similarity index 55%
rename from home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/roles.n3
index b97d32d411..e55a247166 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/operation_groups.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/roles.n3
@@ -8,11 +8,17 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:DisplayOperationGroup a ao:OperationGroup ;
-    ao:id "DISPLAY_GROUP" .
+ai:PublicRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:PUBLIC .
 
-ai:UpdateOperationGroup a ao:OperationGroup ;
-    ao:id "UPDATE_GROUP" .
+ai:SelfEditorRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:SELF_EDITOR .
 
-ai:PublishOperationGroup a ao:OperationGroup ;
-    ao:id "PUBLISH_GROUP" .    
+ai:EditorRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:EDITOR .
+
+ai:CuratorRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:CURATOR .
+
+ai:AdminRoleValueContainer a ao:ValueContainer ;
+    ao:dataValue auth:ADMIN .

From 6cf7c16cb6997104a923b56d62fe5125b65e91cc Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 23 Oct 2023 18:07:19 +0200
Subject: [PATCH 064/148] new functionality: create data set from data set
 template + custom role for simple permissions

---
 .../vedit/controller/BaseEditController.java  |   2 +-
 .../vedit/controller/OperationController.java |   2 +-
 .../auth/policy/EntityPolicyController.java   |   5 +-
 .../webapp/auth/policy/PolicyLoader.java      | 233 ++++++-
 .../auth/policy/PolicyTemplateController.java | 105 +++
 ...ccessAllowedClassesPolicyTemplateTest.java |   6 +-
 ...ssAllowedPropertiesPolicyTemplateTest.java |   6 +-
 ...edAllowedPropertiesPolicyTemplateTest.java |   6 +-
 .../webapp/auth/policy/PolicyLoaderTest.java  |  62 ++
 .../vitro/webapp/auth/policy/PolicyTest.java  |   1 +
 ...java => SimplePermissionTemplateTest.java} |  48 +-
 ...edAllowedPropertiesPolicyTemplateTest.java |   2 +-
 .../webapp/auth/rules/data_set_templates.n3   |  82 +++
 .../rdf/accessControl/firsttime/ontology.n3   |  35 +
 .../template_access_allowed_property.n3       | 602 ++++++++++++++++++
 .../firsttime/template_simple_permissions.n3  |  85 ++-
 16 files changed, 1214 insertions(+), 68 deletions(-)
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
 rename api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/{SimplePermissionPolicyTest.java => SimplePermissionTemplateTest.java} (76%)
 create mode 100644 api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3

diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
index 4b8cef08d3..526f2196fd 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
@@ -226,7 +226,7 @@ protected static void addAccessAttributes(HttpServletRequest req, String entityU
                 // predefined values
                 req.setAttribute(attributeName, roleUris);
             } else {
-                // Get the permission sets that are granted permission for this entity
+                // Get the permission sets that grant permission for this entity
                 req.setAttribute(attributeName, EntityPolicyController.getGrantedRoles(entityURI, ao, aot, roleUris));
             }
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
index 8114aa2970..07c3735c9b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
@@ -161,7 +161,7 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
                         if (selectedRoles == null) {
                             selectedRoles = new String[0];
                         }
-                        EntityPolicyController.updateEntityPolicyDataSet(entityUri, AccessObjectType.valueOf(entityType), ao, Arrays.asList(selectedRoles), roleUris);
+                        EntityPolicyController.updateEntityDataSet(entityUri, AccessObjectType.valueOf(entityType), ao, Arrays.asList(selectedRoles), roleUris);
                     }
                 }
             }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index c94823d578..47e845c8c9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -29,7 +29,7 @@ public class EntityPolicyController {
      * @param selectedRoles - list of roles to assign
      * @param allRoles - list of all available roles
      */
-    public static void updateEntityPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation og,
+    public static void updateEntityDataSet(String entityUri, AccessObjectType aot, AccessOperation og,
             List<String> selectedRoles, List<String> allRoles) {
         if (StringUtils.isBlank(entityUri)) {
             return;
@@ -39,7 +39,8 @@ public static void updateEntityPolicyDataSet(String entityUri, AccessObjectType
             boolean isInDataSet = isUriInTestDataset(entityUri, og, aot, role);
             boolean isSelected = selectedSet.contains(role);
             final PolicyLoader loader = PolicyLoader.getInstance();
-            final String dataSetUri = loader.getDataSetUriByKey(og, aot, role);
+            final String dataSetUri =
+                    loader.getDataSetUriByKey(new String[] { role }, new String[] { og.toString(), aot.toString() });
 
             if (dataSetUri == null) {
                 log.debug(
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 3ab2a307e0..a68317a00d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -7,9 +7,11 @@
 import java.io.InputStream;
 import java.io.StringWriter;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
@@ -240,6 +242,87 @@ public class PolicyLoader {
 
     private static final String policyStatementByKeyTemplateSuffix = "}}";
 
+    public static final String DATA_SET_TEMPLATES_QUERY = ""
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "SELECT ?dataSetTemplate ?dataSets ( COUNT(?key) AS ?keySize )\n"
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "    ?dataSets ao:policyDataSetTemplate ?dataSetTemplate .\n"
+            + "    ?dataSetTemplate ao:dataSetTemplateKey ?dataSetTemplateKey .\n"
+            + "    ?dataSetTemplateKey ao:templateKey ai:SubjectRole .\n"
+            + "    ?dataSetTemplateKey ao:templateKey ?key .\n"
+            + "  }\n"
+            + "}\n"
+            + "GROUP BY ?dataSetTemplate ?dataSets"; 
+
+    public static final String DATA_SET_KEY_TEMPLATE_QUERY = ""
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "SELECT ?keyComponent \n"
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "    ?dataSetTemplate ao:dataSetKeyTemplate ?dataSetKeyTemplate .\n"
+            + "    ?dataSetKeyTemplate ao:keyComponent ?keyComponent .\n"
+            + "  }\n"
+            + "}\n"; 
+    
+    public static final String DATA_SET_KEY_TEMPLATES_TEMPLATE_QUERY = ""
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "SELECT ?keyComponentTemplate \n"
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "    ?dataSetTemplate ao:dataSetKeyTemplate ?dataSetKeyTemplate .\n"
+            + "    ?dataSetKeyTemplate ao:keyComponentTemplate ?keyComponentTemplate .\n"
+            + "  }\n"
+            + "}\n"; 
+    
+    public static final String DATA_SET_VALUE_TEMPLATE_QUERY = ""
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "SELECT ?valueContainer \n"
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "    ?dataSetTemplate ao:dataSetValues ?valueContainer .\n"
+            + "  }\n"
+            + "}\n"; 
+    
+    
+    public static final String DATA_SET_VALUE_CONTAINER_TEMPLATES_TEMPLATE_QUERY = ""
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "SELECT ?valueContainerTemplate \n"
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "    ?dataSetTemplate ao:dataSetValueTemplate ?valueContainerTemplate .\n"
+            + "  }\n"
+            + "}\n";
+    
+    public static final String CONSTRUCT_VALUE_CONTAINER_QUERY = ""
+            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "CONSTRUCT {\n"
+            + "  ?relatedAttributeValueSet ao:attributeValue ?valueContainer .\n"
+            + "  ?valueContainer a ao:ValueContainer .\n"
+            + "  ?valueContainer ao:containerType ?containerType .\n"
+            + "  ?valueContainer ao:dataValue ?newRoleUri .\n"
+            + "  ?valueContainer ao:dataValue ?dataValue ."
+            + "}\n"
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "    ?valueContainerTemplateUri ao:relatedValueSet ?relatedAttributeValueSet .\n"
+            + "    ?valueContainerTemplateUri ao:containerTypeTemplate ?containerType .\n"
+            + "    OPTIONAL {\n"
+            + "      ?valueContainerTemplateUri ao:defaultValue ?dataValue .\n"
+            + "    }\n"
+            + "    OPTIONAL {\n"
+            + "      FILTER ( str(?containerType) = 'https://vivoweb.org/ontology/vitro-application/auth/individual/SubjectRole' )\n"
+            + "      BIND(?role as ?newRoleUri)\n"
+            + "    }"
+            + "  }"
+            + "}\n";
+    
     private RDFService rdfService;
     public static final String RULE = "rule";
     public static final String LITERAL_VALUE = "lit_value";
@@ -470,10 +553,10 @@ public void modifyPolicyDataSetValue(String entityUri, AccessOperation og, Acces
             log.error("statements to add/delete are empty");
             return;
         }
-        updateUserAccountsModel(m, isAdd);
+        updateAccessControlModel(m, isAdd);
     }
 
-    private void updateUserAccountsModel(Model data, boolean isAdd) {
+    void updateAccessControlModel(Model data, boolean isAdd) {
         StringWriter sw = new StringWriter();
         data.write(sw, "TTL");
         updateAccessControlModel(sw.toString(), isAdd);
@@ -498,7 +581,7 @@ public void updateAccessControlModel(String data, boolean isAdd) {
     }
 
     private String modelToString(String ruleData, boolean isAdd) {
-        String message = (isAdd ? "Adding to" : "Removing from") + " user accounts model \n" + ruleData;
+        String message = (isAdd ? "Adding to" : "Removing from") + " access control model \n" + ruleData;
         return message;
     }
 
@@ -524,7 +607,7 @@ private static String getPolicyTestValuesByKeyQuery(String[] uris, String[] ids)
         }
         int i = 0;
         for (String id : ids) {
-            query.append(String.format("  ?dataSetKeyUri ao:keyComponent ?uri%d .\n ?uri%d ao:id \"%s\" . \n", i, i, id));
+            query.append(String.format("  ?dataSetKeyUri ao:keyComponent ?uri%d .\n  ?uri%d ao:id \"%s\" . \n", i, i, id));
             i++;
         }
         query.append(policyKeyTemplateSuffix);
@@ -728,7 +811,7 @@ private static boolean isInvalidPolicySolution(QuerySolution qs) {
 
     private static void debug(String template, Object... objects) {
         if (log.isDebugEnabled()) {
-            log.debug(String.format(template, objects));
+            log.error(String.format(template, objects));
         }
     }
 
@@ -747,10 +830,9 @@ private ChangeSet makeChangeSet() {
         return cs;
     }
 
-    public String getDataSetUriByKey(AccessOperation og, AccessObjectType aot, String role) {
-        long expectedSize = 3;
-        final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
-                new String[] { og.toString(), aot.toString() });
+    public String getDataSetUriByKey(String[] uris, String[] ids) {
+        long expectedSize = uris.length + ids.length;
+        final String queryText = getPolicyTestValuesByKeyQuery(uris, ids);
         debug("SPARQL Query to get policy data set values:\n %s", queryText);
         String[] uri = new String[1];
         try {
@@ -773,4 +855,137 @@ protected void processQuerySolution(QuerySolution qs) {
         }
         return uri[0];
     }
+
+    public Map<String,String> getRoleDataSetTemplates() {
+        Map<String,String> dataSetTemplates = new HashMap<>();
+        long expectedSize = 1;
+        final String queryText = DATA_SET_TEMPLATES_QUERY;
+        debug("SPARQL Query to get data set templates:\n %s", queryText);
+        try {
+            rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (!qs.contains("keySize") || !qs.get("keySize").isLiteral()) {
+                        return;
+                    }
+                    long keySize = qs.getLiteral("keySize").getLong();
+                    if (expectedSize != keySize) {
+                        return;
+                    }
+                    if (!qs.contains("dataSetTemplate") || !qs.get("dataSetTemplate").isResource()) {
+                       return;
+                    }
+                    if (!qs.contains("dataSets") || !qs.get("dataSets").isResource()) {
+                        return;
+                     }
+                    dataSetTemplates.put(
+                            qs.getResource("dataSetTemplate").getURI(),
+                            qs.getResource("dataSets").getURI());
+                }
+            });
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+        return dataSetTemplates;
+    }
+
+    public List<String> getDataSetKeysFromTemplate(String templateUri) {
+        List<String> dataSetKeys = new LinkedList<>();
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(DATA_SET_KEY_TEMPLATE_QUERY);
+        pss.setIri("dataSetTemplate", templateUri);
+        final String queryText = pss.toString();
+        debug("SPARQL Query to get data set templates:\n %s", queryText);
+        try {
+            rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (qs.contains("keyComponent") && qs.get("keyComponent").isResource()) {
+                        dataSetKeys.add(qs.getResource("keyComponent").getURI());
+                    }
+                }
+            });
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+        return dataSetKeys;
+    }
+
+    public List<String> getDataSetKeyTemplatesFromTemplate(String templateUri) {
+        List<String> dataSetDraftKeys = new LinkedList<>();
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(DATA_SET_KEY_TEMPLATES_TEMPLATE_QUERY);
+        pss.setIri("dataSetTemplate", templateUri);
+        final String queryText = pss.toString();
+        debug("SPARQL Query to get data set templates:\n %s", queryText);
+        try {
+            rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (qs.contains("keyComponentTemplate") && qs.get("keyComponentTemplate").isResource()) {
+                        dataSetDraftKeys.add(qs.getResource("keyComponentTemplate").getURI());
+                    }
+                }
+            });
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+        return dataSetDraftKeys;
+    }
+
+    public List<String> getDataSetValuesFromTemplate(String templateUri) {
+        List<String> valueContainers = new LinkedList<>();
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(DATA_SET_VALUE_TEMPLATE_QUERY);
+        pss.setIri("dataSetTemplate", templateUri);
+        final String queryText = pss.toString();
+        debug("SPARQL Query to get data set values from data set template:\n %s", queryText);
+        try {
+            rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (qs.contains("valueContainer") && qs.get("valueContainer").isResource()) {
+                        valueContainers.add(qs.getResource("valueContainer").getURI());
+                    }
+                }
+            });
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+        return valueContainers;
+    }
+
+    public List<String> getDataSetValueTemplatesFromTemplate(String templateUri) {
+        List<String> valueContainerTemplates = new LinkedList<>();
+        ParameterizedSparqlString pss =
+                new ParameterizedSparqlString(DATA_SET_VALUE_CONTAINER_TEMPLATES_TEMPLATE_QUERY);
+        pss.setIri("dataSetTemplate", templateUri);
+        final String queryText = pss.toString();
+        debug("SPARQL Query to get data set value container templates from data set template:\n %s", queryText);
+        try {
+            rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (qs.contains("valueContainerTemplate") && qs.get("valueContainerTemplate").isResource()) {
+                        valueContainerTemplates.add(qs.getResource("valueContainerTemplate").getURI());
+                    }
+                }
+            });
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+        return valueContainerTemplates;
+    }
+
+    public void constructValueContainer(String valueContainerTemplateUri, String valueContainer, String role,
+            Model dataSetModel) {
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(CONSTRUCT_VALUE_CONTAINER_QUERY);
+        pss.setIri("valueContainerTemplateUri", valueContainerTemplateUri);
+        pss.setIri("valueContainer", valueContainer);
+        pss.setIri("role", role);
+        debug("SPARQL Construct Query to create value container \n %s", pss.toString());
+        try {
+            rdfService.sparqlConstructQuery(pss.toString(), dataSetModel);
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+    }
+    
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
new file mode 100644
index 0000000000..4b9973c55a
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -0,0 +1,105 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import java.util.List;
+import java.util.Map;
+
+import edu.cornell.mannlib.vitro.webapp.rdfservice.adapters.VitroModelFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.impl.StatementImpl;
+
+public class PolicyTemplateController {
+
+    private static final Log log = LogFactory.getLog(PolicyTemplateController.class);
+    private static final String PREFIX_AO = "https://vivoweb.org/ontology/vitro-application/auth/vocabulary/";
+
+    public static void createRoleDataSets(String roleUri) {
+
+        // Execute sparql query to get all data set templates that have ao:templateKey ai:SubjectRole .
+        Map<String, String> templates = PolicyLoader.getInstance().getRoleDataSetTemplates();
+        for (String templateUri : templates.keySet()) {
+            createRoleDataSet(templateUri, roleUri, templates.get(templateUri));
+        }
+        // For each data set template:
+        // SPARQL construct Query to get ?dataSetsUri, value container templates
+    }
+
+    private static void createRoleDataSet(String dataSetTemplateUri, String roleUri, String dataSetsUri) {
+        String role = getRoleShortName(roleUri);
+        String dataSetUri = getUriFromTemplate(dataSetTemplateUri, role);
+        // TODO: Check uri doesn't exists in access control graph
+        String dataSetKeyUri = dataSetUri + "Key";
+        // TODO: Check uri doesn't exists in access control graph
+        PolicyLoader policyLoader = PolicyLoader.getInstance();
+        List<String> keys = policyLoader.getDataSetKeysFromTemplate(dataSetTemplateUri);
+        List<String> keyTemplates = policyLoader.getDataSetKeyTemplatesFromTemplate(dataSetTemplateUri);
+        for (String keyTemplate : keyTemplates) {
+            if (keyTemplate.equals("https://vivoweb.org/ontology/vitro-application/auth/individual/SubjectRole")) {
+                keys.add(roleUri);
+            } else {
+                log.error(String.format("Not recognized key template found '%s'", keyTemplate));
+                return;
+            }
+        }
+        Model dataSetModel = VitroModelFactory.createModel();
+        // Add ?dataSets ao:policyDataSet dataSetUri .
+        dataSetModel.add(new StatementImpl(
+                dataSetModel.createResource(dataSetsUri),
+                dataSetModel.createProperty(PREFIX_AO + "policyDataSet"),
+                dataSetModel.createResource(dataSetUri)));
+        
+        dataSetModel.add(new StatementImpl(
+                dataSetModel.createResource(dataSetUri),
+                dataSetModel.createProperty(PREFIX_AO + "dataSetKey"),
+                dataSetModel.createResource(dataSetKeyUri)));
+        
+        for (String key : keys) {
+            dataSetModel.add(new StatementImpl(
+                    dataSetModel.createResource(dataSetKeyUri),
+                    dataSetModel.createProperty(PREFIX_AO + "keyComponent"),
+                    dataSetModel.createResource(key)));
+        }
+        
+        List<String> valueContainerUris = policyLoader.getDataSetValuesFromTemplate(dataSetTemplateUri);
+        for (String valueContainerUri : valueContainerUris) {
+            // Add ?dataSetUri ao:dataSetValues ?valueContainerUri .
+            dataSetModel.add(new StatementImpl(
+                    dataSetModel.createResource(dataSetUri),
+                    dataSetModel.createProperty(PREFIX_AO + "dataSetValues"),
+                    dataSetModel.createResource(valueContainerUri)));
+        }
+
+        List<String> valueContainerTemplateUris = policyLoader.getDataSetValueTemplatesFromTemplate(dataSetTemplateUri);
+
+        for (String valueContainerTemplateUri : valueContainerTemplateUris) {
+            String valueContainerUri = getUriFromTemplate(valueContainerTemplateUri, role);
+            dataSetModel.add(new StatementImpl(
+                    dataSetModel.createResource(dataSetUri),
+                    dataSetModel.createProperty(PREFIX_AO + "dataSetValues"),
+                    dataSetModel.createResource(valueContainerUri)));
+            
+            policyLoader.constructValueContainer(valueContainerTemplateUri, valueContainerUri, roleUri, dataSetModel);
+            // TODO: Check uri doesn't exists in access control graph
+            // If value container template is subject role, then role uri should be added to the container
+        }
+        policyLoader.updateAccessControlModel(dataSetModel, true);
+    }
+
+    private static String getRoleShortName(String roleUri) {
+        String slashSplit = roleUri.substring(roleUri.lastIndexOf('/') + 1);
+        String hashSplit = slashSplit.substring(slashSplit.lastIndexOf('#') + 1);
+        return Character.toUpperCase(hashSplit.charAt(0)) + hashSplit.substring(1).toLowerCase();
+    }
+
+    private static String getUriFromTemplate(String templateUri, String name) {
+        String templatePrefix = templateUri.substring(0, templateUri.lastIndexOf('/') + 1);
+        String templateName = templateUri.substring(templateUri.lastIndexOf('/') + 1);
+        int index = templateName.lastIndexOf("Template");
+        if (templateName.endsWith("Template") && index > 0) {
+            templateName = templateName.substring(0, index);
+        }
+        return templatePrefix + name + templateName;
+    }
+
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
index 2a0c8d36bd..c3a7fc93fc 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
@@ -29,7 +29,7 @@ public class AccessAllowedClassesPolicyTemplateTest extends PolicyTest {
     public String dataSetUri;
 
     @org.junit.runners.Parameterized.Parameter(1)
-    public AccessOperation group;
+    public AccessOperation ao;
 
     @org.junit.runners.Parameterized.Parameter(2)
     public AccessObjectType type;
@@ -46,11 +46,11 @@ public class AccessAllowedClassesPolicyTemplateTest extends PolicyTest {
     @Test
     public void testPolicy() {
         load(POLICY_TEMPLATE_MATCH_CLASS_PATH);
-        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
         DynamicPolicy policy = null;
         policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_CLASS_PREFIX + dataSetUri);
         countRulesAndAttributes(policy, rulesCount, attrCount);
-        Set<String> values = loader.getDataSetValues(group, type, roleUri);
+        Set<String> values = loader.getDataSetValues(ao, type, roleUri);
         assertFalse(values.isEmpty());
     }
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
index a6b8b24f86..7df926f45e 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
@@ -35,7 +35,7 @@ public class AccessAllowedPropertiesPolicyTemplateTest extends PolicyTest {
     public String dataSetUri;
 
     @org.junit.runners.Parameterized.Parameter(1)
-    public AccessOperation group;
+    public AccessOperation ao;
 
     @org.junit.runners.Parameterized.Parameter(2)
     public AccessObjectType type;
@@ -52,11 +52,11 @@ public class AccessAllowedPropertiesPolicyTemplateTest extends PolicyTest {
     @Test
     public void testPolicy() {
         load(POLICY_TEMPLATE_PATH);
-        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
         DynamicPolicy policy = null;
         policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_PROPERTY_PREFIX + dataSetUri);
         countRulesAndAttributes(policy, rulesCount, attrCount);
-        Set<String> values = loader.getDataSetValues(group, type, roleUri);
+        Set<String> values = loader.getDataSetValues(ao, type, roleUri);
         assertFalse(values.isEmpty());
     }
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
index ef6d7310f6..c1ca39274a 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -30,7 +30,7 @@ public class AccessRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest
     public String dataSetUri;
 
     @org.junit.runners.Parameterized.Parameter(1)
-    public AccessOperation group;
+    public AccessOperation ao;
 
     @org.junit.runners.Parameterized.Parameter(2)
     public AccessObjectType type;
@@ -47,11 +47,11 @@ public class AccessRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest
     @Test
     public void testPolicy() {
         load(POLICY_TEMPLATE_PATH);
-        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
         DynamicPolicy policy = null;
         policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_PROPERTY_PREFIX + dataSetUri);
         countRulesAndAttributes(policy, rulesCount, attrCount);
-        Set<String> values = loader.getDataSetValues(group, type, roleUri);
+        Set<String> values = loader.getDataSetValues(ao, type, roleUri);
         assertFalse(values.isEmpty());
     }
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
new file mode 100644
index 0000000000..41176797b2
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
@@ -0,0 +1,62 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.List;
+import java.util.Map;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import org.junit.Test;
+
+public class PolicyLoaderTest extends PolicyTest {
+
+    private static final String PREFIX =
+            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/test-data-set-templates/";
+    public static final String DATA_SET = RESOURCES_RULES_PREFIX + "data_set_templates.n3";
+
+    @Test
+    public void getRoleDataSetTemplatesTest() {
+        load(DATA_SET);
+        Map<String, String> templates = PolicyLoader.getInstance().getRoleDataSetTemplates();
+        assertEquals(2, templates.size());
+        assertTrue(templates.containsKey(PREFIX + "RoleDataSetTemplate1"));
+        assertEquals(PREFIX + "DataSets" , templates.get(PREFIX + "RoleDataSetTemplate1"));
+        assertTrue(templates.containsKey(PREFIX + "RoleDataSetTemplate2"));
+        assertEquals(PREFIX + "DataSets" , templates.get(PREFIX + "RoleDataSetTemplate2"));
+    }
+
+    @Test
+    public void getRoleDataSetKeyTemplateTest() {
+        load(DATA_SET);
+        List<String> keys = PolicyLoader.getInstance().getDataSetKeysFromTemplate(PREFIX + "RoleDataSetTemplate1");
+        assertEquals(2, keys.size());
+        assertTrue(keys.contains("https://vivoweb.org/ontology/vitro-application/auth/individual/NamedObject"));
+        assertTrue(keys.contains("https://vivoweb.org/ontology/vitro-application/auth/individual/ExecuteOperation"));
+    }
+
+    @Test
+    public void getRoleDataSetDraftKeyTemplateTest() {
+        load(DATA_SET);
+        List<String> keys = PolicyLoader.getInstance().getDataSetKeyTemplatesFromTemplate(PREFIX + "RoleDataSetTemplate1");
+        assertEquals(1, keys.size());
+        assertTrue(keys.contains("https://vivoweb.org/ontology/vitro-application/auth/individual/SubjectRole"));
+    }
+
+    @Test
+    public void getDataSetUriByKeyTest() {
+        load(DATA_SET);
+        String uri = PolicyLoader.getInstance().getDataSetUriByKey(
+                new String[] { "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC" },
+                new String[] { AccessObjectType.NAMED_OBJECT.toString() });
+        assertEquals(PREFIX + "PublicDataSet", uri);
+    }
+    
+    @Test
+    public void getRoleDataSetValuesTemplateTest() {
+        load(DATA_SET);
+        List<String> values = PolicyLoader.getInstance().getDataSetValuesFromTemplate(PREFIX + "RoleDataSetTemplate1");
+        assertEquals(1, values.size());
+        assertEquals(values.get(0), "https://vivoweb.org/ontology/vitro-application/auth/individual/PublicRoleValueContainer");
+    }
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 7c680eaab6..be8b4ba79d 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -30,6 +30,7 @@ public class PolicyTest {
     protected static final String SELF_EDITOR = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR";
     protected static final String CURATOR = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR";
     protected static final String PUBLIC = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
+    protected static final String CUSTOM = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CUSTOM";
 
     public static final String ONTOLOGY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "ontology.n3";
     public static final String OPERATIONS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "operations.n3";
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
similarity index 76%
rename from api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
rename to api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
index bbfb94f097..646e341398 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
@@ -5,13 +5,14 @@
 
 import java.util.Arrays;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import org.junit.Test;
 
-public class SimplePermissionPolicyTest extends PolicyTest {
+public class SimplePermissionTemplateTest extends PolicyTest {
 
     public static final String ADMIN_SIMPLE_PERMISSIONS_PATH = "simple_permissions_admin";
     public static final String CURATOR_SIMPLE_PERMISSIONS_PATH = "simple_permissions_curator";
@@ -24,14 +25,14 @@ public class SimplePermissionPolicyTest extends PolicyTest {
     public void testAdminSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + ADMIN_SIMPLE_PERMISSIONS_PATH + EXT);
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/AdminSimplePermissionDataSet";
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/AdminDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
-        assertEquals(3, rule.getChecksCount());
+        assertEquals(4, rule.getChecksCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "SeeSiteAdminPage");
         ar.setRoleUris(Arrays.asList(CURATOR));
@@ -44,14 +45,14 @@ public void testAdminSimplePermissionPolicy() {
     public void testCuratorSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + CURATOR_SIMPLE_PERMISSIONS_PATH + EXT);
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/CuratorSimplePermissionDataSet";
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/CuratorDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
-        assertEquals(3, rule.getChecksCount());
+        assertEquals(4, rule.getChecksCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "EditOntology");
         ar.setRoleUris(Arrays.asList(EDITOR));
@@ -64,14 +65,14 @@ public void testCuratorSimplePermissionPolicy() {
     public void testEditorSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + EDITOR_SIMPLE_PERMISSIONS_PATH + EXT);
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/EditorSimplePermissionDataSet";
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/EditorDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
-        assertEquals(3, rule.getChecksCount());
+        assertEquals(4, rule.getChecksCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "DoBackEndEditing");
         ar.setRoleUris(Arrays.asList(SELF_EDITOR));
@@ -84,14 +85,14 @@ public void testEditorSimplePermissionPolicy() {
     public void testSelfEditorSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_PATH + EXT);
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/SelfEditorSimplePermissionDataSet";
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/SelfEditorDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
-        assertEquals(3, rule.getChecksCount());
+        assertEquals(4, rule.getChecksCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "DoFrontEndEditing");
         ar.setRoleUris(Arrays.asList(PUBLIC));
@@ -104,14 +105,14 @@ public void testSelfEditorSimplePermissionPolicy() {
     public void testPublicSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + PUBLIC_SIMPLE_PERMISSIONS_PATH + EXT);
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/PublicSimplePermissionDataSet";
+        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/PublicDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
         assertEquals(1, policy.getRules().size());
         final AccessRule rule = policy.getRules().iterator().next();
         assertEquals(true, rule.isAllowMatched());
-        assertEquals(3, rule.getChecksCount());
+        assertEquals(4, rule.getChecksCount());
 
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "QueryFullModel");
         ar.setRoleUris(Arrays.asList(""));
@@ -119,5 +120,30 @@ public void testPublicSimplePermissionPolicy() {
         ar.setRoleUris(Arrays.asList(PUBLIC));
         assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
     }
+    
+    @Test
+    public void testCustomRole() {
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
+        
+        //Create custom data set
+        PolicyTemplateController.createRoleDataSets(CUSTOM);
+        //Get data set uri by key: role uri and named object
+        String dataSetUri = loader.getDataSetUriByKey(new String[] { CUSTOM }, new String[] { AccessObjectType.NAMED_OBJECT.toString() });
+
+        assertTrue(dataSetUri != null);
+        DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
+        assertTrue(policy != null);
+        assertEquals(1000, policy.getPriority());
+        assertEquals(1, policy.getRules().size());
+        final AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(true, rule.isAllowMatched());
+        assertEquals(4, rule.getChecksCount());
+
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(SimplePermission.NS + "QueryFullModel");
+        ar.setRoleUris(Arrays.asList(PUBLIC));
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        ar.setRoleUris(Arrays.asList(CUSTOM));
+        assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
+    }
 
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
index 91f91ffa45..a1666ed486 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -48,7 +48,7 @@ public class UpdateRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest
     @Test
     public void testPolicy() {
         load(POLICY_TEMPLATE_PATH);
-        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        EntityPolicyController.updateEntityDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
         DynamicPolicy policy = null;
         policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_PROPERTY_PREFIX + "SelfEditor" + dataSetUri + "DataSet");
         countRulesAndAttributes(policy, rulesCount, attrCount);
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
new file mode 100644
index 0000000000..bc29f23d22
--- /dev/null
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -0,0 +1,82 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/test-data-set-templates/> .
+
+:PolicyTemplate a ao:PolicyTemplate ;
+    ao:policyDataSets :DataSets ;
+    ao:rules :RuleSet .
+
+:DataSets a ao:PolicyDataSets ;
+    ao:policyDataSetTemplate :RoleDataSetTemplate1 ;
+    ao:policyDataSetTemplate :RoleDataSetTemplate2 ;
+    ao:policyDataSet :PublicDataSet .
+
+#Role data set templates
+
+
+:RoleDataSetTemplate1 a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleDataSetTemplateKey1 ;
+    ao:dataSetKeyTemplate :RoleDataSetKeyTemplate1 ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValueTemplate :RoleValueContainerTemplate1 ;
+    ao:dataSetValueTemplate :RolePermissionValueContainerTemplate1 .  
+
+:RoleDataSetTemplateKey1 a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleDataSetKeyTemplate1 a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponent ai:ExecuteOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleValueContainerTemplate1 a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RolePermissionValueContainerTemplate1 a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :TypeValueSet;
+    ao:defaultValue simplePermission:PageViewablePublic;
+    ao:defaultValue simplePermission:QueryFullModel ;
+    ao:containerTypeTemplate ai:NamedObject .
+
+
+:RoleDataSetTemplate2 a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleDataSetTemplateKey2 ;
+    ao:dataSetKeyTemplate :RoleDataSetKeyTemplate2 ;
+    ao:dataSetValueTemplate :RoleValueContainerTemplate2 ;
+    ao:dataSetValueTemplate :RolePermissionValueContainerTemplate2 .  
+
+:RoleDataSetTemplateKey2 a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleDataSetKeyTemplate2 a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleValueContainerTemplate2 a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RolePermissionValueContainerTemplate2 a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :TypeValueSet;
+    ao:containerTypeTemplate ai:NamedObject .
+
+:PublicDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDataSetKey ;
+    ao:dataSetValues ai:PublicRoleValueContainer ;
+    ao:dataSetValues ai:PublicSimplePermissionValueContainer .
+
+:PublicDataSetKey a ao:DataSetKey ;
+    ao:keyComponent ai:NamedObject ;
+    ao:keyComponent auth:PUBLIC .
+
+ai:PublicSimplePermissionValueContainer a ao:ValueContainer ;
+    ao:containerType ai:NamedObject .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3 b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
index de6e71bb0e..233ab57ce3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
@@ -64,6 +64,18 @@ ao:Attribute a owl:Class ;
 ao:Decision a owl:Class ;
     rdfs:label "Decision"@en-US .
 
+ao:DataSetTemplate a owl:Class ;
+    rdfs:label "Data set template"@en-US .
+
+ao:DataSetTemplateKey a owl:Class ;
+    rdfs:label "Data set template key"@en-US .
+
+ao:DataSetKeyTemplate a owl:Class ;
+    rdfs:label "Data set key template"@en-US .
+
+ao:ValueContainerTemplate a owl:Class ;
+    rdfs:label "Value container template"@en-US .
+
 #### Data properties
 
 ao:attributeName a owl:DatatypeProperty ,
@@ -90,6 +102,29 @@ ao:priority a owl:DatatypeProperty ,
 
 #### Object properties
 
+ao:dataSetValues a owl:ObjectProperty .
+
+ao:defaultValue a owl:ObjectProperty ;
+    rdfs:domain ao:ValueContainerTemplate .
+
+ao:containerTypeTemplate a owl:ObjectProperty ;
+    rdfs:domain ao:ValueContainerTemplate .
+
+ao:relatedValueSet a owl:ObjectProperty ;
+    rdfs:domain ao:ValueContainerTemplate ;
+    rdfs:range ao:AttributeValueSet .
+
+ao:dataSetTemplateKey a owl:ObjectProperty ;
+    rdfs:domain ao:DataSetTemplate ;
+    rdfs:range ao:DataSetTemplateKey .
+
+ao:dataSetValueTemplate a owl:ObjectProperty ;
+    rdfs:domain ao:DataSetTemplate ;
+    rdfs:range ao:ValueContainerTemplate .
+
+ao:templateKey a owl:ObjectProperty ;
+    rdfs:domain ao:DataSetTemplateKey .
+
 ao:check a owl:ObjectProperty ;
     rdfs:domain ao:Rule ;
     rdfs:range ao:Check .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 063a94e9e3..3a12bb93db 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -23,10 +23,12 @@
     ao:policyDataSet :EditorDisplayDataPropertyDataSet ;
     ao:policyDataSet :CuratorDisplayDataPropertyDataSet ;
     ao:policyDataSet :AdminDisplayDataPropertyDataSet ;
+
     ao:policyDataSet :PublicDisplayFauxObjectPropertyDataSet ;
     ao:policyDataSet :EditorDisplayFauxObjectPropertyDataSet ;
     ao:policyDataSet :CuratorDisplayFauxObjectPropertyDataSet ;
     ao:policyDataSet :AdminDisplayFauxObjectPropertyDataSet ;
+
     ao:policyDataSet :PublicDisplayFauxDataPropertyDataSet ;
     ao:policyDataSet :EditorDisplayFauxDataPropertyDataSet ;
     ao:policyDataSet :CuratorDisplayFauxDataPropertyDataSet ;
@@ -35,12 +37,15 @@
     ao:policyDataSet :EditorPublishObjectPropertyDataSet ;
     ao:policyDataSet :CuratorPublishObjectPropertyDataSet ;
     ao:policyDataSet :AdminPublishObjectPropertyDataSet ;
+
     ao:policyDataSet :EditorPublishDataPropertyDataSet ;
     ao:policyDataSet :CuratorPublishDataPropertyDataSet ;
     ao:policyDataSet :AdminPublishDataPropertyDataSet ;
+
     ao:policyDataSet :EditorPublishFauxObjectPropertyDataSet ;
     ao:policyDataSet :CuratorPublishFauxObjectPropertyDataSet ;
     ao:policyDataSet :AdminPublishFauxObjectPropertyDataSet ;
+
     ao:policyDataSet :EditorPublishFauxDataPropertyDataSet ;
     ao:policyDataSet :CuratorPublishFauxDataPropertyDataSet ;
     ao:policyDataSet :AdminPublishFauxDataPropertyDataSet ;
@@ -104,9 +109,597 @@
     ao:policyDataSet :EditorDropFauxDataPropertyDataSet ;
     ao:policyDataSet :CuratorDropFauxDataPropertyDataSet ;
     ao:policyDataSet :AdminDropFauxDataPropertyDataSet ;
+
+    ao:policyDataSetTemplate :RoleDisplayObjectPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RolePublishObjectPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleAddObjectPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleDropObjectPropertyDataSetTemplate ;
+
+    ao:policyDataSetTemplate :RoleEditObjectPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleDisplayDataPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RolePublishDataPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleAddDataPropertyDataSetTemplate ;
+
+    ao:policyDataSetTemplate :RoleDropDataPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleEditDataPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleDisplayFauxObjectPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RolePublishFauxObjectPropertyDataSetTemplate ;
+
+    ao:policyDataSetTemplate :RoleAddFauxObjectPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleDropFauxObjectPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleEditFauxObjectPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleDisplayFauxDataPropertyDataSetTemplate ;
+
+    ao:policyDataSetTemplate :RolePublishFauxDataPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleAddFauxDataPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleDropFauxDataPropertyDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleEditFauxDataPropertyDataSetTemplate ;
     .
 
 
+
+#Role DisplayObjectProperty data set template
+
+:RoleDisplayObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleDisplayObjectPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleDisplayObjectPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleDisplayObjectPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleDisplayObjectPropertyEntityValueContainerTemplate .  
+
+:RoleDisplayObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleDisplayObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:DisplayOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleDisplayObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleDisplayObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:ObjectPropertyAccesObject .
+
+#Role PublishObjectProperty data set template
+
+:RolePublishObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RolePublishObjectPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RolePublishObjectPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValueTemplate :RolePublishObjectPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RolePublishObjectPropertyEntityValueContainerTemplate .  
+
+:RolePublishObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RolePublishObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:PublishOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RolePublishObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RolePublishObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:ObjectPropertyAccesObject .
+
+#Role AddObjectProperty data set template
+
+:RoleAddObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleAddObjectPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleAddObjectPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleAddObjectPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleAddObjectPropertyEntityValueContainerTemplate .  
+
+:RoleAddObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleAddObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:AddOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleAddObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleAddObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:ObjectPropertyAccesObject .
+
+#Role DropObjectProperty data set template
+
+:RoleDropObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleDropObjectPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleDropObjectPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleDropObjectPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleDropObjectPropertyEntityValueContainerTemplate .  
+
+:RoleDropObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleDropObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:DropOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleDropObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleDropObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:ObjectPropertyAccesObject .
+
+#Role EditObjectProperty data set template
+
+:RoleEditObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleEditObjectPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleEditObjectPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleEditObjectPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleEditObjectPropertyEntityValueContainerTemplate .  
+
+:RoleEditObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleEditObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:EditOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleEditObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleEditObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:ObjectPropertyAccesObject .
+
+#Role DisplayDataProperty data set template
+
+:RoleDisplayDataPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleDisplayDataPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleDisplayDataPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleDisplayDataPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleDisplayDataPropertyEntityValueContainerTemplate .  
+
+:RoleDisplayDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleDisplayDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DisplayOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleDisplayDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleDisplayDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:DataPropertyAccesObject .
+
+#Role PublishDataProperty data set template
+
+:RolePublishDataPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RolePublishDataPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RolePublishDataPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValueTemplate :RolePublishDataPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RolePublishDataPropertyEntityValueContainerTemplate .  
+
+:RolePublishDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RolePublishDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:PublishOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RolePublishDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RolePublishDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:DataPropertyAccesObject .
+
+#Role AddDataProperty data set template
+
+:RoleAddDataPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleAddDataPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleAddDataPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleAddDataPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleAddDataPropertyEntityValueContainerTemplate .  
+
+:RoleAddDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleAddDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:AddOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleAddDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleAddDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:DataPropertyAccesObject .
+
+#Role DropDataProperty data set template
+
+:RoleDropDataPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleDropDataPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleDropDataPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleDropDataPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleDropDataPropertyEntityValueContainerTemplate .  
+
+:RoleDropDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleDropDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DropOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleDropDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleDropDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:DataPropertyAccesObject .
+
+#Role EditDataProperty data set template
+
+:RoleEditDataPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleEditDataPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleEditDataPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleEditDataPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleEditDataPropertyEntityValueContainerTemplate .  
+
+:RoleEditDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleEditDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:EditOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleEditDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleEditDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:DataPropertyAccesObject .
+
+#Role DisplayFauxObjectProperty data set template
+
+:RoleDisplayFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleDisplayFauxObjectPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleDisplayFauxObjectPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleDisplayFauxObjectPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleDisplayFauxObjectPropertyEntityValueContainerTemplate .  
+
+:RoleDisplayFauxObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleDisplayFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:DisplayOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleDisplayFauxObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleDisplayFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:FauxObjectPropertyAccesObject .
+
+#Role PublishFauxObjectProperty data set template
+
+:RolePublishFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RolePublishFauxObjectPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RolePublishFauxObjectPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValueTemplate :RolePublishFauxObjectPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RolePublishFauxObjectPropertyEntityValueContainerTemplate .  
+
+:RolePublishFauxObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RolePublishFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:PublishOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RolePublishFauxObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RolePublishFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:FauxObjectPropertyAccesObject .
+
+#Role AddFauxObjectProperty data set template
+
+:RoleAddFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleAddFauxObjectPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleAddFauxObjectPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleAddFauxObjectPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleAddFauxObjectPropertyEntityValueContainerTemplate .  
+
+:RoleAddFauxObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleAddFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:AddOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleAddFauxObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleAddFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:FauxObjectPropertyAccesObject .
+
+#Role DropFauxObjectProperty data set template
+
+:RoleDropFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleDropFauxObjectPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleDropFauxObjectPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleDropFauxObjectPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleDropFauxObjectPropertyEntityValueContainerTemplate .  
+
+:RoleDropFauxObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleDropFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:DropOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleDropFauxObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleDropFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:FauxObjectPropertyAccesObject .
+
+#Role EditFauxObjectProperty data set template
+
+:RoleEditFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleEditFauxObjectPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleEditFauxObjectPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleEditFauxObjectPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleEditFauxObjectPropertyEntityValueContainerTemplate .  
+
+:RoleEditFauxObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleEditFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:EditOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleEditFauxObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleEditFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:FauxObjectPropertyAccesObject .
+
+#Role DisplayFauxDataProperty data set template
+
+:RoleDisplayFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleDisplayFauxDataPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleDisplayFauxDataPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleDisplayFauxDataPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleDisplayFauxDataPropertyEntityValueContainerTemplate .  
+
+:RoleDisplayFauxDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleDisplayFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:DisplayOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleDisplayFauxDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleDisplayFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:FauxDataPropertyAccesObject .
+
+#Role PublishFauxDataProperty data set template
+
+:RolePublishFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RolePublishFauxDataPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RolePublishFauxDataPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValueTemplate :RolePublishFauxDataPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RolePublishFauxDataPropertyEntityValueContainerTemplate .  
+
+:RolePublishFauxDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RolePublishFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:PublishOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RolePublishFauxDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RolePublishFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:FauxDataPropertyAccesObject .
+
+#Role AddFauxDataProperty data set template
+
+:RoleAddFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleAddFauxDataPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleAddFauxDataPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:AddOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleAddFauxDataPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleAddFauxDataPropertyEntityValueContainerTemplate .  
+
+:RoleAddFauxDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleAddFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:AddOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleAddFauxDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleAddFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:FauxDataPropertyAccesObject .
+
+#Role DropFauxDataProperty data set template
+
+:RoleDropFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleDropFauxDataPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleDropFauxDataPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DropOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleDropFauxDataPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleDropFauxDataPropertyEntityValueContainerTemplate .  
+
+:RoleDropFauxDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleDropFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:DropOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleDropFauxDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleDropFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:FauxDataPropertyAccesObject .
+
+#Role EditFauxDataProperty data set template
+
+:RoleEditFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleEditFauxDataPropertyDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleEditFauxDataPropertyDataSetKeyTemplate ;
+    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:EditOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleEditFauxDataPropertyValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleEditFauxDataPropertyEntityValueContainerTemplate .  
+
+:RoleEditFauxDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleEditFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:EditOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleEditFauxDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleEditFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedPropertyUriValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:FauxDataPropertyAccesObject .
+
+
+
 ### Drop faux data property data sets
 
 :PublicDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
@@ -1229,6 +1822,7 @@
     ao:attributeValue ai:EditorDisplayFauxObjectPropertyValueContainer ;
     ao:attributeValue ai:CuratorDisplayFauxObjectPropertyValueContainer ;
     ao:attributeValue ai:AdminDisplayFauxObjectPropertyValueContainer ;
+
     ao:attributeValue ai:PublicDisplayFauxDataPropertyValueContainer ;   
     ao:attributeValue ai:EditorDisplayFauxDataPropertyValueContainer ;
     ao:attributeValue ai:CuratorDisplayFauxDataPropertyValueContainer ;
@@ -1237,12 +1831,15 @@
     ao:attributeValue ai:EditorPublishObjectPropertyValueContainer ;
     ao:attributeValue ai:CuratorPublishObjectPropertyValueContainer ;
     ao:attributeValue ai:AdminPublishObjectPropertyValueContainer ;
+
     ao:attributeValue ai:EditorPublishDataPropertyValueContainer ;
     ao:attributeValue ai:CuratorPublishDataPropertyValueContainer ;
     ao:attributeValue ai:AdminPublishDataPropertyValueContainer ;
+
     ao:attributeValue ai:EditorPublishFauxObjectPropertyValueContainer ;
     ao:attributeValue ai:CuratorPublishFauxObjectPropertyValueContainer ;
     ao:attributeValue ai:AdminPublishFauxObjectPropertyValueContainer ;
+
     ao:attributeValue ai:EditorPublishFauxDataPropertyValueContainer ;
     ao:attributeValue ai:CuratorPublishFauxDataPropertyValueContainer ;
     ao:attributeValue ai:AdminPublishFauxDataPropertyValueContainer ;
@@ -1434,6 +2031,7 @@ ai:CuratorDisplayDataPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:DataPropertyAccesObject .
 ai:AdminDisplayDataPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:DataPropertyAccesObject .
+
 ai:PublicDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:FauxObjectPropertyAccesObject .
 ai:EditorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
@@ -1442,6 +2040,7 @@ ai:CuratorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:FauxObjectPropertyAccesObject .
 ai:AdminDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:FauxObjectPropertyAccesObject .
+
 ai:PublicDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:FauxDataPropertyAccesObject .
 ai:EditorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
@@ -1457,18 +2056,21 @@ ai:CuratorPublishObjectPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:ObjectPropertyAccesObject .
 ai:AdminPublishObjectPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:ObjectPropertyAccesObject .
+
 ai:EditorPublishDataPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:DataPropertyAccesObject .
 ai:CuratorPublishDataPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:DataPropertyAccesObject .
 ai:AdminPublishDataPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:DataPropertyAccesObject .
+
 ai:EditorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:FauxObjectPropertyAccesObject .
 ai:CuratorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:FauxObjectPropertyAccesObject .
 ai:AdminPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:FauxObjectPropertyAccesObject .
+
 ai:EditorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
     ao:containerType ai:FauxDataPropertyAccesObject .
 ai:CuratorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 8125388176..227d9edfcf 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -16,72 +16,83 @@
     ao:rules :RuleSet .
 
 :DataSets a ao:PolicyDataSets ;
-    ao:policyDataSetTemplate :DataSetTemplate ;
-    ao:policyDataSet :PublicSimplePermissionDataSet ;
-    ao:policyDataSet :SelfEditorSimplePermissionDataSet ;
-    ao:policyDataSet :EditorSimplePermissionDataSet ;
-    ao:policyDataSet :CuratorSimplePermissionDataSet ;
-    ao:policyDataSet :AdminSimplePermissionDataSet .
-
-:DataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetKeyTemplate :DataSetKeyTemplate ;
-    ao:testDataTemplate :RoleTestDataTemplate ;
-    ao:testDataTemplate :TypesTestDataTemplate .  
-
-:DataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:policyDataSetTemplate :RoleDataSetTemplate ;
+    ao:policyDataSet :PublicDataSet ;
+    ao:policyDataSet :SelfEditorDataSet ;
+    ao:policyDataSet :EditorDataSet ;
+    ao:policyDataSet :CuratorDataSet ;
+    ao:policyDataSet :AdminDataSet .
+
+#Role data set template
+
+:RoleDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleDataSetKeyTemplate ;
+    ao:dataSetValueTemplate :RoleValueContainerTemplate ;
+    ao:dataSetValueTemplate :RolePermissionValueContainerTemplate .  
+
+:RoleDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleDataSetKeyTemplate a ao:DataSetKeyTemplate ;
     ao:keyComponent ai:NamedObject ;
     ao:keyComponentTemplate ai:SubjectRole .
 
-:RoleTestDataTemplate a ao:TestDataTemplate ;
-    ao:usedInAttributeValueSet :RoleValueSet;
-    ao:dataValueTemplate ai:SubjectRole .
+:RoleValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
 
-:TypesTestDataTemplate a ao:TestDataTemplate ;
-    ao:usedInAttributeValueSet :TypeValueSet;
-    ao:dataValueTemplate ai:NamedObject .
+:RolePermissionValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :TypeValueSet;
+    ao:defaultValue simplePermission:PageViewablePublic;
+    ao:defaultValue simplePermission:QueryFullModel ;
+    ao:containerTypeTemplate ai:NamedObject .
 
-:PublicSimplePermissionDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicSimplePermissionDataSetKey ;
+
+#Data sets
+
+:PublicDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
     ao:dataSetValues ai:PublicSimplePermissionValueContainer .
 
-:PublicSimplePermissionDataSetKey a ao:DataSetKey ;
+:PublicDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:NamedObject ;
     ao:keyComponent auth:PUBLIC .
 
-:SelfEditorSimplePermissionDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorSimplePermissionDataSetKey ;
+:SelfEditorDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
     ao:dataSetValues ai:SelfEditorSimplePermissionValueContainer .
 
-:SelfEditorSimplePermissionDataSetKey a ao:DataSetKey ;
+:SelfEditorDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:NamedObject ;
     ao:keyComponent auth:SELF_EDITOR .
 
-:EditorSimplePermissionDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorSimplePermissionDataSetKey ;
+:EditorDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
     ao:dataSetValues ai:EditorSimplePermissionValueContainer .
 
-:EditorSimplePermissionDataSetKey a ao:DataSetKey ;
+:EditorDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:NamedObject ;
     ao:keyComponent auth:EDITOR .
 
-:CuratorSimplePermissionDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorSimplePermissionDataSetKey ;
+:CuratorDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
     ao:dataSetValues ai:CuratorSimplePermissionValueContainer .
 
-:CuratorSimplePermissionDataSetKey a ao:DataSetKey ;
+:CuratorDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:NamedObject ;
     ao:keyComponent auth:CURATOR .
 
-:AdminSimplePermissionDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminSimplePermissionDataSetKey  ;
+:AdminDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDataSetKey  ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
     ao:dataSetValues ai:AdminSimplePermissionValueContainer .
 
-:AdminSimplePermissionDataSetKey  a ao:DataSetKey ;
+:AdminDataSetKey  a ao:DataSetKey ;
     ao:keyComponent ai:NamedObject ;
     ao:keyComponent auth:ADMIN .
 
@@ -90,9 +101,15 @@
 
 :AllowSimplePermission a ao:Rule;
     ao:check :IsSimplePermission ;
+    ao:check :IsExecuteOperation ;
     ao:check :PermissionNameAllowed ;
     ao:check :SubjectRoleEqualsDataSetRole .
 
+:IsExecuteOperation a ao:Check ;
+    ao:operator ai:Equals ;
+    ao:attribute ai:Operation ;
+    ao:value ai:ExecuteOperation .
+
 :PermissionNameAllowed a ao:Check ;
     ao:operator ai:OneOf ;
     ao:attribute ai:AccessObjectUri ;

From 5fe62f66e6bfe2deaf45295cd8e6b2b18f71f7dc Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 24 Oct 2023 10:19:30 +0200
Subject: [PATCH 065/148] test for custom roles

---
 .../auth/policy/PolicyTemplateController.java |   5 +
 ...ccessAllowedClassesPolicyTemplateTest.java |  61 +++--
 ...ssAllowedPropertiesPolicyTemplateTest.java | 247 ++++++++++--------
 ...edAllowedPropertiesPolicyTemplateTest.java |  34 ++-
 ...edAllowedPropertiesPolicyTemplateTest.java |  46 ++--
 .../template_access_allowed_class.n3          | 205 ++++++++++-----
 6 files changed, 359 insertions(+), 239 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
index 4b9973c55a..b587b01140 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -49,6 +49,11 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
                 dataSetModel.createProperty(PREFIX_AO + "policyDataSet"),
                 dataSetModel.createResource(dataSetUri)));
         
+        dataSetModel.add(new StatementImpl(
+                dataSetModel.createResource(dataSetUri),
+                dataSetModel.createProperty("http://www.w3.org/1999/02/22-rdf-syntax-ns#type"),
+                dataSetModel.createResource(PREFIX_AO + "PolicyDataSet")));
+        
         dataSetModel.add(new StatementImpl(
                 dataSetModel.createResource(dataSetUri),
                 dataSetModel.createProperty(PREFIX_AO + "dataSetKey"),
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
index c3a7fc93fc..1565997809 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
@@ -6,9 +6,11 @@
 import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.UPDATE;
 import static org.junit.Assert.assertFalse;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.List;
 import java.util.Set;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
@@ -19,36 +21,39 @@
 
 @RunWith(Parameterized.class)
 public class AccessAllowedClassesPolicyTemplateTest extends PolicyTest {
-    private static final String TEMPLATE_CLASS_PREFIX =
-            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-class/";
 
     public static final String POLICY_TEMPLATE_MATCH_CLASS_PATH =
             USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_allowed_class.n3";
 
     @org.junit.runners.Parameterized.Parameter(0)
-    public String dataSetUri;
-
-    @org.junit.runners.Parameterized.Parameter(1)
     public AccessOperation ao;
 
-    @org.junit.runners.Parameterized.Parameter(2)
+    @org.junit.runners.Parameterized.Parameter(1)
     public AccessObjectType type;
 
-    @org.junit.runners.Parameterized.Parameter(3)
+    @org.junit.runners.Parameterized.Parameter(2)
     public String roleUri;
 
-    @org.junit.runners.Parameterized.Parameter(4)
+    @org.junit.runners.Parameterized.Parameter(3)
     public int rulesCount;
 
-    @org.junit.runners.Parameterized.Parameter(5)
+    @org.junit.runners.Parameterized.Parameter(4)
     public Set<Integer> attrCount;
 
     @Test
     public void testPolicy() {
         load(POLICY_TEMPLATE_MATCH_CLASS_PATH);
-        EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
+        List<String> roles = new ArrayList<>();
+        roles.addAll(ROLE_LIST);
+        if (roleUri.equals(CUSTOM)) {
+            PolicyTemplateController.createRoleDataSets(CUSTOM);
+            roles.add(CUSTOM);
+        }
+        EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), roles);
         DynamicPolicy policy = null;
-        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_CLASS_PREFIX + dataSetUri);
+        String dataSet = loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
+
+        policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
         Set<String> values = loader.getDataSetValues(ao, type, roleUri);
         assertFalse(values.isEmpty());
@@ -57,20 +62,26 @@ public void testPolicy() {
     @Parameterized.Parameters
     public static Collection<Object[]> requests() {
         return Arrays.asList(new Object[][] {
-                { "EditorDisplayClassUriDataSet", DISPLAY, CLASS, EDITOR, 1, Collections.singleton(4) },
-                { "PublicDisplayClassUriDataSet", DISPLAY, CLASS, PUBLIC, 1, Collections.singleton(4) },
-                { "EditorUpdateClassUriDataSet", UPDATE, CLASS, EDITOR, 1, Collections.singleton(4) },
-                { "SelfEditorDisplayClassUriDataSet", DISPLAY, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
-                { "CuratorDisplayClassUriDataSet", DISPLAY, CLASS, CURATOR, 1, Collections.singleton(4) },
-                { "AdminDisplayClassUriDataSet", DISPLAY, CLASS, ADMIN, 1, Collections.singleton(4) },
-                { "EditorPublishClassUriDataSet", PUBLISH, CLASS, EDITOR, 1, Collections.singleton(4) },
-                { "SelfEditorPublishClassUriDataSet", PUBLISH, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
-                { "CuratorPublishClassUriDataSet", PUBLISH, CLASS, CURATOR, 1, Collections.singleton(4) },
-                { "AdminPublishClassUriDataSet", PUBLISH, CLASS, ADMIN, 1, Collections.singleton(4) },
-                { "SelfEditorUpdateClassUriDataSet", UPDATE, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
-                { "PublicUpdateClassUriDataSet", UPDATE, CLASS, PUBLIC, 1, Collections.singleton(4) },
-                { "CuratorUpdateClassUriDataSet", UPDATE, CLASS, CURATOR, 1, Collections.singleton(4) },
-                { "AdminUpdateClassUriDataSet", UPDATE, CLASS, ADMIN, 1, Collections.singleton(4) }, });
+                { DISPLAY, CLASS, PUBLIC, 1, Collections.singleton(4) },
+                { DISPLAY, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
+                { DISPLAY, CLASS, EDITOR, 1, Collections.singleton(4) },
+                { DISPLAY, CLASS, CURATOR, 1, Collections.singleton(4) },
+                { DISPLAY, CLASS, ADMIN, 1, Collections.singleton(4) },
+                { DISPLAY, CLASS, CUSTOM, 1, Collections.singleton(4) },
+
+                { PUBLISH, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
+                { PUBLISH, CLASS, EDITOR, 1, Collections.singleton(4) },
+                { PUBLISH, CLASS, CURATOR, 1, Collections.singleton(4) },
+                { PUBLISH, CLASS, ADMIN, 1, Collections.singleton(4) },
+                { PUBLISH, CLASS, CUSTOM, 1, Collections.singleton(4) },
+
+                { UPDATE, CLASS, PUBLIC, 1, Collections.singleton(4) },
+                { UPDATE, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
+                { UPDATE, CLASS, EDITOR, 1, Collections.singleton(4) },
+                { UPDATE, CLASS, CURATOR, 1, Collections.singleton(4) },
+                { UPDATE, CLASS, ADMIN, 1, Collections.singleton(4) },
+                { UPDATE, CLASS, CUSTOM, 1, Collections.singleton(4) },});
+        
     }
 
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
index 7df926f45e..8063e0f26a 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
@@ -4,57 +4,60 @@
 import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_DATA_PROPERTY;
 import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.FAUX_OBJECT_PROPERTY;
 import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.OBJECT_PROPERTY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.ADD;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DISPLAY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DROP;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.EDIT;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.PUBLISH;
 import static org.junit.Assert.assertFalse;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.List;
 import java.util.Set;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
-
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DISPLAY;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.EDIT;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.ADD;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DROP;
-import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.PUBLISH;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 
 @RunWith(Parameterized.class)
 public class AccessAllowedPropertiesPolicyTemplateTest extends PolicyTest {
-    private static final String TEMPLATE_PROPERTY_PREFIX =
-            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-property/";
     
     public static final String POLICY_TEMPLATE_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
             + "template_access_allowed_property.n3";
 
     @org.junit.runners.Parameterized.Parameter(0)
-    public String dataSetUri;
-
-    @org.junit.runners.Parameterized.Parameter(1)
     public AccessOperation ao;
 
-    @org.junit.runners.Parameterized.Parameter(2)
+    @org.junit.runners.Parameterized.Parameter(1)
     public AccessObjectType type;
 
-    @org.junit.runners.Parameterized.Parameter(3)
+    @org.junit.runners.Parameterized.Parameter(2)
     public String roleUri;
 
-    @org.junit.runners.Parameterized.Parameter(4)
+    @org.junit.runners.Parameterized.Parameter(3)
     public int rulesCount;
 
-    @org.junit.runners.Parameterized.Parameter(5)
+    @org.junit.runners.Parameterized.Parameter(4)
     public Set<Integer> attrCount;
 
     @Test
     public void testPolicy() {
         load(POLICY_TEMPLATE_PATH);
-        EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
+        List<String> roles = new ArrayList<>();
+        roles.addAll(ROLE_LIST);
+        if (roleUri.equals(CUSTOM)) {
+            PolicyTemplateController.createRoleDataSets(CUSTOM);
+            roles.add(CUSTOM);
+        }
+        EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), roles);
         DynamicPolicy policy = null;
-        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_PROPERTY_PREFIX + dataSetUri);
+        String dataSet = loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
+        policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
         Set<String> values = loader.getDataSetValues(ao, type, roleUri);
         assertFalse(values.isEmpty());
@@ -64,101 +67,121 @@ public void testPolicy() {
     public static Collection<Object[]> requests() {
         return Arrays.asList(new Object[][] {
 
-                { "AdminDisplayObjectPropertyDataSet", DISPLAY, OBJECT_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorDisplayObjectPropertyDataSet", DISPLAY, OBJECT_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorDisplayObjectPropertyDataSet", DISPLAY, OBJECT_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicDisplayObjectPropertyDataSet", DISPLAY, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminDisplayDataPropertyDataSet", DISPLAY, DATA_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorDisplayDataPropertyDataSet", DISPLAY, DATA_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorDisplayDataPropertyDataSet", DISPLAY, DATA_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicDisplayDataPropertyDataSet", DISPLAY, DATA_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminDisplayFauxObjectPropertyDataSet", DISPLAY, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorDisplayFauxObjectPropertyDataSet", DISPLAY, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorDisplayFauxObjectPropertyDataSet", DISPLAY, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicDisplayFauxObjectPropertyDataSet", DISPLAY, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminDisplayFauxDataPropertyDataSet", DISPLAY, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorDisplayFauxDataPropertyDataSet", DISPLAY, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorDisplayFauxDataPropertyDataSet", DISPLAY, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicDisplayFauxDataPropertyDataSet", DISPLAY, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminPublishObjectPropertyDataSet", PUBLISH, OBJECT_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorPublishObjectPropertyDataSet", PUBLISH, OBJECT_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorPublishObjectPropertyDataSet", PUBLISH, OBJECT_PROPERTY, EDITOR, 2, num(4) },
-
-                { "AdminPublishDataPropertyDataSet", PUBLISH, DATA_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorPublishDataPropertyDataSet", PUBLISH, DATA_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorPublishDataPropertyDataSet", PUBLISH, DATA_PROPERTY, EDITOR, 2, num(4) },
-
-                { "AdminPublishFauxObjectPropertyDataSet", PUBLISH, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorPublishFauxObjectPropertyDataSet", PUBLISH, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorPublishFauxObjectPropertyDataSet", PUBLISH, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
-
-                { "AdminPublishFauxDataPropertyDataSet", PUBLISH, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorPublishFauxDataPropertyDataSet", PUBLISH, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorPublishFauxDataPropertyDataSet", PUBLISH, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
-
-                { "AdminEditObjectPropertyDataSet", EDIT, OBJECT_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorEditObjectPropertyDataSet", EDIT, OBJECT_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorEditObjectPropertyDataSet", EDIT, OBJECT_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicEditObjectPropertyDataSet", EDIT, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminAddObjectPropertyDataSet", ADD, OBJECT_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorAddObjectPropertyDataSet", ADD, OBJECT_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorAddObjectPropertyDataSet", ADD, OBJECT_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicAddObjectPropertyDataSet", ADD, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminDropObjectPropertyDataSet", DROP, OBJECT_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorDropObjectPropertyDataSet", DROP, OBJECT_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorDropObjectPropertyDataSet", DROP, OBJECT_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicDropObjectPropertyDataSet", DROP, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminEditDataPropertyDataSet", EDIT, DATA_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorEditDataPropertyDataSet", EDIT, DATA_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorEditDataPropertyDataSet", EDIT, DATA_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicEditDataPropertyDataSet", EDIT, DATA_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminAddDataPropertyDataSet", ADD, DATA_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorAddDataPropertyDataSet", ADD, DATA_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorAddDataPropertyDataSet", ADD, DATA_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicAddDataPropertyDataSet", ADD, DATA_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminDropDataPropertyDataSet", DROP, DATA_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorDropDataPropertyDataSet", DROP, DATA_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorDropDataPropertyDataSet", DROP, DATA_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicDropDataPropertyDataSet", DROP, DATA_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminEditFauxObjectPropertyDataSet", EDIT, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorEditFauxObjectPropertyDataSet", EDIT, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorEditFauxObjectPropertyDataSet", EDIT, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicEditFauxObjectPropertyDataSet", EDIT, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminAddFauxObjectPropertyDataSet", ADD, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorAddFauxObjectPropertyDataSet", ADD, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorAddFauxObjectPropertyDataSet", ADD, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicAddFauxObjectPropertyDataSet", ADD, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminDropFauxObjectPropertyDataSet", DROP, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorDropFauxObjectPropertyDataSet", DROP, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorDropFauxObjectPropertyDataSet", DROP, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicDropFauxObjectPropertyDataSet", DROP, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminEditFauxDataPropertyDataSet", EDIT, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorEditFauxDataPropertyDataSet", EDIT, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorEditFauxDataPropertyDataSet", EDIT, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicEditFauxDataPropertyDataSet", EDIT, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminAddFauxDataPropertyDataSet", ADD, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorAddFauxDataPropertyDataSet", ADD, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorAddFauxDataPropertyDataSet", ADD, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicAddFauxDataPropertyDataSet", ADD, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) },
-
-                { "AdminDropFauxDataPropertyDataSet", DROP, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
-                { "CuratorDropFauxDataPropertyDataSet", DROP, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
-                { "EditorDropFauxDataPropertyDataSet", DROP, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
-                { "PublicDropFauxDataPropertyDataSet", DROP, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) }, });
+                { DISPLAY, OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { DISPLAY, OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { DISPLAY, OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { DISPLAY, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+                { DISPLAY, OBJECT_PROPERTY, CUSTOM, 2, num(4) },
+
+                { DISPLAY, DATA_PROPERTY, ADMIN, 2, num(4) },
+                { DISPLAY, DATA_PROPERTY, CURATOR, 2, num(4) },
+                { DISPLAY, DATA_PROPERTY, EDITOR, 2, num(4) },
+                { DISPLAY, DATA_PROPERTY, PUBLIC, 2, num(4) },
+                { DISPLAY, DATA_PROPERTY, CUSTOM, 2, num(4) },
+
+                { DISPLAY, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { DISPLAY, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { DISPLAY, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { DISPLAY, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+                { DISPLAY, FAUX_OBJECT_PROPERTY, CUSTOM, 2, num(4) },
+
+                { DISPLAY, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
+                { DISPLAY, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
+                { DISPLAY, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
+                { DISPLAY, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) },
+                { DISPLAY, FAUX_DATA_PROPERTY, CUSTOM, 2, num(4) },
+                
+                { PUBLISH, OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { PUBLISH, OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { PUBLISH, OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { PUBLISH, OBJECT_PROPERTY, CUSTOM, 2, num(4) },
+
+                { PUBLISH, DATA_PROPERTY, ADMIN, 2, num(4) },
+                { PUBLISH, DATA_PROPERTY, CURATOR, 2, num(4) },
+                { PUBLISH, DATA_PROPERTY, EDITOR, 2, num(4) },
+                { PUBLISH, DATA_PROPERTY, CUSTOM, 2, num(4) },
+
+                { PUBLISH, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { PUBLISH, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { PUBLISH, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { PUBLISH, FAUX_OBJECT_PROPERTY, CUSTOM, 2, num(4) },
+
+                { PUBLISH, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
+                { PUBLISH, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
+                { PUBLISH, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
+                { PUBLISH, FAUX_DATA_PROPERTY, CUSTOM, 2, num(4) },
+                
+                { EDIT, OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { EDIT, OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { EDIT, OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { EDIT, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+                { EDIT, OBJECT_PROPERTY, CUSTOM, 2, num(4) },
+
+                { ADD, OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { ADD, OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { ADD, OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { ADD, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+                { ADD, OBJECT_PROPERTY, CUSTOM, 2, num(4) },
+                
+                { DROP, OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { DROP, OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { DROP, OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { DROP, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+                { DROP, OBJECT_PROPERTY, CUSTOM, 2, num(4) },
+
+                { EDIT, DATA_PROPERTY, ADMIN, 2, num(4) },
+                { EDIT, DATA_PROPERTY, CURATOR, 2, num(4) },
+                { EDIT, DATA_PROPERTY, EDITOR, 2, num(4) },
+                { EDIT, DATA_PROPERTY, PUBLIC, 2, num(4) },
+                { EDIT, DATA_PROPERTY, CUSTOM, 2, num(4) },
+
+                { ADD, DATA_PROPERTY, ADMIN, 2, num(4) },
+                { ADD, DATA_PROPERTY, CURATOR, 2, num(4) },
+                { ADD, DATA_PROPERTY, EDITOR, 2, num(4) },
+                { ADD, DATA_PROPERTY, PUBLIC, 2, num(4) },
+                { ADD, DATA_PROPERTY, CUSTOM, 2, num(4) },
+
+                { DROP, DATA_PROPERTY, ADMIN, 2, num(4) },
+                { DROP, DATA_PROPERTY, CURATOR, 2, num(4) },
+                { DROP, DATA_PROPERTY, EDITOR, 2, num(4) },
+                { DROP, DATA_PROPERTY, PUBLIC, 2, num(4) },
+                { DROP, DATA_PROPERTY, CUSTOM, 2, num(4) },
+
+                { EDIT, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { EDIT, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { EDIT, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { EDIT, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+                { EDIT, FAUX_OBJECT_PROPERTY, CUSTOM, 2, num(4) },
+                
+                { ADD, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { ADD, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { ADD, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { ADD, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+                { ADD, FAUX_OBJECT_PROPERTY, CUSTOM, 2, num(4) },
+                
+                { DROP, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
+                { DROP, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
+                { DROP, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
+                { DROP, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
+                { DROP, FAUX_OBJECT_PROPERTY, CUSTOM, 2, num(4) },
+                
+                { EDIT, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
+                { EDIT, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
+                { EDIT, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
+                { EDIT, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) },
+                { EDIT, FAUX_DATA_PROPERTY, CUSTOM, 2, num(4) },
+                
+                { ADD, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
+                { ADD, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
+                { ADD, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
+                { ADD, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) },
+                { ADD, FAUX_DATA_PROPERTY, CUSTOM, 2, num(4) },
+
+                { DROP, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
+                { DROP, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
+                { DROP, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
+                { DROP, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) },
+                { DROP, FAUX_DATA_PROPERTY, CUSTOM, 2, num(4) },});
     }
 
     private static Set<Integer> num(int i) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
index c1ca39274a..af7e4e95cc 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -21,27 +21,23 @@
 
 @RunWith(Parameterized.class)
 public class AccessRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest {
-    private static final String TEMPLATE_PROPERTY_PREFIX =
-            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-property/";
 
     public static final String POLICY_TEMPLATE_PATH =
             USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_related_allowed_property.n3";
+   
     @org.junit.runners.Parameterized.Parameter(0)
-    public String dataSetUri;
-
-    @org.junit.runners.Parameterized.Parameter(1)
     public AccessOperation ao;
 
-    @org.junit.runners.Parameterized.Parameter(2)
+    @org.junit.runners.Parameterized.Parameter(1)
     public AccessObjectType type;
 
-    @org.junit.runners.Parameterized.Parameter(3)
+    @org.junit.runners.Parameterized.Parameter(2)
     public String roleUri;
 
-    @org.junit.runners.Parameterized.Parameter(4)
+    @org.junit.runners.Parameterized.Parameter(3)
     public int rulesCount;
 
-    @org.junit.runners.Parameterized.Parameter(5)
+    @org.junit.runners.Parameterized.Parameter(4)
     public Set<Integer> attrCount;
 
     @Test
@@ -49,7 +45,9 @@ public void testPolicy() {
         load(POLICY_TEMPLATE_PATH);
         EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
         DynamicPolicy policy = null;
-        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_PROPERTY_PREFIX + dataSetUri);
+        String dataSet = loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
+
+        policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
         Set<String> values = loader.getDataSetValues(ao, type, roleUri);
         assertFalse(values.isEmpty());
@@ -59,14 +57,14 @@ public void testPolicy() {
     public static Collection<Object[]> requests() {
         return Arrays.asList(new Object[][] {
 
-                { "SelfEditorDisplayObjectPropertyDataSet", DISPLAY, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4) },
-                { "SelfEditorDisplayDataPropertyDataSet", DISPLAY, DATA_PROPERTY, SELF_EDITOR, 2, num(4) },
-                { "SelfEditorDisplayFauxObjectPropertyDataSet", DISPLAY, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4) },
-                { "SelfEditorDisplayFauxDataPropertyDataSet", DISPLAY, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4) },
-                { "SelfEditorPublishObjectPropertyDataSet", PUBLISH, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4) },
-                { "SelfEditorPublishDataPropertyDataSet", PUBLISH, DATA_PROPERTY, SELF_EDITOR, 2, num(4) },
-                { "SelfEditorPublishFauxObjectPropertyDataSet", PUBLISH, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4) },
-                { "SelfEditorPublishFauxDataPropertyDataSet", PUBLISH, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4) }, });
+                { DISPLAY, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { DISPLAY, DATA_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { DISPLAY, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { DISPLAY, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { PUBLISH, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { PUBLISH, DATA_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { PUBLISH, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4) },
+                { PUBLISH, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4) }, });
     }
 
     private static Set<Integer> num(int i) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
index a1666ed486..a4d1c3af03 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -22,37 +22,35 @@
 
 @RunWith(Parameterized.class)
 public class UpdateRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest {
-    private static final String TEMPLATE_PROPERTY_PREFIX =
-            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/update-related-allowed-property/";
 
     public static final String POLICY_TEMPLATE_PATH =
             USER_ACCOUNTS_HOME_FIRSTTIME + "template_update_related_allowed_property.n3";
+
     @org.junit.runners.Parameterized.Parameter(0)
-    public String dataSetUri;
+    public AccessOperation ao;
 
     @org.junit.runners.Parameterized.Parameter(1)
-    public AccessOperation group;
-
-    @org.junit.runners.Parameterized.Parameter(2)
     public AccessObjectType type;
 
-    @org.junit.runners.Parameterized.Parameter(3)
+    @org.junit.runners.Parameterized.Parameter(2)
     public String roleUri;
 
-    @org.junit.runners.Parameterized.Parameter(4)
+    @org.junit.runners.Parameterized.Parameter(3)
     public int rulesCount;
 
-    @org.junit.runners.Parameterized.Parameter(5)
+    @org.junit.runners.Parameterized.Parameter(4)
     public Set<Integer> attrCount;
 
     @Test
     public void testPolicy() {
         load(POLICY_TEMPLATE_PATH);
-        EntityPolicyController.updateEntityDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
         DynamicPolicy policy = null;
-        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_PROPERTY_PREFIX + "SelfEditor" + dataSetUri + "DataSet");
+        String dataSet = loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
+
+        policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
-        Set<String> values = loader.getDataSetValues(group, type, roleUri);
+        Set<String> values = loader.getDataSetValues(ao, type, roleUri);
         assertFalse(values.isEmpty());
     }
 
@@ -60,20 +58,20 @@ public void testPolicy() {
     public static Collection<Object[]> requests() {
         return Arrays.asList(new Object[][] {
 
-                { "AddObjectProperty", ADD, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
-                { "AddDataProperty", ADD, DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
-                { "AddFauxObjectProperty", ADD, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
-                { "AddFauxDataProperty", ADD, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { ADD, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { ADD, DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { ADD, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { ADD, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
 
-                { "DropObjectProperty", DROP, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
-                { "DropDataProperty", DROP, DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
-                { "DropFauxObjectProperty", DROP, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
-                { "DropFauxDataProperty", DROP, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { DROP, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { DROP, DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { DROP, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { DROP, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
 
-                { "EditObjectProperty", EDIT, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
-                { "EditDataProperty", EDIT, DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
-                { "EditFauxObjectProperty", EDIT, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
-                { "EditFauxDataProperty", EDIT, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) }, });
+                { EDIT, OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { EDIT, DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { EDIT, FAUX_OBJECT_PROPERTY, SELF_EDITOR, 2, num(4, 5) },
+                { EDIT, FAUX_DATA_PROPERTY, SELF_EDITOR, 2, num(4, 5) }, });
 
     }
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index cca65d80e7..76f9315de5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -14,216 +14,301 @@
     ao:policyDataSets :DataSets .
 
 :DataSets a ao:PolicyDataSets ;
-    ao:policyDataSet :PublicDisplayClassUriDataSet ;
-    ao:policyDataSet :SelfEditorDisplayClassUriDataSet ;
-    ao:policyDataSet :EditorDisplayClassUriDataSet ;
-    ao:policyDataSet :CuratorDisplayClassUriDataSet ;
-    ao:policyDataSet :AdminDisplayClassUriDataSet ;
-
-    ao:policyDataSet :PublicUpdateClassUriDataSet ;
-    ao:policyDataSet :SelfEditorUpdateClassUriDataSet ;
-    ao:policyDataSet :EditorUpdateClassUriDataSet ;
-    ao:policyDataSet :CuratorUpdateClassUriDataSet ;
-    ao:policyDataSet :AdminUpdateClassUriDataSet ;
-
-    ao:policyDataSet :SelfEditorPublishClassUriDataSet ;
-    ao:policyDataSet :EditorPublishClassUriDataSet ;
-    ao:policyDataSet :CuratorPublishClassUriDataSet ;
-    ao:policyDataSet :AdminPublishClassUriDataSet ;
+    ao:policyDataSet :PublicDisplayClassDataSet ;
+    ao:policyDataSet :SelfEditorDisplayClassDataSet ;
+    ao:policyDataSet :EditorDisplayClassDataSet ;
+    ao:policyDataSet :CuratorDisplayClassDataSet ;
+    ao:policyDataSet :AdminDisplayClassDataSet ;
+
+    ao:policyDataSet :PublicUpdateClassDataSet ;
+    ao:policyDataSet :SelfEditorUpdateClassDataSet ;
+    ao:policyDataSet :EditorUpdateClassDataSet ;
+    ao:policyDataSet :CuratorUpdateClassDataSet ;
+    ao:policyDataSet :AdminUpdateClassDataSet ;
+
+    ao:policyDataSet :SelfEditorPublishClassDataSet ;
+    ao:policyDataSet :EditorPublishClassDataSet ;
+    ao:policyDataSet :CuratorPublishClassDataSet ;
+    ao:policyDataSet :AdminPublishClassDataSet ;
+
+    ao:policyDataSetTemplate :RoleDisplayClassDataSetTemplate ;
+    ao:policyDataSetTemplate :RoleUpdateClassDataSetTemplate ;
+    ao:policyDataSetTemplate :RolePublishClassDataSetTemplate ;
     .
 
+#Role Display Class data set template
+
+:RoleDisplayClassDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleDisplayClassDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleDisplayClassDataSetKeyTemplate ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:DisplayOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleDisplayClassRoleValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleDisplayClassValueContainerTemplate .  
+
+:RoleDisplayClassDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleDisplayClassDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent ai:DisplayOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleDisplayClassRoleValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleDisplayClassValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedClassValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:Class .
+
+#Role Update Class data set template
+
+:RoleUpdateClassDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RoleUpdateClassDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RoleUpdateClassDataSetKeyTemplate ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:UpdateOperationValueContainer ;
+    ao:dataSetValueTemplate :RoleUpdateClassRoleValueContainerTemplate ;
+    ao:dataSetValueTemplate :RoleUpdateClassValueContainerTemplate .  
+
+:RoleUpdateClassDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RoleUpdateClassDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent ai:UpdateOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RoleUpdateClassRoleValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RoleUpdateClassValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedClassValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:Class .
+
+#Role Publish Class data set template
+
+:RolePublishClassDataSetTemplate a ao:DataSetTemplate ;
+    ao:dataSetTemplateKey :RolePublishClassDataSetTemplateKey ;
+    ao:dataSetKeyTemplate :RolePublishClassDataSetKeyTemplate ;
+    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:PublishOperationValueContainer ;
+    ao:dataSetValueTemplate :RolePublishClassRoleValueContainerTemplate ;
+    ao:dataSetValueTemplate :RolePublishClassValueContainerTemplate .  
+
+:RolePublishClassDataSetTemplateKey a ao:DataSetTemplateKey ;
+    ao:templateKey ai:SubjectRole .
+
+:RolePublishClassDataSetKeyTemplate a ao:DataSetKeyTemplate ;
+    ao:keyComponent ai:Class ;
+    ao:keyComponent ai:PublishOperation ;
+    ao:keyComponentTemplate ai:SubjectRole .
+
+:RolePublishClassRoleValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :RoleValueSet;
+    ao:containerTypeTemplate ai:SubjectRole .
+
+:RolePublishClassValueContainerTemplate a ao:ValueContainerTemplate ;
+    ao:relatedValueSet :AllowedClassValueSet ;
+#    ao:defaultValue ai:defaultUri ;
+    ao:containerTypeTemplate ai:Class .
+
 ### Public display class uri data sets
 
-:PublicDisplayClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDisplayClassUriDataSetKey ;
+:PublicDisplayClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicDisplayClassDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:PublicDisplayClassValueContainer .
 
-:PublicDisplayClassUriDataSetKey a ao:DataSetKey ;
+:PublicDisplayClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:DisplayOperation .
 
 ### Self editor display class uri data sets
 
-:SelfEditorDisplayClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorDisplayClassUriDataSetKey ;
+:SelfEditorDisplayClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorDisplayClassDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDisplayClassValueContainer .
 
-:SelfEditorDisplayClassUriDataSetKey a ao:DataSetKey ;
+:SelfEditorDisplayClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:DisplayOperation .
 
 ### Editor display class uri data sets
 
-:EditorDisplayClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDisplayClassUriDataSetKey ;
+:EditorDisplayClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorDisplayClassDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:EditorDisplayClassValueContainer .
 
-:EditorDisplayClassUriDataSetKey a ao:DataSetKey ;
+:EditorDisplayClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:DisplayOperation .
 
 ### Curator display class uri data sets
 
-:CuratorDisplayClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDisplayClassUriDataSetKey ;
+:CuratorDisplayClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorDisplayClassDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:CuratorDisplayClassValueContainer .
 
-:CuratorDisplayClassUriDataSetKey a ao:DataSetKey ;
+:CuratorDisplayClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:DisplayOperation .
 
 ### Admin display class uri data sets
 
-:AdminDisplayClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDisplayClassUriDataSetKey ;
+:AdminDisplayClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminDisplayClassDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:AdminDisplayClassValueContainer .
 
-:AdminDisplayClassUriDataSetKey a ao:DataSetKey ;
+:AdminDisplayClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:DisplayOperation .
 
 ### Public update class uri data sets
 
-:PublicUpdateClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicUpdateClassUriDataSetKey ;
+:PublicUpdateClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :PublicUpdateClassDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:PublicUpdateClassValueContainer .
 
-:PublicUpdateClassUriDataSetKey a ao:DataSetKey ;
+:PublicUpdateClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:UpdateOperation .
 
 ### Self editor update class uri data sets
 
-:SelfEditorUpdateClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorUpdateClassUriDataSetKey ;
+:SelfEditorUpdateClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorUpdateClassDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorUpdateClassValueContainer .
 
-:SelfEditorUpdateClassUriDataSetKey a ao:DataSetKey ;
+:SelfEditorUpdateClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:UpdateOperation .
 
 ### Editor update class uri data sets
 
-:EditorUpdateClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorUpdateClassUriDataSetKey ;
+:EditorUpdateClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorUpdateClassDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:EditorUpdateClassValueContainer .
 
-:EditorUpdateClassUriDataSetKey a ao:DataSetKey ;
+:EditorUpdateClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:UpdateOperation .
 
 ### Curator update class uri data sets
 
-:CuratorUpdateClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorUpdateClassUriDataSetKey ;
+:CuratorUpdateClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorUpdateClassDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:CuratorUpdateClassValueContainer .
 
-:CuratorUpdateClassUriDataSetKey a ao:DataSetKey ;
+:CuratorUpdateClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:UpdateOperation .
 
 ### Admin update class uri data sets
 
-:AdminUpdateClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminUpdateClassUriDataSetKey ;
+:AdminUpdateClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminUpdateClassDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:AdminUpdateClassValueContainer .
 
-:AdminUpdateClassUriDataSetKey a ao:DataSetKey ;
+:AdminUpdateClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:UpdateOperation .
 
 ### Self editor publish class uri data sets
 
-:SelfEditorPublishClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorPublishClassUriDataSetKey ;
+:SelfEditorPublishClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :SelfEditorPublishClassDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorPublishClassValueContainer .
 
-:SelfEditorPublishClassUriDataSetKey a ao:DataSetKey ;
+:SelfEditorPublishClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:PublishOperation .
 
 ### Editor publish class uri data sets
 
-:EditorPublishClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorPublishClassUriDataSetKey ;
+:EditorPublishClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :EditorPublishClassDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:EditorPublishClassValueContainer .
 
-:EditorPublishClassUriDataSetKey a ao:DataSetKey ;
+:EditorPublishClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:PublishOperation .
 
 ### Curator publish class uri data sets
 
-:CuratorPublishClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorPublishClassUriDataSetKey ;
+:CuratorPublishClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :CuratorPublishClassDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:CuratorPublishClassValueContainer .
 
-:CuratorPublishClassUriDataSetKey a ao:DataSetKey ;
+:CuratorPublishClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:PublishOperation .
 
 ### Admin publish class uri data sets
 
-:AdminPublishClassUriDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminPublishClassUriDataSetKey ;
+:AdminPublishClassDataSet a ao:PolicyDataSet ;
+    ao:dataSetKey :AdminPublishClassDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
     ao:dataSetValues ai:ClassAccesObjectValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:AdminPublishClassValueContainer .
 
-:AdminPublishClassUriDataSetKey a ao:DataSetKey ;
+:AdminPublishClassDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:Class ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:PublishOperation .
@@ -274,9 +359,9 @@
 :AccessObjectUriCheck a ao:Check ;
     ao:operator ai:OneOf ;
     ao:attribute ai:AccessObjectUri ;
-    ao:templateValue :AllowedClassUriValueSet .
+    ao:templateValue :AllowedClassValueSet .
 
-:AllowedClassUriValueSet a ao:AttributeValueSet ;
+:AllowedClassValueSet a ao:AttributeValueSet ;
     ao:attributeValue ai:AdminPublishClassValueContainer ;
     ao:attributeValue ai:AdminDisplayClassValueContainer ;
     ao:attributeValue ai:AdminUpdateClassValueContainer ;

From 63196ec9959863ccdd22dd179117741b2f9380cb Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 24 Oct 2023 10:38:06 +0200
Subject: [PATCH 066/148] refact: renamed resources

---
 .../accessControl/firsttime/object_types.n3   |  50 +-
 .../firsttime/policy_editable_pages.n3        |   2 +-
 .../firsttime/policy_menu_items_editing.n3    |   2 +-
 .../policy_not_modifiable_statements.n3       |   4 +-
 .../template_access_allowed_class.n3          |  36 +-
 .../template_access_allowed_property.n3       | 784 +++++++++---------
 ...emplate_access_related_allowed_property.n3 |  80 +-
 ...emplate_update_related_allowed_property.n3 | 112 +--
 8 files changed, 535 insertions(+), 535 deletions(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
index e74129a5b3..0315be2027 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
@@ -8,28 +8,28 @@
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:ObjectPropertyAccesObject a ao:ObjectType ;
+ai:ObjectProperty a ao:ObjectType ;
     ao:id "OBJECT_PROPERTY" .
 
-ai:DataPropertyAccesObject a ao:ObjectType ;
+ai:DataProperty a ao:ObjectType ;
     ao:id "DATA_PROPERTY" .
 
-ai:FauxDataPropertyAccesObject a ao:ObjectType ;
+ai:FauxDataProperty a ao:ObjectType ;
     ao:id "FAUX_DATA_PROPERTY" .
 
-ai:FauxObjectPropertyAccesObject a ao:ObjectType ;
+ai:FauxObjectProperty a ao:ObjectType ;
     ao:id "FAUX_OBJECT_PROPERTY" .
 
-ai:ObjectPropertyStatementAccesObject a ao:ObjectType ;
+ai:ObjectPropertyStatement a ao:ObjectType ;
     ao:id "OBJECT_PROPERTY_STATEMENT" .
 
-ai:DataPropertyStatementAccesObject a ao:ObjectType ;
+ai:DataPropertyStatement a ao:ObjectType ;
     ao:id "DATA_PROPERTY_STATEMENT" .
 
-ai:FauxObjectPropertyStatementAccesObject a ao:ObjectType ;
+ai:FauxObjectPropertyStatement a ao:ObjectType ;
     ao:id "FAUX_OBJECT_PROPERTY_STATEMENT" .
 
-ai:FauxDataPropertyStatementAccesObject a ao:ObjectType ;
+ai:FauxDataPropertyStatement a ao:ObjectType ;
     ao:id "FAUX_DATA_PROPERTY_STATEMENT" .
 
 ai:Class a ao:ObjectType ;
@@ -40,29 +40,29 @@ ai:NamedObject a ao:ObjectType ;
 
 #Object type value containers
 
-ai:ObjectPropertyAccesObjectValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:ObjectPropertyAccesObject .
+ai:ObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:ObjectProperty .
 
-ai:DataPropertyAccesObjectValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:DataPropertyAccesObject .
+ai:DataPropertyValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:DataProperty .
 
-ai:FauxObjectPropertyAccesObjectValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:FauxObjectPropertyAccesObject .
+ai:FauxObjectPropertyValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:FauxObjectProperty .
 
-ai:FauxDataPropertyAccesObjectValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:FauxDataPropertyAccesObject .
+ai:FauxDataPropertyValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:FauxDataProperty .
 
-ai:ObjectPropertyStatementAccesObjectValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:ObjectPropertyStatementAccesObject .
+ai:ObjectPropertyStatementValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:ObjectPropertyStatement .
 
-ai:DataPropertyStatementAccesObjectValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:DataPropertyStatementAccesObject .
+ai:DataPropertyStatementValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:DataPropertyStatement .
 
-ai:FauxObjectPropertyStatementAccesObjectValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:FauxObjectPropertyStatementAccesObject .
+ai:FauxObjectPropertyStatementValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:FauxObjectPropertyStatement .
 
-ai:FauxDataPropertyStatementAccesObjectValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:FauxDataPropertyStatementAccesObject .
+ai:FauxDataPropertyStatementValueContainer a ao:ValueContainer ;
+    ao:dataValue ai:FauxDataPropertyStatement .
 
-ai:ClassAccesObjectValueContainer a ao:ValueContainer ;
+ai:ClassValueContainer a ao:ValueContainer ;
     ao:dataValue ai:Class .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index 2903585cb9..8cc0760929 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -65,7 +65,7 @@
 :IsObjectPropertyStatement a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
-    ao:value ai:ObjectPropertyStatementAccesObject .
+    ao:value ai:ObjectPropertyStatement .
 
 
 :SomeUri a ao:ValueContainer ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
index b1b9e81483..8e8d971f97 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
@@ -44,7 +44,7 @@
 :IsObjectPropertyStatement a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
-    ao:value ai:ObjectPropertyStatementAccesObject .
+    ao:value ai:ObjectPropertyStatement .
 
 :PredicateUriEqualsHomeMenuItem a ao:Check ;
     ao:operator ai:Equals ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
index f723cc3cf8..b4b4336aa7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
@@ -55,12 +55,12 @@
 :IsObjectPropertyStatement a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
-    ao:value ai:ObjectPropertyStatementAccesObject .
+    ao:value ai:ObjectPropertyStatement .
 
 :IsDataPropertyStatement a ao:Check ;
     ao:operator ai:Equals ;
     ao:attribute ai:AccessObjectType ;
-    ao:value ai:DataPropertyStatementAccesObject .
+    ao:value ai:DataPropertyStatement .
 
 ### Not modifiable property statement attributes
 :PredicateUriStartWithProhibitedNamespace a ao:Check ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 76f9315de5..8d537a3011 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -41,7 +41,7 @@
 :RoleDisplayClassDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleDisplayClassDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleDisplayClassDataSetKeyTemplate ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValueTemplate :RoleDisplayClassRoleValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleDisplayClassValueContainerTemplate .  
@@ -68,7 +68,7 @@
 :RoleUpdateClassDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleUpdateClassDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleUpdateClassDataSetKeyTemplate ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValueTemplate :RoleUpdateClassRoleValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleUpdateClassValueContainerTemplate .  
@@ -95,7 +95,7 @@
 :RolePublishClassDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RolePublishClassDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RolePublishClassDataSetKeyTemplate ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValueTemplate :RolePublishClassRoleValueContainerTemplate ;
     ao:dataSetValueTemplate :RolePublishClassValueContainerTemplate .  
@@ -122,7 +122,7 @@
 :PublicDisplayClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicDisplayClassDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:PublicDisplayClassValueContainer .
 
@@ -136,7 +136,7 @@
 :SelfEditorDisplayClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorDisplayClassDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDisplayClassValueContainer .
 
@@ -150,7 +150,7 @@
 :EditorDisplayClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorDisplayClassDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:EditorDisplayClassValueContainer .
 
@@ -164,7 +164,7 @@
 :CuratorDisplayClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorDisplayClassDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:CuratorDisplayClassValueContainer .
 
@@ -178,7 +178,7 @@
 :AdminDisplayClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminDisplayClassDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:AdminDisplayClassValueContainer .
 
@@ -192,7 +192,7 @@
 :PublicUpdateClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicUpdateClassDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:PublicUpdateClassValueContainer .
 
@@ -206,7 +206,7 @@
 :SelfEditorUpdateClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorUpdateClassDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorUpdateClassValueContainer .
 
@@ -220,7 +220,7 @@
 :EditorUpdateClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorUpdateClassDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:EditorUpdateClassValueContainer .
 
@@ -234,7 +234,7 @@
 :CuratorUpdateClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorUpdateClassDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:CuratorUpdateClassValueContainer .
 
@@ -248,7 +248,7 @@
 :AdminUpdateClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminUpdateClassDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:UpdateOperationValueContainer ;
     ao:dataSetValues ai:AdminUpdateClassValueContainer .
 
@@ -262,7 +262,7 @@
 :SelfEditorPublishClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorPublishClassDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorPublishClassValueContainer .
 
@@ -276,7 +276,7 @@
 :EditorPublishClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorPublishClassDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:EditorPublishClassValueContainer .
 
@@ -290,7 +290,7 @@
 :CuratorPublishClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorPublishClassDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:CuratorPublishClassValueContainer .
 
@@ -304,7 +304,7 @@
 :AdminPublishClassDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminPublishClassDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ClassAccesObjectValueContainer ;
+    ao:dataSetValues ai:ClassValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:AdminPublishClassValueContainer .
 
@@ -330,7 +330,7 @@
     ao:templateValue :AccessObjectTypeValueSet .
 
 :AccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ClassAccesObjectValueContainer ;
+    ao:attributeValue ai:ClassValueContainer ;
     .
 
 :OperationCheck a ao:Check ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 3a12bb93db..f84f7a6184 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -143,8 +143,8 @@
 :RoleDisplayObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleDisplayObjectPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleDisplayObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValueTemplate :RoleDisplayObjectPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleDisplayObjectPropertyEntityValueContainerTemplate .  
@@ -153,7 +153,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleDisplayObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent ai:DisplayOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -164,15 +164,15 @@
 :RoleDisplayObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:ObjectPropertyAccesObject .
+    ao:containerTypeTemplate ai:ObjectProperty .
 
 #Role PublishObjectProperty data set template
 
 :RolePublishObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RolePublishObjectPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RolePublishObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValueTemplate :RolePublishObjectPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RolePublishObjectPropertyEntityValueContainerTemplate .  
@@ -181,7 +181,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RolePublishObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent ai:PublishOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -192,15 +192,15 @@
 :RolePublishObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:ObjectPropertyAccesObject .
+    ao:containerTypeTemplate ai:ObjectProperty .
 
 #Role AddObjectProperty data set template
 
 :RoleAddObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleAddObjectPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleAddObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValueTemplate :RoleAddObjectPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleAddObjectPropertyEntityValueContainerTemplate .  
@@ -209,7 +209,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleAddObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent ai:AddOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -220,15 +220,15 @@
 :RoleAddObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:ObjectPropertyAccesObject .
+    ao:containerTypeTemplate ai:ObjectProperty .
 
 #Role DropObjectProperty data set template
 
 :RoleDropObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleDropObjectPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleDropObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValueTemplate :RoleDropObjectPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleDropObjectPropertyEntityValueContainerTemplate .  
@@ -237,7 +237,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleDropObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent ai:DropOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -248,15 +248,15 @@
 :RoleDropObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:ObjectPropertyAccesObject .
+    ao:containerTypeTemplate ai:ObjectProperty .
 
 #Role EditObjectProperty data set template
 
 :RoleEditObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleEditObjectPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleEditObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValueTemplate :RoleEditObjectPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleEditObjectPropertyEntityValueContainerTemplate .  
@@ -265,7 +265,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleEditObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent ai:EditOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -276,15 +276,15 @@
 :RoleEditObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:ObjectPropertyAccesObject .
+    ao:containerTypeTemplate ai:ObjectProperty .
 
 #Role DisplayDataProperty data set template
 
 :RoleDisplayDataPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleDisplayDataPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleDisplayDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValueTemplate :RoleDisplayDataPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleDisplayDataPropertyEntityValueContainerTemplate .  
@@ -293,7 +293,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleDisplayDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent ai:DisplayOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -304,15 +304,15 @@
 :RoleDisplayDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:DataPropertyAccesObject .
+    ao:containerTypeTemplate ai:DataProperty .
 
 #Role PublishDataProperty data set template
 
 :RolePublishDataPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RolePublishDataPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RolePublishDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValueTemplate :RolePublishDataPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RolePublishDataPropertyEntityValueContainerTemplate .  
@@ -321,7 +321,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RolePublishDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent ai:PublishOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -332,15 +332,15 @@
 :RolePublishDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:DataPropertyAccesObject .
+    ao:containerTypeTemplate ai:DataProperty .
 
 #Role AddDataProperty data set template
 
 :RoleAddDataPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleAddDataPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleAddDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValueTemplate :RoleAddDataPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleAddDataPropertyEntityValueContainerTemplate .  
@@ -349,7 +349,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleAddDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent ai:AddOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -360,15 +360,15 @@
 :RoleAddDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:DataPropertyAccesObject .
+    ao:containerTypeTemplate ai:DataProperty .
 
 #Role DropDataProperty data set template
 
 :RoleDropDataPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleDropDataPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleDropDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValueTemplate :RoleDropDataPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleDropDataPropertyEntityValueContainerTemplate .  
@@ -377,7 +377,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleDropDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent ai:DropOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -388,15 +388,15 @@
 :RoleDropDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:DataPropertyAccesObject .
+    ao:containerTypeTemplate ai:DataProperty .
 
 #Role EditDataProperty data set template
 
 :RoleEditDataPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleEditDataPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleEditDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValueTemplate :RoleEditDataPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleEditDataPropertyEntityValueContainerTemplate .  
@@ -405,7 +405,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleEditDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent ai:EditOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -416,15 +416,15 @@
 :RoleEditDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:DataPropertyAccesObject .
+    ao:containerTypeTemplate ai:DataProperty .
 
 #Role DisplayFauxObjectProperty data set template
 
 :RoleDisplayFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleDisplayFauxObjectPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleDisplayFauxObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValueTemplate :RoleDisplayFauxObjectPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleDisplayFauxObjectPropertyEntityValueContainerTemplate .  
@@ -433,7 +433,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleDisplayFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent ai:DisplayOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -444,15 +444,15 @@
 :RoleDisplayFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxObjectPropertyAccesObject .
+    ao:containerTypeTemplate ai:FauxObjectProperty .
 
 #Role PublishFauxObjectProperty data set template
 
 :RolePublishFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RolePublishFauxObjectPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RolePublishFauxObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValueTemplate :RolePublishFauxObjectPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RolePublishFauxObjectPropertyEntityValueContainerTemplate .  
@@ -461,7 +461,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RolePublishFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent ai:PublishOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -472,15 +472,15 @@
 :RolePublishFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxObjectPropertyAccesObject .
+    ao:containerTypeTemplate ai:FauxObjectProperty .
 
 #Role AddFauxObjectProperty data set template
 
 :RoleAddFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleAddFauxObjectPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleAddFauxObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValueTemplate :RoleAddFauxObjectPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleAddFauxObjectPropertyEntityValueContainerTemplate .  
@@ -489,7 +489,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleAddFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent ai:AddOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -500,15 +500,15 @@
 :RoleAddFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxObjectPropertyAccesObject .
+    ao:containerTypeTemplate ai:FauxObjectProperty .
 
 #Role DropFauxObjectProperty data set template
 
 :RoleDropFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleDropFauxObjectPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleDropFauxObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValueTemplate :RoleDropFauxObjectPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleDropFauxObjectPropertyEntityValueContainerTemplate .  
@@ -517,7 +517,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleDropFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent ai:DropOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -528,15 +528,15 @@
 :RoleDropFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxObjectPropertyAccesObject .
+    ao:containerTypeTemplate ai:FauxObjectProperty .
 
 #Role EditFauxObjectProperty data set template
 
 :RoleEditFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleEditFauxObjectPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleEditFauxObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValueTemplate :RoleEditFauxObjectPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleEditFauxObjectPropertyEntityValueContainerTemplate .  
@@ -545,7 +545,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleEditFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent ai:EditOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -556,15 +556,15 @@
 :RoleEditFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxObjectPropertyAccesObject .
+    ao:containerTypeTemplate ai:FauxObjectProperty .
 
 #Role DisplayFauxDataProperty data set template
 
 :RoleDisplayFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleDisplayFauxDataPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleDisplayFauxDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValueTemplate :RoleDisplayFauxDataPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleDisplayFauxDataPropertyEntityValueContainerTemplate .  
@@ -573,7 +573,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleDisplayFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent ai:DisplayOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -584,15 +584,15 @@
 :RoleDisplayFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxDataPropertyAccesObject .
+    ao:containerTypeTemplate ai:FauxDataProperty .
 
 #Role PublishFauxDataProperty data set template
 
 :RolePublishFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RolePublishFauxDataPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RolePublishFauxDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValueTemplate :RolePublishFauxDataPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RolePublishFauxDataPropertyEntityValueContainerTemplate .  
@@ -601,7 +601,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RolePublishFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent ai:PublishOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -612,15 +612,15 @@
 :RolePublishFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxDataPropertyAccesObject .
+    ao:containerTypeTemplate ai:FauxDataProperty .
 
 #Role AddFauxDataProperty data set template
 
 :RoleAddFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleAddFauxDataPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleAddFauxDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValueTemplate :RoleAddFauxDataPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleAddFauxDataPropertyEntityValueContainerTemplate .  
@@ -629,7 +629,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleAddFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent ai:AddOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -640,15 +640,15 @@
 :RoleAddFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxDataPropertyAccesObject .
+    ao:containerTypeTemplate ai:FauxDataProperty .
 
 #Role DropFauxDataProperty data set template
 
 :RoleDropFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleDropFauxDataPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleDropFauxDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValueTemplate :RoleDropFauxDataPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleDropFauxDataPropertyEntityValueContainerTemplate .  
@@ -657,7 +657,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleDropFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent ai:DropOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -668,15 +668,15 @@
 :RoleDropFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxDataPropertyAccesObject .
+    ao:containerTypeTemplate ai:FauxDataProperty .
 
 #Role EditFauxDataProperty data set template
 
 :RoleEditFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
     ao:dataSetTemplateKey :RoleEditFauxDataPropertyDataSetTemplateKey ;
     ao:dataSetKeyTemplate :RoleEditFauxDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValueTemplate :RoleEditFauxDataPropertyValueContainerTemplate ;
     ao:dataSetValueTemplate :RoleEditFauxDataPropertyEntityValueContainerTemplate .  
@@ -685,7 +685,7 @@
     ao:templateKey ai:SubjectRole .
 
 :RoleEditFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent ai:EditOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
@@ -696,7 +696,7 @@
 :RoleEditFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
     ao:relatedValueSet :AllowedPropertyUriValueSet ;
 #    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxDataPropertyAccesObject .
+    ao:containerTypeTemplate ai:FauxDataProperty .
 
 
 
@@ -705,52 +705,52 @@
 :PublicDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicDropFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:PublicDropFauxDataPropertyValueContainer .
 
 :PublicDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:DropOperation .
 
 :EditorDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorDropFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:EditorDropFauxDataPropertyValueContainer .
 
 :EditorDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:DropOperation .
 
 :CuratorDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorDropFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:CuratorDropFauxDataPropertyValueContainer .
 
 :CuratorDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:DropOperation .
 
 :AdminDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminDropFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:AdminDropFauxDataPropertyValueContainer .
 
 :AdminDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:DropOperation .
 
@@ -759,52 +759,52 @@
 :PublicAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicAddFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:PublicAddFauxDataPropertyValueContainer .
 
 :PublicAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:AddOperation .
 
 :EditorAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorAddFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:EditorAddFauxDataPropertyValueContainer .
 
 :EditorAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:AddOperation .
 
 :CuratorAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorAddFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:CuratorAddFauxDataPropertyValueContainer .
 
 :CuratorAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:AddOperation .
 
 :AdminAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminAddFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:AdminAddFauxDataPropertyValueContainer .
 
 :AdminAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:AddOperation .
 
@@ -813,52 +813,52 @@
 :PublicEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicEditFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:PublicEditFauxDataPropertyValueContainer .
 
 :PublicEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:EditOperation .
 
 :EditorEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorEditFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:EditorEditFauxDataPropertyValueContainer .
 
 :EditorEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:EditOperation .
 
 :CuratorEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorEditFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:CuratorEditFauxDataPropertyValueContainer .
 
 :CuratorEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:EditOperation .
 
 :AdminEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminEditFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:AdminEditFauxDataPropertyValueContainer .
 
 :AdminEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:EditOperation .
 
@@ -867,52 +867,52 @@
 :PublicDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicDropFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:PublicDropFauxObjectPropertyValueContainer .
 
 :PublicDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:DropOperation .
 
 :EditorDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorDropFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:EditorDropFauxObjectPropertyValueContainer .
 
 :EditorDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:DropOperation .
 
 :CuratorDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorDropFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:CuratorDropFauxObjectPropertyValueContainer .
 
 :CuratorDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:DropOperation .
 
 :AdminDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminDropFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:AdminDropFauxObjectPropertyValueContainer .
 
 :AdminDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:DropOperation .
 
@@ -921,52 +921,52 @@
 :PublicAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicAddFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:PublicAddFauxObjectPropertyValueContainer .
 
 :PublicAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:AddOperation .
 
 :EditorAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorAddFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:EditorAddFauxObjectPropertyValueContainer .
 
 :EditorAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:AddOperation .
 
 :CuratorAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorAddFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:CuratorAddFauxObjectPropertyValueContainer .
 
 :CuratorAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:AddOperation .
 
 :AdminAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminAddFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:AdminAddFauxObjectPropertyValueContainer .
 
 :AdminAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:AddOperation .
 
@@ -975,52 +975,52 @@
 :PublicEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicEditFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:PublicEditFauxObjectPropertyValueContainer .
 
 :PublicEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:EditOperation .
 
 :EditorEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorEditFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:EditorEditFauxObjectPropertyValueContainer .
 
 :EditorEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:EditOperation .
 
 :CuratorEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorEditFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:CuratorEditFauxObjectPropertyValueContainer .
 
 :CuratorEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:EditOperation .
 
 :AdminEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminEditFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:AdminEditFauxObjectPropertyValueContainer .
 
 :AdminEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:EditOperation .
 
@@ -1029,52 +1029,52 @@
 :PublicDropDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicDropDataPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:PublicDropDataPropertyValueContainer .
 
 :PublicDropDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:DropOperation .
 
 :EditorDropDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorDropDataPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:EditorDropDataPropertyValueContainer .
 
 :EditorDropDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:DropOperation .
 
 :CuratorDropDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorDropDataPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:CuratorDropDataPropertyValueContainer .
 
 :CuratorDropDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:DropOperation .
 
 :AdminDropDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminDropDataPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:AdminDropDataPropertyValueContainer .
 
 :AdminDropDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:DropOperation .
 
@@ -1083,52 +1083,52 @@
 :PublicAddDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicAddDataPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:PublicAddDataPropertyValueContainer .
 
 :PublicAddDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:AddOperation .
 
 :EditorAddDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorAddDataPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:EditorAddDataPropertyValueContainer .
 
 :EditorAddDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:AddOperation .
 
 :CuratorAddDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorAddDataPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:CuratorAddDataPropertyValueContainer .
 
 :CuratorAddDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:AddOperation .
 
 :AdminAddDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminAddDataPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:AdminAddDataPropertyValueContainer .
 
 :AdminAddDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:AddOperation .
 
@@ -1137,52 +1137,52 @@
 :PublicEditDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicEditDataPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:PublicEditDataPropertyValueContainer .
 
 :PublicEditDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:EditOperation .
 
 :EditorEditDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorEditDataPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:EditorEditDataPropertyValueContainer .
 
 :EditorEditDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:EditOperation .
 
 :CuratorEditDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorEditDataPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:CuratorEditDataPropertyValueContainer .
 
 :CuratorEditDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:EditOperation .
 
 :AdminEditDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminEditDataPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:AdminEditDataPropertyValueContainer .
 
 :AdminEditDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:EditOperation .
 
@@ -1191,52 +1191,52 @@
 :PublicDropObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicDropObjectPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:PublicDropObjectPropertyValueContainer .
 
 :PublicDropObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:DropOperation .
 
 :EditorDropObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorDropObjectPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:EditorDropObjectPropertyValueContainer .
 
 :EditorDropObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:DropOperation .
 
 :CuratorDropObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorDropObjectPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:CuratorDropObjectPropertyValueContainer .
 
 :CuratorDropObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:DropOperation .
 
 :AdminDropObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminDropObjectPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:AdminDropObjectPropertyValueContainer .
 
 :AdminDropObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:DropOperation .
 
@@ -1245,52 +1245,52 @@
 :PublicAddObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicAddObjectPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:PublicAddObjectPropertyValueContainer .
 
 :PublicAddObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:AddOperation .
 
 :EditorAddObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorAddObjectPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:EditorAddObjectPropertyValueContainer .
 
 :EditorAddObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:AddOperation .
 
 :CuratorAddObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorAddObjectPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:CuratorAddObjectPropertyValueContainer .
 
 :CuratorAddObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:AddOperation .
 
 :AdminAddObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminAddObjectPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:AdminAddObjectPropertyValueContainer .
 
 :AdminAddObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:AddOperation .
 
@@ -1299,52 +1299,52 @@
 :PublicEditObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicEditObjectPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:PublicEditObjectPropertyValueContainer .
 
 :PublicEditObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:EditOperation .
 
 :EditorEditObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorEditObjectPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:EditorEditObjectPropertyValueContainer .
 
 :EditorEditObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:EditOperation .
 
 :CuratorEditObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorEditObjectPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:CuratorEditObjectPropertyValueContainer .
 
 :CuratorEditObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:EditOperation .
 
 :AdminEditObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminEditObjectPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:AdminEditObjectPropertyValueContainer .
 
 :AdminEditObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:EditOperation .
 
@@ -1354,52 +1354,52 @@
 :PublicDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicDisplayObjectPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:PublicDisplayObjectPropertyValueContainer .
 
 :PublicDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:DisplayOperation .
 
 :EditorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorDisplayObjectPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:EditorDisplayObjectPropertyValueContainer .
 
 :EditorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:DisplayOperation .
 
 :CuratorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorDisplayObjectPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:CuratorDisplayObjectPropertyValueContainer .
 
 :CuratorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:DisplayOperation .
 
 :AdminDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminDisplayObjectPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:AdminDisplayObjectPropertyValueContainer .
 
 :AdminDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:DisplayOperation .
 
@@ -1408,52 +1408,52 @@
 :PublicDisplayDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicDisplayDataPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:PublicDisplayDataPropertyValueContainer .
 
 :PublicDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:DisplayOperation .
 
 :EditorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorDisplayDataPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:EditorDisplayDataPropertyValueContainer .
 
 :EditorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:DisplayOperation .
 
 :CuratorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorDisplayDataPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:CuratorDisplayDataPropertyValueContainer .
 
 :CuratorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:DisplayOperation .
 
 :AdminDisplayDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminDisplayDataPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:AdminDisplayDataPropertyValueContainer .
 
 :AdminDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:DisplayOperation .
 
@@ -1462,52 +1462,52 @@
 :PublicDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicDisplayFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:PublicDisplayFauxObjectPropertyValueContainer .
 
 :PublicDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:DisplayOperation .
 
 :EditorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorDisplayFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:EditorDisplayFauxObjectPropertyValueContainer .
 
 :EditorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:DisplayOperation .
 
 :CuratorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorDisplayFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:CuratorDisplayFauxObjectPropertyValueContainer .
 
 :CuratorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:DisplayOperation .
 
 :AdminDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminDisplayFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:AdminDisplayFauxObjectPropertyValueContainer .
 
 :AdminDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:DisplayOperation .
 
@@ -1516,52 +1516,52 @@
 :PublicDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :PublicDisplayFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:PublicDisplayFauxDataPropertyValueContainer .
 
 :PublicDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:PUBLIC ;
     ao:keyComponent ai:DisplayOperation .
 
 :EditorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorDisplayFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:EditorDisplayFauxDataPropertyValueContainer .
 
 :EditorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:DisplayOperation .
 
 :CuratorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorDisplayFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:CuratorDisplayFauxDataPropertyValueContainer .
 
 :CuratorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:DisplayOperation .
 
 :AdminDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminDisplayFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:AdminDisplayFauxDataPropertyValueContainer .
 
 :AdminDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:DisplayOperation .
 
@@ -1570,39 +1570,39 @@
 :EditorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorPublishObjectPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:EditorPublishObjectPropertyValueContainer .
 
 :EditorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:PublishOperation .
 
 :CuratorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorPublishObjectPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:CuratorPublishObjectPropertyValueContainer .
 
 :CuratorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:PublishOperation .
 
 :AdminPublishObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminPublishObjectPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:AdminPublishObjectPropertyValueContainer .
 
 :AdminPublishObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:PublishOperation .
 
@@ -1611,39 +1611,39 @@
 :EditorPublishDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorPublishDataPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:EditorPublishDataPropertyValueContainer .
 
 :EditorPublishDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:PublishOperation .
 
 :CuratorPublishDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorPublishDataPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:CuratorPublishDataPropertyValueContainer .
 
 :CuratorPublishDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:PublishOperation .
 
 :AdminPublishDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminPublishDataPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:AdminPublishDataPropertyValueContainer .
 
 :AdminPublishDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:PublishOperation .
 
@@ -1652,39 +1652,39 @@
 :EditorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorPublishFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:EditorPublishFauxObjectPropertyValueContainer .
 
 :EditorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:PublishOperation .
 
 :CuratorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorPublishFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:CuratorPublishFauxObjectPropertyValueContainer .
 
 :CuratorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:PublishOperation .
 
 :AdminPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminPublishFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:AdminPublishFauxObjectPropertyValueContainer .
 
 :AdminPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:PublishOperation .
 
@@ -1693,39 +1693,39 @@
 :EditorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :EditorPublishFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:EditorPublishFauxDataPropertyValueContainer .
 
 :EditorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:EDITOR ;
     ao:keyComponent ai:PublishOperation .
 
 :CuratorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :CuratorPublishFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:CuratorPublishFauxDataPropertyValueContainer .
 
 :CuratorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:CURATOR ;
     ao:keyComponent ai:PublishOperation .
 
 :AdminPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :AdminPublishFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:AdminPublishFauxDataPropertyValueContainer .
 
 :AdminPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:ADMIN ;
     ao:keyComponent ai:PublishOperation .
 
@@ -1747,10 +1747,10 @@
     ao:templateValue :AccessObjectTypeValueSet .
 
 :AccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:attributeValue ai:DataPropertyAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:ObjectPropertyValueContainer ;
+    ao:attributeValue ai:DataPropertyValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyValueContainer ;
     .
 
 :AllowMatchingPropertyStatement a ao:Rule;
@@ -1766,10 +1766,10 @@
     ao:templateValue :StatementAccessObjectTypeValueSet .
 
 :StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyStatementAccesObjectValueContainer ;
-    ao:attributeValue ai:DataPropertyStatementAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:ObjectPropertyStatementValueContainer ;
+    ao:attributeValue ai:DataPropertyStatementValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyStatementValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyStatementValueContainer ;
     .
 
 :OperationEqualsDataSetOperation a ao:Check ;
@@ -1906,174 +1906,174 @@
     .
 
 ai:PublicDropFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:EditorDropFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:CuratorDropFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:AdminDropFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 
 ai:PublicAddFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:EditorAddFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:CuratorAddFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:AdminAddFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 
 ai:PublicEditFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:EditorEditFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:CuratorEditFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:AdminEditFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 
 ai:PublicDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:EditorDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:CuratorDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:AdminDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 
 ai:PublicAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:EditorAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:CuratorAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:AdminAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 
 ai:PublicEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:EditorEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:CuratorEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:AdminEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 
 
 ai:PublicDropDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:EditorDropDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:CuratorDropDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:AdminDropDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 
 ai:PublicAddDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:EditorAddDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:CuratorAddDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:AdminAddDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 
 ai:PublicEditDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:EditorEditDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:CuratorEditDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:AdminEditDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 
 ai:PublicDropObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:EditorDropObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:CuratorDropObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:AdminDropObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 
 ai:PublicAddObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:EditorAddObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:CuratorAddObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:AdminAddObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 
 ai:PublicEditObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:EditorEditObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:CuratorEditObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:AdminEditObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 
 ai:PublicDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:EditorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:CuratorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:AdminDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 
 ai:PublicDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:EditorDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:CuratorDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:AdminDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 
 ai:PublicDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:EditorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:CuratorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:AdminDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 
 ai:PublicDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:EditorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:CuratorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:AdminDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 
 ai:EditorPublishObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:CuratorPublishObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:AdminPublishObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 
 ai:EditorPublishDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:CuratorPublishDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:AdminPublishDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 
 ai:EditorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:CuratorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:AdminPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 
 ai:EditorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:CuratorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 ai:AdminPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 9addad4ab7..6adf74f294 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -29,13 +29,13 @@
 :SelfEditorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorDisplayObjectPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDisplayObjectPropertyValueContainer .
 
 :SelfEditorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:DisplayOperation .
 
@@ -44,13 +44,13 @@
 :SelfEditorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorDisplayDataPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDisplayDataPropertyValueContainer .
 
 :SelfEditorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:DisplayOperation .
 
@@ -59,13 +59,13 @@
 :SelfEditorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorDisplayFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDisplayFauxObjectPropertyValueContainer .
 
 :SelfEditorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:DisplayOperation .
 
@@ -74,13 +74,13 @@
 :SelfEditorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorDisplayFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DisplayOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDisplayFauxDataPropertyValueContainer .
 
 :SelfEditorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:DisplayOperation .
 
@@ -89,13 +89,13 @@
 :SelfEditorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorPublishObjectPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorPublishObjectPropertyValueContainer .
 
 :SelfEditorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:PublishOperation .
 
@@ -104,13 +104,13 @@
 :SelfEditorPublishDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorPublishDataPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorPublishDataPropertyValueContainer .
 
 :SelfEditorPublishDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:PublishOperation .
 
@@ -119,13 +119,13 @@
 :SelfEditorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorPublishFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorPublishFauxObjectPropertyValueContainer .
 
 :SelfEditorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:PublishOperation .
 
@@ -134,13 +134,13 @@
 :SelfEditorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorPublishFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:PublishOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorPublishFauxDataPropertyValueContainer .
 
 :SelfEditorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:PublishOperation .
 
@@ -162,10 +162,10 @@
     ao:templateValue :AccessObjectTypeValueSet .
 
 :AccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:attributeValue ai:DataPropertyAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:ObjectPropertyValueContainer ;
+    ao:attributeValue ai:DataPropertyValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyValueContainer ;
     .
 
 :AllowMatchingPropertyStatement a ao:Rule;
@@ -181,10 +181,10 @@
     ao:templateValue :StatementAccessObjectTypeValueSet .
 
 :StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyStatementAccesObjectValueContainer ;
-    ao:attributeValue ai:DataPropertyStatementAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:ObjectPropertyStatementValueContainer ;
+    ao:attributeValue ai:DataPropertyStatementValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyStatementValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyStatementValueContainer ;
     .
 
 :OperationCheck a ao:Check ;
@@ -227,19 +227,19 @@
     .
 
 ai:SelfEditorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:SelfEditorDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:SelfEditorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:SelfEditorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 
 ai:SelfEditorPublishObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:SelfEditorPublishDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:SelfEditorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:SelfEditorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 1ef2386d8a..c704812fee 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -36,13 +36,13 @@
 :SelfEditorAddObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorAddObjectPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorAddObjectPropertyValueContainer .
 
 :SelfEditorAddObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:AddOperation .
 
@@ -51,13 +51,13 @@
 :SelfEditorAddDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorAddDataPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorAddDataPropertyValueContainer .
 
 :SelfEditorAddDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:AddOperation .
 
@@ -66,13 +66,13 @@
 :SelfEditorAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorAddFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorAddFauxObjectPropertyValueContainer .
 
 :SelfEditorAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:AddOperation .
 
@@ -81,13 +81,13 @@
 :SelfEditorAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorAddFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:AddOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorAddFauxDataPropertyValueContainer .
 
 :SelfEditorAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:AddOperation .
 
@@ -96,13 +96,13 @@
 :SelfEditorDropObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorDropObjectPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDropObjectPropertyValueContainer .
 
 :SelfEditorDropObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:DropOperation .
 
@@ -111,13 +111,13 @@
 :SelfEditorDropDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorDropDataPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDropDataPropertyValueContainer .
 
 :SelfEditorDropDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:DropOperation .
 
@@ -126,13 +126,13 @@
 :SelfEditorDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorDropFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDropFauxObjectPropertyValueContainer .
 
 :SelfEditorDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:DropOperation .
 
@@ -141,13 +141,13 @@
 :SelfEditorDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorDropFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:DropOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorDropFauxDataPropertyValueContainer .
 
 :SelfEditorDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:DropOperation .
 
@@ -156,13 +156,13 @@
 :SelfEditorEditObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorEditObjectPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyValueContainer ;
+    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorEditObjectPropertyValueContainer .
 
 :SelfEditorEditObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
+    ao:keyComponent ai:ObjectProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:EditOperation .
 
@@ -171,13 +171,13 @@
 :SelfEditorEditDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorEditDataPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:DataPropertyValueContainer ;
+    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorEditDataPropertyValueContainer .
 
 :SelfEditorEditDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataPropertyAccesObject ;
+    ao:keyComponent ai:DataProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:EditOperation .
 
@@ -186,13 +186,13 @@
 :SelfEditorEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorEditFauxObjectPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
+    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorEditFauxObjectPropertyValueContainer .
 
 :SelfEditorEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectPropertyAccesObject ;
+    ao:keyComponent ai:FauxObjectProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:EditOperation .
 
@@ -201,13 +201,13 @@
 :SelfEditorEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
     ao:dataSetKey :SelfEditorEditFauxDataPropertyDataSetKey ;
     ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyAccesObjectValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
+    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
     ao:dataSetValues ai:EditOperationValueContainer ;
     ao:dataSetValues ai:SelfEditorEditFauxDataPropertyValueContainer .
 
 :SelfEditorEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataPropertyAccesObject ;
+    ao:keyComponent ai:FauxDataProperty ;
     ao:keyComponent auth:SELF_EDITOR ;
     ao:keyComponent ai:EditOperation .
 
@@ -229,10 +229,10 @@
     ao:templateValue :AccessObjectTypeValueSet .
 
 :AccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyAccesObjectValueContainer ;
-    ao:attributeValue ai:DataPropertyAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyAccesObjectValueContainer ;
+    ao:attributeValue ai:ObjectPropertyValueContainer ;
+    ao:attributeValue ai:DataPropertyValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyValueContainer ;
     .
 
 :AllowMatchingPropertyStatement a ao:Rule;
@@ -254,10 +254,10 @@
     ao:templateValue :StatementAccessObjectTypeValueSet .
 
 :StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyStatementAccesObjectValueContainer ;
-    ao:attributeValue ai:DataPropertyStatementAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyStatementAccesObjectValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyStatementAccesObjectValueContainer ;
+    ao:attributeValue ai:ObjectPropertyStatementValueContainer ;
+    ao:attributeValue ai:DataPropertyStatementValueContainer ;
+    ao:attributeValue ai:FauxObjectPropertyStatementValueContainer ;
+    ao:attributeValue ai:FauxDataPropertyStatementValueContainer ;
     .
 
 :OperationCheck a ao:Check ;
@@ -308,28 +308,28 @@
     .
 
 ai:SelfEditorAddObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:SelfEditorAddDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:SelfEditorAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:SelfEditorAddFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 
 ai:SelfEditorEditObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:SelfEditorEditDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:SelfEditorEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:SelfEditorEditFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .
 
 ai:SelfEditorDropObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectPropertyAccesObject .
+    ao:containerType ai:ObjectProperty .
 ai:SelfEditorDropDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataPropertyAccesObject .
+    ao:containerType ai:DataProperty .
 ai:SelfEditorDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectPropertyAccesObject .
+    ao:containerType ai:FauxObjectProperty .
 ai:SelfEditorDropFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataPropertyAccesObject .
+    ao:containerType ai:FauxDataProperty .

From 66f1dca52a08f92e8ddd6d8f78149d6e4926e24a Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 24 Oct 2023 13:44:09 +0200
Subject: [PATCH 067/148] multiple fixes

---
 .../auth/attributes/OperationGroup.java       | 16 ++++-
 .../auth/policy/EntityPolicyController.java   | 34 ++++-----
 .../webapp/auth/policy/PolicyLoader.java      | 70 ++++++-------------
 .../migration/auth/AnnotationMigrator.java    | 56 +++++++++++++--
 .../webapp/migration/auth/ArmMigrator.java    | 33 +++++----
 .../webapp/migration/auth/AuthMigrator.java   | 41 -----------
 ...ccessAllowedClassesPolicyTemplateTest.java |  5 +-
 ...ssAllowedPropertiesPolicyTemplateTest.java |  5 +-
 ...edAllowedPropertiesPolicyTemplateTest.java |  5 +-
 .../webapp/auth/policy/BasicPolicyTest.java   | 24 +++----
 .../policy/EntityPolicyControllerTest.java    | 50 ++++++++-----
 .../vitro/webapp/auth/policy/PolicyTest.java  | 22 ++++--
 ...edAllowedPropertiesPolicyTemplateTest.java |  5 +-
 .../migration/auth/ArmMigratorTest.java       | 24 +++----
 ...emplate_access_related_allowed_property.n3 |  2 +-
 15 files changed, 199 insertions(+), 193 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationGroup.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationGroup.java
index dc405f96d9..c43f1f9b10 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationGroup.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationGroup.java
@@ -2,8 +2,22 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
+import java.util.EnumSet;
+import java.util.Set;
+
 public enum OperationGroup {
     DISPLAY_GROUP,
     UPDATE_GROUP,
-    PUBLISH_GROUP
+    PUBLISH_GROUP;
+
+    public static Set<AccessOperation> getOperations(OperationGroup og) {
+        if (og.equals(UPDATE_GROUP)) {
+            return EnumSet.of(AccessOperation.ADD, AccessOperation.DROP, AccessOperation.EDIT);
+        }
+        if (og.equals(PUBLISH_GROUP)) {
+            return EnumSet.of(AccessOperation.PUBLISH);
+        }
+        return EnumSet.of(AccessOperation.DISPLAY);
+
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index 47e845c8c9..2fc435d87c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -24,49 +24,49 @@ public class EntityPolicyController {
 
     /**
      * @param entityUri - entity uniform resource identifier
-     * @param aot - Access object type
-     * @param og - operation group
+     * @param aot - access object type
+     * @param ao - access operation
      * @param selectedRoles - list of roles to assign
      * @param allRoles - list of all available roles
      */
-    public static void updateEntityDataSet(String entityUri, AccessObjectType aot, AccessOperation og,
+    public static void updateEntityDataSet(String entityUri, AccessObjectType aot, AccessOperation ao,
             List<String> selectedRoles, List<String> allRoles) {
         if (StringUtils.isBlank(entityUri)) {
             return;
         }
         Set<String> selectedSet = new HashSet<>(selectedRoles);
         for (String role : allRoles) {
-            boolean isInDataSet = isUriInTestDataset(entityUri, og, aot, role);
+            boolean isInDataSet = isUriInTestDataset(entityUri, ao, aot, role);
             boolean isSelected = selectedSet.contains(role);
             final PolicyLoader loader = PolicyLoader.getInstance();
             final String dataSetUri =
-                    loader.getDataSetUriByKey(new String[] { role }, new String[] { og.toString(), aot.toString() });
+                    loader.getDataSetUriByKey(new String[] { role }, new String[] { ao.toString(), aot.toString() });
 
             if (dataSetUri == null) {
                 log.debug(
-                        String.format("Policy wasn't found by key:\n%s\n%s\n%s", og.toString(), aot.toString(), role));
+                        String.format("Policy wasn't found by key:\n%s\n%s\n%s", ao.toString(), aot.toString(), role));
                 continue;
             }
             if (isSelected && !isInDataSet) {
-                loader.addEntityToPolicyDataSet(entityUri, aot, og, role);
+                loader.addEntityToPolicyDataSet(entityUri, aot, ao, role);
                 DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
                 PolicyStore.getInstance().add(policy);
             } else if (!isSelected && isInDataSet) {
-                loader.removeEntityFromPolicyDataSet(entityUri, aot, og, role);
+                loader.removeEntityFromPolicyDataSet(entityUri, aot, ao, role);
                 DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
                 PolicyStore.getInstance().add(policy);
             }
         }
     }
 
-    public static List<String> getGrantedRoles(String entityUri, AccessOperation og, AccessObjectType aot,
+    public static List<String> getGrantedRoles(String entityUri, AccessOperation ao, AccessObjectType aot,
             List<String> allRoles) {
         if (StringUtils.isBlank(entityUri)) {
             return Collections.emptyList();
         }
         List<String> grantedRoles = new LinkedList<>();
         for (String role : allRoles) {
-            if (isUriInTestDataset(entityUri, og, aot, role)) {
+            if (isUriInTestDataset(entityUri, ao, aot, role)) {
                 grantedRoles.add(role);
             }
         }
@@ -79,12 +79,12 @@ public static void getDataValueStatements(String entityUri, AccessObjectType aot
             return;
         }
         for (String role : selectedRoles) {
-            String testDataUri = getPolicyTestDataUri(aot, ao, role);
-            if (testDataUri == null) {
-                log.error(String.format("Policy test data wasn't found by key:\n%s\n%s\n%s", ao, aot, role));
+            String valueContainerUri = getValueContainerUri(aot, ao, role);
+            if (valueContainerUri == null) {
+                log.error(String.format("Policy value container wasn't found by key:\n%s\n%s\n%s", ao, aot, role));
                 continue;
             }
-            sb.append("<").append(testDataUri)
+            sb.append("<").append(valueContainerUri)
                     .append("> <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue> <")
                     .append(entityUri).append("> .\n");
         }
@@ -109,12 +109,12 @@ private static boolean isUriInTestDataset(String entityUri, AccessOperation og,
         return values.contains(entityUri);
     }
 
-    private static String getPolicyTestDataUri(AccessObjectType aot, AccessOperation og, String role) {
-        String key = aot.toString() + "." + og.toString() + "." + role;
+    private static String getValueContainerUri(AccessObjectType aot, AccessOperation ao, String role) {
+        String key = aot.toString() + "." + ao.toString() + "." + role;
         if (policyKeyToDataValueMap.containsKey(key)) {
             return policyKeyToDataValueMap.get(key);
         }
-        String uri = PolicyLoader.getInstance().getEntityPolicyTestDataValue(og, aot, role);
+        String uri = PolicyLoader.getInstance().getEntityValueContainerUri(ao, aot, role);
         policyKeyToDataValueMap.put(key, uri);
         return uri;
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index a68317a00d..37ec5b00d1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -17,7 +17,6 @@
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.CheckFactory;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRuleFactory;
 import edu.cornell.mannlib.vitro.webapp.dao.jena.event.BulkUpdateEvent;
@@ -204,21 +203,21 @@ public class PolicyLoader {
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?"
-            + POLICY + " ?dataSet ?testData ?value ?valueId ( COUNT(?key) AS ?keySize ) \n"
+            + POLICY + " ?dataSet ?testData ?value ?valueId ?valueContainer ( COUNT(?key) AS ?keySize ) \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "  ?" + POLICY + " ao:policyDataSets ?policyDataSets .\n"
             + "  ?policyDataSets ao:policyDataSet ?dataSet .\n"
             + "  ?dataSet ao:dataSetKey ?dataSetKeyUri .\n"
-            + "  ?dataSet ao:dataSetValues ?dataSetValues .\n"
-            + "  ?dataSetValues ao:containerType ?containerType .\n"
+            + "  ?dataSet ao:dataSetValues ?valueContainer .\n"
+            + "  ?valueContainer ao:containerType ?containerType .\n"
             + "  ?containerType ao:id ?containerId .\n"
-            + "  OPTIONAL { ?dataSetValues ao:dataValue ?value .\n"
+            + "  OPTIONAL { ?valueContainer ao:dataValue ?value .\n"
             + "    OPTIONAL { ?value ao:id ?valueId . }\n"
             + "  }\n"
             + "  ?dataSetKeyUri ao:keyComponent ?key .\n";
 
-    private static final String policyKeyTemplateSuffix = "}} GROUP BY ?" + POLICY + " ?dataSet ?value ?valueId ?testData";
+    private static final String policyKeyTemplateSuffix = "}} GROUP BY ?" + POLICY + " ?dataSet ?value ?valueId ?testData ?valueContainer";
 
     private static final String policyStatementByKeyTemplatePrefix =
               "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
@@ -442,11 +441,11 @@ protected void processQuerySolution(QuerySolution qs) {
         return priority[0];
     }
 
-    public Set<String> getDataSetValues(AccessOperation og, AccessObjectType aot, String role) {
+    public Set<String> getDataSetValues(AccessOperation ao, AccessObjectType aot, String role) {
         Set<String> values = new HashSet<>();
         long expectedSize = 3;
-        String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
-                new String[] { og.toString(), aot.toString() });
+        String queryText = getDataSetByKeyQuery(new String[] { role },
+                new String[] { ao.toString(), aot.toString() });
         ParameterizedSparqlString pss = new ParameterizedSparqlString(queryText);
         pss.setLiteral("containerId", aot.toString());
         queryText = pss.toString();
@@ -480,25 +479,28 @@ protected void processQuerySolution(QuerySolution qs) {
         return values;
     }
 
-    public String getPolicyUriByDataSetKey(OperationGroup og, AccessObjectType aot, String role) {
+    public String getEntityValueContainerUri(AccessOperation ao, AccessObjectType aot, String role) {
         long expectedSize = 3;
-        final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
-                new String[] { og.toString(), aot.toString() });
-        debug("SPARQL Query to get policy data set values:\n %s", queryText);
+        String queryText = getDataSetByKeyQuery(new String[] { role }, new String[] { ao.toString(), aot.toString() });
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(queryText);
+        pss.setLiteral("containerId", aot.toString());
+        queryText = pss.toString();
+        debug("SPARQL Query to get entity value container uri:\n %s", queryText);
         String[] uri = new String[1];
         try {
             rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
                 @Override
                 protected void processQuerySolution(QuerySolution qs) {
-                    if (!qs.contains(POLICY) || !qs.get(POLICY).isResource() || !qs.contains("keySize")
+                    if (!qs.contains("dataSet") || !qs.get("dataSet").isResource() || !qs.contains("keySize")
                             || !qs.get("keySize").isLiteral()) {
                         return;
                     }
                     long keySize = qs.getLiteral("keySize").getLong();
                     if (expectedSize != keySize) {
+                        log.error("wrong key size. Expected " + expectedSize + ". Actual " + keySize );
                         return;
                     }
-                    uri[0] = qs.getResource(POLICY).getURI();
+                    uri[0] = qs.getResource("valueContainer").getURI();
                 }
             });
         } catch (RDFServiceException e) {
@@ -507,38 +509,10 @@ protected void processQuerySolution(QuerySolution qs) {
         return uri[0];
     }
 
-    public String getEntityPolicyTestDataValue(AccessOperation og, AccessObjectType aot, String role) {
-        String[] valueUri = new String[1];
-        long expectedSize = 3;
-        final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
-                new String[] { og.toString(), aot.toString() });
-        debug("SPARQL Query to get policy data set value:\n %s", queryText);
-        try {
-            rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
-                @Override
-                protected void processQuerySolution(QuerySolution qs) {
-                    if (!qs.contains(POLICY) || !qs.contains("keySize") || !qs.get("keySize").isLiteral()) {
-                        return;
-                    }
-                    long keySize = qs.getLiteral("keySize").getLong();
-                    if (expectedSize != keySize) {
-                        return;
-                    }
-                    if (qs.contains("testData") && qs.get("testData").isResource()) {
-                        valueUri[0] = qs.getResource("testData").getURI();
-                    }
-                }
-            });
-        } catch (RDFServiceException e) {
-            log.error(e, e);
-        }
-        return valueUri[0];
-    }
-
-    public void modifyPolicyDataSetValue(String entityUri, AccessOperation og, AccessObjectType aot, String role,
+    public void modifyPolicyDataSetValue(String entityUri, AccessOperation ao, AccessObjectType aot, String role,
             boolean isAdd) {
         String queryText = getPolicyDataSetValueStatementByKeyQuery(entityUri, new String[] { role },
-                new String[] { og.toString(), aot.toString() });
+                new String[] { ao.toString(), aot.toString() });
         ParameterizedSparqlString pss = new ParameterizedSparqlString(queryText);
         pss.setLiteral("containerType", aot.toString());
         queryText = pss.toString();
@@ -600,7 +574,7 @@ private static String getPolicyDataSetValueStatementByKeyQuery(String entityUri,
         return query.toString();
     }
 
-    private static String getPolicyTestValuesByKeyQuery(String[] uris, String[] ids) {
+    private static String getDataSetByKeyQuery(String[] uris, String[] ids) {
         StringBuilder query = new StringBuilder(policyKeyTemplatePrefix);
         for (String uri : uris) {
             query.append(String.format("  ?dataSetKeyUri ao:keyComponent <%s> . \n", uri));
@@ -811,7 +785,7 @@ private static boolean isInvalidPolicySolution(QuerySolution qs) {
 
     private static void debug(String template, Object... objects) {
         if (log.isDebugEnabled()) {
-            log.error(String.format(template, objects));
+            log.debug(String.format(template, objects));
         }
     }
 
@@ -832,7 +806,7 @@ private ChangeSet makeChangeSet() {
 
     public String getDataSetUriByKey(String[] uris, String[] ids) {
         long expectedSize = uris.length + ids.length;
-        final String queryText = getPolicyTestValuesByKeyQuery(uris, ids);
+        final String queryText = getDataSetByKeyQuery(uris, ids);
         debug("SPARQL Query to get policy data set values:\n %s", queryText);
         String[] uri = new String[1];
         try {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
index a4d222cceb..000579352e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
@@ -13,9 +13,13 @@
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
@@ -67,19 +71,19 @@ protected void migrateConfiguration() {
         log.info(String.format("Found %s faux object property annotation configurations", fopConfigs.size()));
         Map<String, Map<OperationGroup, Set<String>>> fdpConfigs = getFauxDataPropertyAnnotations(dpConfigs.keySet());
         log.info(String.format("Found %s faux data property annotation configurations", fdpConfigs.size()));
-        Long[] valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.OBJECT_PROPERTY, opConfigs);
+        Long[] valueCounts = updatePolicyDatasets(AccessObjectType.OBJECT_PROPERTY, opConfigs);
         log.info(String.format("Updated object property datasets. Added %d values, removed %d values", valueCounts[0],
                 valueCounts[1]));
-        valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.DATA_PROPERTY, dpConfigs);
+        valueCounts = updatePolicyDatasets(AccessObjectType.DATA_PROPERTY, dpConfigs);
         log.info(String.format("Updated data property datasets, added %d values, removed %d values", valueCounts[0],
                 valueCounts[1]));
-        valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.CLASS, classConfigs);
+        valueCounts = updatePolicyDatasets(AccessObjectType.CLASS, classConfigs);
         log.info(String.format("Updated class property datasets, added %d values, removed %d values", valueCounts[0],
                 valueCounts[1]));
-        valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.FAUX_OBJECT_PROPERTY, fopConfigs);
+        valueCounts = updatePolicyDatasets(AccessObjectType.FAUX_OBJECT_PROPERTY, fopConfigs);
         log.info(String.format("Updated faux object property datasets, added %d values, removed %d values",
                 valueCounts[0], valueCounts[1]));
-        valueCounts = AuthMigrator.updatePolicyDatasets(AccessObjectType.FAUX_DATA_PROPERTY, fdpConfigs);
+        valueCounts = updatePolicyDatasets(AccessObjectType.FAUX_DATA_PROPERTY, fdpConfigs);
         log.info(String.format("Updated data property datasets, added %d values, removed %d values", valueCounts[0],
                 valueCounts[1]));
         PolicyLoader.getInstance().loadPolicies();
@@ -171,9 +175,38 @@ private void collectConfiguration(Map<String, Map<OperationGroup, Set<String>>>
         configs.put(uri, config);
     }
 
+    private static Long[] updatePolicyDatasets(AccessObjectType aot,
+            Map<String, Map<OperationGroup, Set<String>>> configs) {
+        StringBuilder additions = new StringBuilder();
+        StringBuilder removals = new StringBuilder();
+        for (String entityUri : configs.keySet()) {
+            Map<OperationGroup, Set<String>> groupMap = configs.get(entityUri);
+            for (OperationGroup og : groupMap.keySet()) {
+                for (AccessOperation ao : OperationGroup.getOperations(og)) {
+                    Set<String> rolesToAdd = groupMap.get(og);
+                    EntityPolicyController.getDataValueStatements(entityUri, aot, ao, rolesToAdd, additions);
+                    Set<String> rolesToRemove = new HashSet<>(ALL_ROLES);
+                    rolesToRemove.removeAll(rolesToAdd);
+                    // Don't remove public publish and update data sets, as there are no public policies for that
+                    // operation
+                    // groups
+                    if (OperationGroup.PUBLISH_GROUP.equals(og) || OperationGroup.UPDATE_GROUP.equals(og)) {
+                        rolesToRemove.remove(ROLE_PUBLIC_URI);
+                    }
+                    EntityPolicyController.getDataValueStatements(entityUri, aot, ao, rolesToRemove, removals);
+                    log.debug(String.format(
+                            "Updated entity %s dataset for operation group %s access object type %s roles %s",
+                            entityUri, og, aot, rolesToAdd));
+                }
+            }
+        }
+        PolicyLoader.getInstance().updateAccessControlModel(additions.toString(), true);
+        PolicyLoader.getInstance().updateAccessControlModel(removals.toString(), false);
+        return new Long[] { getLineCount(additions.toString()), getLineCount(removals.toString()) };
+    }
+
     private static String getAnnotationQuery(String typeSpecificPatterns) {
-        return ""
-                + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
+        return "" + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
                 + "PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
                 + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n" + "SELECT ?base ?uri ?update ?display ?publish\n"
                 + "WHERE {\n" + typeSpecificPatterns
@@ -192,4 +225,13 @@ private static String getAnnotationQuery(String typeSpecificPatterns) {
             + "  ?uri rdf:type <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#ObjectPropertyDisplayConfig> .\n"
             + "} GRAPH <" + ModelNames.DISPLAY + ">";
 
+    private static long getLineCount(String lines) {
+        Matcher matcher = Pattern.compile("\n").matcher(lines);
+        long i = 0;
+        while (matcher.find()) {
+            i++;
+        }
+        return i;
+    }
+
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
index 479debeb2e..ef9528572b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
@@ -9,6 +9,7 @@
 import java.util.Set;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
@@ -36,12 +37,12 @@ public class ArmMigrator {
     protected static final String ARM_SELF_EDITOR = "SELF_EDITOR";
     protected static final String ARM_PUBLIC = "PUBLIC";
 
-    protected static final List<String> armRoles = Arrays.asList(ARM_ADMIN, ARM_CURATOR, ARM_EDITOR, ARM_SELF_EDITOR,
-            ARM_PUBLIC);
+    protected static final List<String> armRoles =
+            Arrays.asList(ARM_ADMIN, ARM_CURATOR, ARM_EDITOR, ARM_SELF_EDITOR, ARM_PUBLIC);
     protected static final List<String> armOperations = Arrays.asList(DISPLAY, UPDATE, PUBLISH);
-    protected static final List<AccessObjectType> entityTypes = Arrays.asList(AccessObjectType.CLASS,
-            AccessObjectType.OBJECT_PROPERTY, AccessObjectType.DATA_PROPERTY, AccessObjectType.FAUX_OBJECT_PROPERTY,
-            AccessObjectType.FAUX_DATA_PROPERTY);
+    protected static final List<AccessObjectType> entityTypes =
+            Arrays.asList(AccessObjectType.CLASS, AccessObjectType.OBJECT_PROPERTY, AccessObjectType.DATA_PROPERTY,
+                    AccessObjectType.FAUX_OBJECT_PROPERTY, AccessObjectType.FAUX_DATA_PROPERTY);
 
     private RDFService contentRdfService;
     private RDFService configurationRdfService;
@@ -91,12 +92,14 @@ protected StringBuilder getStatementsToRemove() {
             String newRole = roleMap.get(role);
             for (String operation : armOperations) {
                 OperationGroup og = operationMap.get(operation);
-                for (AccessObjectType aot : entityTypes) {
-               //     Set<String> entityUris = PolicyLoader.getInstance().getDataSetValues(og, aot, newRole);
-               //     for (String entityUri : entityUris) {
-               //         EntityPolicyController.getDataValueStatements(entityUri, aot, og,
-               //                 Collections.singleton(newRole), removals);
-               //     }
+                for (AccessOperation ao : OperationGroup.getOperations(og)) {
+                    for (AccessObjectType aot : entityTypes) {
+                        Set<String> entityUris = PolicyLoader.getInstance().getDataSetValues(ao, aot, newRole);
+                        for (String entityUri : entityUris) {
+                            EntityPolicyController.getDataValueStatements(entityUri, aot, ao,
+                                    Collections.singleton(newRole), removals);
+                        }
+                    }
                 }
             }
         }
@@ -161,9 +164,11 @@ protected void collectAdditions(Map<AccessObjectType, Set<String>> entityTypeMap
                     if (AccessObjectType.FAUX_DATA_PROPERTY.equals(type)) {
                         intersectionEntities.addAll(addFauxDP);
                     }
-                    for (String entityUri : intersectionEntities) {
-                       // EntityPolicyController.getDataValueStatements(entityUri, type, og,
-                       //         Collections.singleton(newRole), additions);
+                    for (AccessOperation ao : OperationGroup.getOperations(og)) {
+                        for (String entityUri : intersectionEntities) {
+                            EntityPolicyController.getDataValueStatements(entityUri, type, ao,
+                            Collections.singleton(newRole), additions);
+                        }
                     }
                 }
             }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 6384e8a4b0..5af1258e96 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -4,18 +4,12 @@
 
 import java.util.Arrays;
 import java.util.HashSet;
-import java.util.Map;
 import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 
 import javax.servlet.ServletContext;
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ContextModelAccess;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
@@ -85,32 +79,6 @@ private void convertAnnotationConfiguation() {
         annotationMigrator.migrateConfiguration();
     }
 
-    static Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<OperationGroup, Set<String>>> configs) {
-        StringBuilder additions = new StringBuilder();
-        StringBuilder removals = new StringBuilder();
-        for (String entityUri : configs.keySet()) {
-            Map<OperationGroup, Set<String>> groupMap = configs.get(entityUri);
-            for (OperationGroup og : groupMap.keySet()) {
-                Set<String> rolesToAdd = groupMap.get(og);
-               // EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToAdd, additions);
-                Set<String> rolesToRemove = new HashSet<>(ALL_ROLES);
-                rolesToRemove.removeAll(rolesToAdd);
-                // Don't remove public publish and update data sets, as there are no public policies for that operation
-                // groups
-                if (OperationGroup.PUBLISH_GROUP.equals(og) || OperationGroup.UPDATE_GROUP.equals(og)) {
-                    rolesToRemove.remove(ROLE_PUBLIC_URI);
-                }
-               // EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToRemove, removals);
-                log.debug(
-                        String.format("Updated entity %s dataset for operation group %s access object type %s roles %s",
-                                entityUri, og, aot, rolesToAdd));
-            }
-        }
-        PolicyLoader.getInstance().updateAccessControlModel(additions.toString(), true);
-        PolicyLoader.getInstance().updateAccessControlModel(removals.toString(), false);
-        return new Long[] { getLineCount(additions.toString()), getLineCount(removals.toString()) };
-    }
-
     private boolean isMigrationRequired() {
         if (getVersion() == 0L) {
             return true;
@@ -173,13 +141,4 @@ public void contextDestroyed(ServletContextEvent sce) {
     private long secondsSince(long startTime) {
         return (System.currentTimeMillis() - startTime) / 1000;
     }
-
-    private static long getLineCount(String lines) {
-        Matcher matcher = Pattern.compile("\n").matcher(lines);
-        long i = 0;
-        while (matcher.find()) {
-            i++;
-        }
-        return i;
-    }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
index 1565997809..2bab9ac3bf 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
@@ -22,9 +22,6 @@
 @RunWith(Parameterized.class)
 public class AccessAllowedClassesPolicyTemplateTest extends PolicyTest {
 
-    public static final String POLICY_TEMPLATE_MATCH_CLASS_PATH =
-            USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_allowed_class.n3";
-
     @org.junit.runners.Parameterized.Parameter(0)
     public AccessOperation ao;
 
@@ -42,7 +39,7 @@ public class AccessAllowedClassesPolicyTemplateTest extends PolicyTest {
 
     @Test
     public void testPolicy() {
-        load(POLICY_TEMPLATE_MATCH_CLASS_PATH);
+        load(TEMPLATE_CLASS_PATH);
         List<String> roles = new ArrayList<>();
         roles.addAll(ROLE_LIST);
         if (roleUri.equals(CUSTOM)) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
index 8063e0f26a..c3502863f5 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
@@ -27,9 +27,6 @@
 @RunWith(Parameterized.class)
 public class AccessAllowedPropertiesPolicyTemplateTest extends PolicyTest {
     
-    public static final String POLICY_TEMPLATE_PATH = USER_ACCOUNTS_HOME_FIRSTTIME
-            + "template_access_allowed_property.n3";
-
     @org.junit.runners.Parameterized.Parameter(0)
     public AccessOperation ao;
 
@@ -47,7 +44,7 @@ public class AccessAllowedPropertiesPolicyTemplateTest extends PolicyTest {
 
     @Test
     public void testPolicy() {
-        load(POLICY_TEMPLATE_PATH);
+        load(TEMPLATE_PROPERTIES_PATH);
         List<String> roles = new ArrayList<>();
         roles.addAll(ROLE_LIST);
         if (roleUri.equals(CUSTOM)) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
index af7e4e95cc..d7cfbaabf4 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -21,9 +21,6 @@
 
 @RunWith(Parameterized.class)
 public class AccessRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest {
-
-    public static final String POLICY_TEMPLATE_PATH =
-            USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_related_allowed_property.n3";
    
     @org.junit.runners.Parameterized.Parameter(0)
     public AccessOperation ao;
@@ -42,7 +39,7 @@ public class AccessRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest
 
     @Test
     public void testPolicy() {
-        load(POLICY_TEMPLATE_PATH);
+        load(TEMPLATE_RELATED_PROPERTIES_PATH);
         EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
         DynamicPolicy policy = null;
         String dataSet = loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
index d5c3a58ea3..7d77c2c166 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
@@ -3,6 +3,7 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
+import java.io.StringWriter;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
@@ -89,21 +90,20 @@ public void testBrokenPolicyTemplate() {
 
     @Test
     public void testDuplicateTriplesInPolicies() {
-        Model m = ModelFactory.createDefaultModel();
-        Map<String, Long> pathToSizeMap = new HashMap<>();
+        Model m1 = ModelFactory.createDefaultModel();
+        Model m2 = ModelFactory.createDefaultModel();
         for (String entityPolicyPath : entityPolicies) {
-            load(m, entityPolicyPath);
-            pathToSizeMap.put(entityPolicyPath, m.size());
-            m.removeAll();
-        }
-        long cumulativeSize = 0;
-        for (String entityPolicyPath : entityPolicies) {
-            load(m, entityPolicyPath);
-            cumulativeSize += pathToSizeMap.get(entityPolicyPath);
-            if (cumulativeSize != m.size()) {
+            load(m2, entityPolicyPath);
+            Model intersection = m1.intersection(m2);
+            if (intersection.size() != 0) {
+                StringWriter sw = new StringWriter();
+                m1.write(sw, "TTL");
                 System.out.println(entityPolicyPath);
+                System.out.println(sw.toString());
             }
-            assertEquals(cumulativeSize, m.size());
+            assertEquals(0, intersection.size());
+            load(m1, entityPolicyPath);
+            m2.removeAll();
         }
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
index 37cc130f6e..8d172240ad 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
@@ -7,27 +7,39 @@
 import java.util.List;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import org.junit.Test;
 
 public class EntityPolicyControllerTest extends PolicyTest {
 
-    /*
-     * @Test public void testGetGrantedRoles() { //load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
-     * //load(SELF_EDITOR_DISPLAY_CLASS_POLICY_PATH); List<String> allowedRoles = Arrays.asList(ADMIN, SELF_EDITOR);
-     * EntityPolicyController.updateEntityPolicyDataSet("test:newClass", AccessObjectType.CLASS,
-     * OperationGroup.DISPLAY_GROUP, allowedRoles, ROLE_LIST); List<String> roles =
-     * EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS,
-     * ROLE_LIST); assertEquals(2, roles.size()); roles.contains(ADMIN); roles.contains(EDITOR); }
-     * 
-     * @Test public void testPolicyDataSetModification() { // load(ADMIN_DISPLAY_CLASS_POLICY_PATH);
-     * EntityPolicyController.updateEntityPolicyDataSet("test:newClass", AccessObjectType.CLASS,
-     * OperationGroup.DISPLAY_GROUP, Arrays.asList(ADMIN), ROLE_LIST); List<String> roles =
-     * EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS,
-     * ROLE_LIST); assertEquals(1, roles.size()); roles.contains(ADMIN);
-     * EntityPolicyController.updateEntityPolicyDataSet("test:newClass", AccessObjectType.CLASS,
-     * OperationGroup.DISPLAY_GROUP, Collections.emptyList(), ROLE_LIST); roles =
-     * EntityPolicyController.getGrantedRoles("test:newClass", OperationGroup.DISPLAY_GROUP, AccessObjectType.CLASS,
-     * ROLE_LIST); assertEquals(0, roles.size()); }
-     */
+    @Test
+    public void testGetGrantedRoles() {
+        load( USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_allowed_class.n3");
+        List<String> allowedRoles = Arrays.asList(ADMIN, SELF_EDITOR);
+        EntityPolicyController.updateEntityDataSet("test:newClass", AccessObjectType.CLASS,
+                AccessOperation.DISPLAY, allowedRoles, ROLE_LIST);
+        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", AccessOperation.DISPLAY,
+                AccessObjectType.CLASS, ROLE_LIST);
+        assertEquals(2, roles.size());
+        roles.contains(ADMIN);
+        roles.contains(EDITOR);
+    }
+
+    @Test
+    public void testPolicyDataSetModification() {
+        load( USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_allowed_class.n3");
+        EntityPolicyController.updateEntityDataSet("test:newClass", AccessObjectType.CLASS,
+                AccessOperation.DISPLAY, Arrays.asList(ADMIN), ROLE_LIST);
+        EntityPolicyController.updateEntityDataSet("test:newClass2", AccessObjectType.CLASS,
+                AccessOperation.DISPLAY, Arrays.asList(ADMIN), ROLE_LIST);
+        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", AccessOperation.DISPLAY,
+                AccessObjectType.CLASS, ROLE_LIST);
+        assertEquals(1, roles.size());
+        roles.contains(ADMIN);
+        EntityPolicyController.updateEntityDataSet("test:newClass", AccessObjectType.CLASS,
+                AccessOperation.DISPLAY, Collections.emptyList(), ROLE_LIST);
+        roles = EntityPolicyController.getGrantedRoles("test:newClass", AccessOperation.DISPLAY, AccessObjectType.CLASS,
+                ROLE_LIST);
+        assertEquals(0, roles.size());
+    }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index be8b4ba79d..edb20a7b9c 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -42,23 +42,35 @@ public class PolicyTest {
     public static final String TEST_DECISIONS = USER_ACCOUNTS_HOME_FIRSTTIME + "decisions.n3";
     public static final String ROLES = USER_ACCOUNTS_HOME_FIRSTTIME + "roles.n3";
 
-    protected static final String RESOURCES_RULES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
+    protected static final String RESOURCES_RULES_PREFIX =
+            "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
     protected static final String RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/";
 
     public static final String VALID_POLICY = RESOURCES_RULES_PREFIX + "test_policy_valid.n3";
     public static final String VALID_POLICY_TEMPLATE = RESOURCES_RULES_PREFIX + "test_policy_valid_set.n3";
     public static final String BROKEN_POLICY_TEMPLATE = RESOURCES_RULES_PREFIX + "test_policy_broken_set.n3";
-    //TODO:Implement public static final String POLICY_KEY_TEST = RESOURCES_RULES_PREFIX + "test_policy_key.n3";
+    // TODO:Implement public static final String POLICY_KEY_TEST = RESOURCES_RULES_PREFIX + "test_policy_key.n3";
 
-    protected static final List<String> ROLE_LIST = Arrays.asList(ADMIN, CURATOR, EDITOR,
-            SELF_EDITOR, PUBLIC);
+    public static final String TEMPLATE_CLASS_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_allowed_class.n3";
+
+    public static final String TEMPLATE_PROPERTIES_PATH =
+            USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_allowed_property.n3";
+
+    public static final String TEMPLATE_RELATED_PROPERTIES_PATH =
+            USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_related_allowed_property.n3";
+
+    public static final String TEMPLATE_RELATED_UPDATE_PATH =
+            USER_ACCOUNTS_HOME_FIRSTTIME + "template_update_related_allowed_property.n3";
+    
+    protected static final List<String> ROLE_LIST = Arrays.asList(ADMIN, CURATOR, EDITOR, SELF_EDITOR, PUBLIC);
     public static final String PREFIX = "https://vivoweb.org/ontology/vitro-application/auth/individual/";
     public static final String DATASET = "_dataset";
     public static final String EXT = ".n3";
 
     private static final Log log = LogFactory.getLog(PolicyTest.class);
 
-    protected static final List<String> entityPolicies = Arrays.asList();
+    protected static final List<String> entityPolicies =
+            Arrays.asList(TEMPLATE_CLASS_PATH, TEMPLATE_PROPERTIES_PATH, TEMPLATE_RELATED_PROPERTIES_PATH, TEMPLATE_RELATED_UPDATE_PATH);
 
     protected Model accessControlModel;
     protected PolicyLoader loader;
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
index a4d1c3af03..e20f6c157a 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -23,9 +23,6 @@
 @RunWith(Parameterized.class)
 public class UpdateRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest {
 
-    public static final String POLICY_TEMPLATE_PATH =
-            USER_ACCOUNTS_HOME_FIRSTTIME + "template_update_related_allowed_property.n3";
-
     @org.junit.runners.Parameterized.Parameter(0)
     public AccessOperation ao;
 
@@ -43,7 +40,7 @@ public class UpdateRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest
 
     @Test
     public void testPolicy() {
-        load(POLICY_TEMPLATE_PATH);
+        load(TEMPLATE_RELATED_UPDATE_PATH);
         EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
         DynamicPolicy policy = null;
         String dataSet = loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index efdf0525ca..0dabc20f15 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -10,7 +10,7 @@
 import java.util.regex.Pattern;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
@@ -72,10 +72,10 @@ public void getEntityMapTest() {
 
     @Test
     public void getStatementsToRemoveTest() {
-        StringBuilder removals = armMigrator.getStatementsToRemove();
+        StringBuilder removals = armMigrator.getStatementsToRemove(); 
         assertTrue(StringUtils.isBlank(removals.toString()));
-       // EntityPolicyController.updateEntityPolicyDataSet("test:entity", AccessObjectType.CLASS, OperationGroup.DISPLAY_GROUP,
-       //         ROLE_LIST, ROLE_LIST);
+        EntityPolicyController.updateEntityDataSet("test:entity", AccessObjectType.CLASS,
+                AccessOperation.DISPLAY, ROLE_LIST, ROLE_LIST);
         removals = armMigrator.getStatementsToRemove();
         assertEquals(5, getCount("\n", removals.toString()));
     }
@@ -87,7 +87,7 @@ public void migrateConfigurationTest() {
         addArmStatement(ArmMigrator.ARM_CURATOR, ArmMigrator.UPDATE, OBJECT_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_SELF_EDITOR, ArmMigrator.DISPLAY, CLASS_URI);
         addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, CLASS_URI);
-        addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.UPDATE, CLASS_URI);
+        //addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.UPDATE, CLASS_URI);
         addArmStatement(ArmMigrator.ARM_ADMIN, ArmMigrator.DISPLAY, DATA_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, DATA_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_CURATOR, ArmMigrator.UPDATE, DATA_PROPERTY_URI);
@@ -102,13 +102,13 @@ public void migrateConfigurationTest() {
         armMigrator.collectAdditions(entityTypeMap, additions);
         String stringResult = additions.toString();
         assertFalse(stringResult.isEmpty());
-        assertEquals(18, getCount("\n", stringResult));
-        assertEquals(18, getCount(dataValue, stringResult));
-        assertEquals(3, getCount(OBJECT_PROPERTY_URI, stringResult));
-        assertEquals(3, getCount(CLASS_URI, stringResult));
-        assertEquals(3, getCount(DATA_PROPERTY_URI, stringResult));
-        assertEquals(5, getCount(FAUX_DATA_PROPERTY_URI, stringResult));
-        assertEquals(4, getCount(FAUX_OBJECT_PROPERTY_URI, stringResult));
+        assertEquals(27, getCount("\n", stringResult));
+        assertEquals(27, getCount(dataValue, stringResult));
+        assertEquals(5, getCount(OBJECT_PROPERTY_URI, stringResult));
+        assertEquals(2, getCount(CLASS_URI, stringResult));
+        assertEquals(5, getCount(DATA_PROPERTY_URI, stringResult));
+        assertEquals(9, getCount(FAUX_DATA_PROPERTY_URI, stringResult));
+        assertEquals(6, getCount(FAUX_OBJECT_PROPERTY_URI, stringResult));
     }
 
     private static long getCount(String pattern, String lines) {
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 6adf74f294..0a8b684ea3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -7,7 +7,7 @@
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
 @prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-property/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/related-allowed-property/> .
 
 :PolicyTemplate a ao:PolicyTemplate ;
     ao:rules :RuleSet ;

From ae933530ecfb6132bcc3d7a13c088ba6d2f45f37 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 24 Oct 2023 13:52:16 +0200
Subject: [PATCH 068/148] revert renaming

---
 webapp/src/main/webapp/error.jsp              |  2 +-
 .../webapp/jenaIngest/csv2rdfSelectUri.jsp    |  2 +-
 .../webapp/jenaIngest/executeWorkflow.jsp     |  2 +-
 .../main/webapp/jenaIngest/merge_result.jsp   |  2 +-
 .../main/webapp/jenaIngest/permanentURI.jsp   |  2 +-
 .../jenaIngest/renameBNodesURISelect.jsp      |  2 +-
 .../main/webapp/jenaIngest/renameResult.jsp   |  2 +-
 .../webapp/jenaIngest/sparqlConstruct.jsp     |  4 +-
 .../main/webapp/jenaIngest/workflowStep.jsp   |  2 +-
 .../jenaIngest/xmlFileUploadSuccess.jsp       |  2 +-
 .../webapp/jsp/checkDatatypeProperties.jsp    |  6 +--
 .../webapp/templates/alpha/alphaIndex.jsp     |  2 +-
 .../templates/edit/fetch/horizontal.jsp       | 38 +++++++++----------
 .../webapp/templates/edit/fetch/vertical.jsp  | 18 ++++-----
 .../edit/specific/classgroups_edit.jsp        |  8 ++--
 .../edit/specific/datatypes_edit.jsp          |  2 +-
 .../edit/specific/ents_edit_head.jsp          |  2 +-
 .../templates/edit/specific/merge_result.jsp  |  2 +-
 .../edit/specific/namespaces_edit.jsp         |  4 +-
 .../templates/entity/entityListForTabs.jsp    |  8 ++--
 .../templates/entity/entityListPages.jsp      |  6 +--
 .../main/webapp/templates/page/bodyMsg.jsp    |  4 +-
 .../page/freemarkerTransition/footer.jsp      |  2 +-
 .../page/freemarkerTransition/menu.jsp        |  2 +-
 24 files changed, 63 insertions(+), 63 deletions(-)

diff --git a/webapp/src/main/webapp/error.jsp b/webapp/src/main/webapp/error.jsp
index 6490d96a20..93561b59fc 100755
--- a/webapp/src/main/webapp/error.jsp
+++ b/webapp/src/main/webapp/error.jsp
@@ -10,7 +10,7 @@
 <%
 // We have seen that this page can throw its own error.
    // Before it does so, be sure that we have written the original error to the log.
-    Object c = request.getCheck("javax.servlet.jsp.jspException");
+    Object c = request.getAttribute("javax.servlet.jsp.jspException");
     if (c instanceof Throwable) {
       Throwable cause = (Throwable) c;
       Log log = LogFactory.getLog(this.getClass());
diff --git a/webapp/src/main/webapp/jenaIngest/csv2rdfSelectUri.jsp b/webapp/src/main/webapp/jenaIngest/csv2rdfSelectUri.jsp
index 5de3df8d54..b3f3f88d96 100644
--- a/webapp/src/main/webapp/jenaIngest/csv2rdfSelectUri.jsp
+++ b/webapp/src/main/webapp/jenaIngest/csv2rdfSelectUri.jsp
@@ -55,7 +55,7 @@ function disableProperties(){
 
 
     <%
-    Map<String,LinkedList<String>> propertyMap = (Map) request.getCheck("propertyMap");
+    Map<String,LinkedList<String>> propertyMap = (Map) request.getAttribute("propertyMap");
            Set<Entry<String,LinkedList<String>>> set = propertyMap.entrySet();
            Iterator<Entry<String,LinkedList<String>>> itr = set.iterator();
            Entry<String, LinkedList<String>> entry = null;
diff --git a/webapp/src/main/webapp/jenaIngest/executeWorkflow.jsp b/webapp/src/main/webapp/jenaIngest/executeWorkflow.jsp
index a9b7ca9828..4a76b7ac5f 100644
--- a/webapp/src/main/webapp/jenaIngest/executeWorkflow.jsp
+++ b/webapp/src/main/webapp/jenaIngest/executeWorkflow.jsp
@@ -27,7 +27,7 @@
         OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
               jenaOntModel.enterCriticalSection(Lock.READ);
               try {
-                  List savedQueries = (List) request.getCheck("workflows");
+                  List savedQueries = (List) request.getAttribute("workflows");
         	          for (Iterator it = savedQueries.iterator(); it.hasNext();)  {
         	              Individual savedQuery = (Individual) it.next();
                       String queryURI = savedQuery.getURI();
diff --git a/webapp/src/main/webapp/jenaIngest/merge_result.jsp b/webapp/src/main/webapp/jenaIngest/merge_result.jsp
index c50f26cc38..540441974b 100644
--- a/webapp/src/main/webapp/jenaIngest/merge_result.jsp
+++ b/webapp/src/main/webapp/jenaIngest/merge_result.jsp
@@ -13,7 +13,7 @@
 <h2><a class="ingestMenu" href="ingest">Ingest Menu</a> > Merge Individuals</h2>
 
 <%
-MergeResult resultObj = (MergeResult) request.getCheck("result");
+MergeResult resultObj = (MergeResult) request.getAttribute("result");
     String result = resultObj.getResultText();
 %>
 
diff --git a/webapp/src/main/webapp/jenaIngest/permanentURI.jsp b/webapp/src/main/webapp/jenaIngest/permanentURI.jsp
index 35656c8a81..013f03567a 100644
--- a/webapp/src/main/webapp/jenaIngest/permanentURI.jsp
+++ b/webapp/src/main/webapp/jenaIngest/permanentURI.jsp
@@ -30,7 +30,7 @@ URIs exactly of the form created through the GUI interface.</p>
 <p>Current namespace of resources
 <select name=oldNamespace>
 <%
-List namespaces = (List)request.getCheck("namespaceList");
+List namespaces = (List)request.getAttribute("namespaceList");
 if(namespaces != null) {
 	Iterator namespaceItr = namespaces.iterator();
 	Integer count = 0;
diff --git a/webapp/src/main/webapp/jenaIngest/renameBNodesURISelect.jsp b/webapp/src/main/webapp/jenaIngest/renameBNodesURISelect.jsp
index 4d8991f743..4c808f94fa 100644
--- a/webapp/src/main/webapp/jenaIngest/renameBNodesURISelect.jsp
+++ b/webapp/src/main/webapp/jenaIngest/renameBNodesURISelect.jsp
@@ -59,7 +59,7 @@ function disableProperties(){
 
 
     <%
-    Map<String,LinkedList<String>> propertyMap = (Map) request.getCheck("propertyMap");
+    Map<String,LinkedList<String>> propertyMap = (Map) request.getAttribute("propertyMap");
            Set<Entry<String,LinkedList<String>>> set = propertyMap.entrySet();
            Iterator<Entry<String,LinkedList<String>>> itr = set.iterator();
            Entry<String, LinkedList<String>> entry = null;
diff --git a/webapp/src/main/webapp/jenaIngest/renameResult.jsp b/webapp/src/main/webapp/jenaIngest/renameResult.jsp
index 0825e679d7..c7855dfe33 100644
--- a/webapp/src/main/webapp/jenaIngest/renameResult.jsp
+++ b/webapp/src/main/webapp/jenaIngest/renameResult.jsp
@@ -10,6 +10,6 @@
 <h2><a class="ingestMenu" href="ingest">Ingest Menu</a> > Rename Resource</h2>
 
 <%
-String result = (String) request.getCheck("result");
+String result = (String) request.getAttribute("result");
 %>
 <p><b><%=result%></b></p>
diff --git a/webapp/src/main/webapp/jenaIngest/sparqlConstruct.jsp b/webapp/src/main/webapp/jenaIngest/sparqlConstruct.jsp
index b5db792bc3..f1d6a175fb 100644
--- a/webapp/src/main/webapp/jenaIngest/sparqlConstruct.jsp
+++ b/webapp/src/main/webapp/jenaIngest/sparqlConstruct.jsp
@@ -51,7 +51,7 @@
 	OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
 	      jenaOntModel.enterCriticalSection(Lock.READ);
 	      try {
-	          List savedQueries = (List) request.getCheck("savedQueries");
+	          List savedQueries = (List) request.getAttribute("savedQueries");
 		          for (Iterator it = savedQueries.iterator(); it.hasNext();)  {
 		              Individual savedQuery = (Individual) it.next();
 	              String queryURI = savedQuery.getURI();
@@ -78,7 +78,7 @@ PREFIX xsd:   &lt;http://www.w3.org/2001/XMLSchema#&gt;
 PREFIX vitro: &lt;http://vitro.mannlib.cornell.edu/ns/vitro/0.7#&gt;
 PREFIX swrl:  &lt;http://www.w3.org/2003/11/swrl#&gt;
 PREFIX swrlb: &lt;http://www.w3.org/2003/11/swrlb#&gt;<%
-    List prefixes = (List)request.getCheck("prefixList");
+    List prefixes = (List)request.getAttribute("prefixList");
     if(prefixes != null){
     	Iterator prefixItr = prefixes.iterator();
     	Integer count = 0;
diff --git a/webapp/src/main/webapp/jenaIngest/workflowStep.jsp b/webapp/src/main/webapp/jenaIngest/workflowStep.jsp
index 497ff6a992..4c170c115d 100644
--- a/webapp/src/main/webapp/jenaIngest/workflowStep.jsp
+++ b/webapp/src/main/webapp/jenaIngest/workflowStep.jsp
@@ -29,7 +29,7 @@
         OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
               jenaOntModel.enterCriticalSection(Lock.READ);
               try {
-                  List workflowSteps  = (List) request.getCheck("workflowSteps");
+                  List workflowSteps  = (List) request.getAttribute("workflowSteps");
         	          for (Iterator it = workflowSteps.iterator(); it.hasNext();)  {
         	              Individual workflowStep = (Individual) it.next();
                       String workflowStepURI = workflowStep.getURI();
diff --git a/webapp/src/main/webapp/jenaIngest/xmlFileUploadSuccess.jsp b/webapp/src/main/webapp/jenaIngest/xmlFileUploadSuccess.jsp
index 91b84385ac..299e095acb 100644
--- a/webapp/src/main/webapp/jenaIngest/xmlFileUploadSuccess.jsp
+++ b/webapp/src/main/webapp/jenaIngest/xmlFileUploadSuccess.jsp
@@ -11,6 +11,6 @@
 <vitro:confirmAuthorization />
 
 <p>Uploaded XML files and converted to RDF.</p>
-<p>Loaded <%=request.getCheck("statementCount")%> statements to the model <%=request.getCheck("targetModel")%>.</p>
+<p>Loaded <%=request.getAttribute("statementCount")%> statements to the model <%=request.getAttribute("targetModel")%>.</p>
 
 <h2><a class="ingestMenu" href="ingest">Ingest Menu</a></h2>
diff --git a/webapp/src/main/webapp/jsp/checkDatatypeProperties.jsp b/webapp/src/main/webapp/jsp/checkDatatypeProperties.jsp
index d1aa147b8c..575ba24399 100644
--- a/webapp/src/main/webapp/jsp/checkDatatypeProperties.jsp
+++ b/webapp/src/main/webapp/jsp/checkDatatypeProperties.jsp
@@ -6,12 +6,12 @@
 <%@ page import="edu.cornell.mannlib.vedit.beans.ButtonForm" %>
 
 <%
-if (request.getCheck("title") != null) {
+if (request.getAttribute("title") != null) {
 %>
-    <h2><%=request.getCheck("title")%></h2><%
+    <h2><%=request.getAttribute("title")%></h2><%
     }
 
-    ArrayList<String> logResults = (ArrayList<String>)request.getCheck("results");
+    ArrayList<String> logResults = (ArrayList<String>)request.getAttribute("results");
     %>
 
 <div class="editingForm">
diff --git a/webapp/src/main/webapp/templates/alpha/alphaIndex.jsp b/webapp/src/main/webapp/templates/alpha/alphaIndex.jsp
index 39752c4c62..22a592240d 100644
--- a/webapp/src/main/webapp/templates/alpha/alphaIndex.jsp
+++ b/webapp/src/main/webapp/templates/alpha/alphaIndex.jsp
@@ -33,7 +33,7 @@
     </c:forEach>
 
     <%
-    if( request.getCheck("alpha") != null && ! "all".equalsIgnoreCase((String)request.getCheck("alpha"))) {
+    if( request.getAttribute("alpha") != null && ! "all".equalsIgnoreCase((String)request.getAttribute("alpha"))) {
     %>
         <a href='<c:url value=".${requestScope.servlet}?&amp;alpha=all&amp;${requestScope.controllerParam}"/>'>all </a>
         <c:if test='${not empty requestScope.count }'>
diff --git a/webapp/src/main/webapp/templates/edit/fetch/horizontal.jsp b/webapp/src/main/webapp/templates/edit/fetch/horizontal.jsp
index 6f4821dd3d..b91c35fd69 100644
--- a/webapp/src/main/webapp/templates/edit/fetch/horizontal.jsp
+++ b/webapp/src/main/webapp/templates/edit/fetch/horizontal.jsp
@@ -4,13 +4,13 @@
 <%@ page import="edu.cornell.mannlib.vedit.beans.ButtonForm" %>
 
 <%
-if (request.getCheck("title") != null) {
+if (request.getAttribute("title") != null) {
 %>
-    <h2><%=request.getCheck("title")%></h2><%
+    <h2><%=request.getAttribute("title")%></h2><%
     }
     %>
 <%
-if (request.getCheck("title") == "Tabs") {
+if (request.getAttribute("title") == "Tabs") {
 %>
     <div id="flash-message" role="alert">Tabs have been deprecated with the 1.2 release and is no longer recommended for production VIVO instances. All development relating to tabs has ceased, and it will not be distributed in future releases.
     </div><%
@@ -23,19 +23,19 @@ if (request.getCheck("title") == "Tabs") {
 
 
 <%
-if (request.getCheck("horizontalJspAddButtonUrl") != null) {
+if (request.getAttribute("horizontalJspAddButtonUrl") != null) {
 %>
   <td>
-    <form action="<%=request.getCheck("horizontalJspAddButtonUrl")%>" method="get"><input type="submit" class="form-button" value="<%=request.getCheck("horizontalJspAddButtonText")%>"/>
+    <form action="<%=request.getAttribute("horizontalJspAddButtonUrl")%>" method="get"><input type="submit" class="form-button" value="<%=request.getAttribute("horizontalJspAddButtonText")%>"/>
 <%
-if (request.getCheck("horizontalJspAddButtonControllerParam") != null) {
+if (request.getAttribute("horizontalJspAddButtonControllerParam") != null) {
 %>
-        <input type="hidden" name="controller" value="<%=request.getCheck("horizontalJspAddButtonControllerParam")%>"/>
+        <input type="hidden" name="controller" value="<%=request.getAttribute("horizontalJspAddButtonControllerParam")%>"/>
 <%
 }
-    if (request.getCheck("home") != null) {
+    if (request.getAttribute("home") != null) {
 %>
-        <input type="hidden" name="home" value="<%=request.getCheck("home")%>"/>
+        <input type="hidden" name="home" value="<%=request.getAttribute("home")%>"/>
 <%
 }
 %>
@@ -43,7 +43,7 @@ if (request.getCheck("horizontalJspAddButtonControllerParam") != null) {
   </td>
 <%
 }
-List <ButtonForm> topButtons = (List)request.getCheck("topButtons");
+List <ButtonForm> topButtons = (List)request.getAttribute("topButtons");
 if (topButtons!=null) {
     Iterator iter = topButtons.iterator();
     while (iter.hasNext()){
@@ -79,14 +79,14 @@ HashMap<String,String> params=b.getParams();
 int columns = 0;
     boolean havePostQueryData = false;
 
-    String editFormStr = (String)request.getCheck("editform");
-    String minEditRoleStr = (String)request.getCheck("min_edit_role");
+    String editFormStr = (String)request.getAttribute("editform");
+    String minEditRoleStr = (String)request.getAttribute("min_edit_role");
 
     String firstValue = "null", secondValue = "null";
-    Integer columnCount = (Integer)request.getCheck("columncount");
+    Integer columnCount = (Integer)request.getAttribute("columncount");
     columns = columnCount.intValue();
 
-    String clickSortStr = (String)request.getCheck("clicksort");
+    String clickSortStr = (String)request.getAttribute("clicksort");
 
     if ( columns > 0 && results.size() > 0) {    // avoid divide by zero error in next statement
         /* start enclosing table cell that holds all results */
@@ -96,9 +96,9 @@ int columns = 0;
 String suppressStr = null;
         boolean isPostQHeaderRow = false;
 
-        if ( ( suppressStr = (String)request.getCheck("suppressquery")) == null ) { // only inserted into request if true
+        if ( ( suppressStr = (String)request.getAttribute("suppressquery")) == null ) { // only inserted into request if true
 %>
-<i><b><%=(results.size() - columns) / columns%></b> rows of results were retrieved in <b><%=columns%></b> columns for query "<%=request.getCheck("querystring")%>".</i>
+<i><b><%=(results.size() - columns) / columns%></b> rows of results were retrieved in <b><%=columns%></b> columns for query "<%=request.getAttribute("querystring")%>".</i>
 <br/>
 <%
 }
@@ -259,13 +259,13 @@ havePostQueryData = false;
 %>
 <%
 if ( editFormStr != null  && minEditRoleStr != null ) {
-    String loginStatus =(String)session.getCheck("loginStatus");
+    String loginStatus =(String)session.getAttribute("loginStatus");
     if ( loginStatus != null &&  "authenticated".equals(loginStatus) ) {
         String currentRemoteAddrStr = request.getRemoteAddr();
-        String storedRemoteAddr = (String)session.getCheck("loginRemoteAddr");
+        String storedRemoteAddr = (String)session.getAttribute("loginRemoteAddr");
         if ( storedRemoteAddr != null && currentRemoteAddrStr.equals( storedRemoteAddr ) ) {
     int minEditRole = Integer.parseInt(  minEditRoleStr );
-    String authorizedRoleStr = (String)session.getCheck("loginRole");
+    String authorizedRoleStr = (String)session.getAttribute("loginRole");
     if ( authorizedRoleStr != null ) {
         int authorizedRole = Integer.parseInt( authorizedRoleStr );
         if ( authorizedRole >= minEditRole ) {
diff --git a/webapp/src/main/webapp/templates/edit/fetch/vertical.jsp b/webapp/src/main/webapp/templates/edit/fetch/vertical.jsp
index 81d29af265..4f382b49e2 100644
--- a/webapp/src/main/webapp/templates/edit/fetch/vertical.jsp
+++ b/webapp/src/main/webapp/templates/edit/fetch/vertical.jsp
@@ -4,15 +4,15 @@
 <%@ page import="java.util.*,java.lang.String.*" %>
 
 <%
-if (request.getCheck("title") != null) {
+if (request.getAttribute("title") != null) {
 %>
-  <h2><%=request.getCheck("title")%></h2>
+  <h2><%=request.getAttribute("title")%></h2>
 <%
 }
 %>
 
 <%
-String headerStr = (String)request.getCheck("header");
+String headerStr = (String)request.getAttribute("header");
 if ( headerStr == null || (!headerStr.equalsIgnoreCase("noheader")) ) {
 %>
 <%
@@ -22,20 +22,20 @@ if ( headerStr == null || (!headerStr.equalsIgnoreCase("noheader")) ) {
 <%
 int rows = 0;
 
-String minEditRoleStr = (String)request.getCheck("min_edit_role");
+String minEditRoleStr = (String)request.getAttribute("min_edit_role");
 
 String firstValue = "null";
-Integer columnCount = (Integer)request.getCheck("columncount");
+Integer columnCount = (Integer)request.getAttribute("columncount");
 rows = columnCount.intValue();
 
-String clickSortStr = (String)request.getCheck("clicksort");
+String clickSortStr = (String)request.getAttribute("clicksort");
 
 if ( rows > 0  && results.size() > rows ) { // avoid divide by zero error in next statement
     String suppressStr = null;
     int columns = results.size() / rows;
-    if ( ( suppressStr = (String)request.getCheck("suppressquery")) == null ) { // only inserted into request if true
+    if ( ( suppressStr = (String)request.getAttribute("suppressquery")) == null ) { // only inserted into request if true
 %>
-        <p><i><b><%=columns - 1%></b> results were retrieved in <b><%=rows%></b> rows for query "<%=request.getCheck("querystring")%>".</i></p>
+        <p><i><b><%=columns - 1%></b> results were retrieved in <b><%=rows%></b> rows for query "<%=request.getAttribute("querystring")%>".</i></p>
 <%
 }
     if ( clickSortStr != null && clickSortStr.equals("true")) {
@@ -134,7 +134,7 @@ String[] resultsArray = new String[results.size()]; // see Core Java Vol. 1 p.21
 } else {
     System.out.println("No results reported when " + rows + " rows and a result array size of " + results.size());
 %>
-    No results retrieved for query "<%=request.getCheck("querystring")%>".
+    No results retrieved for query "<%=request.getAttribute("querystring")%>".
 <%  Iterator errorIter = results.iterator();
     while ( errorIter.hasNext()) {
         String errorResult = (String)errorIter.next(); %>
diff --git a/webapp/src/main/webapp/templates/edit/specific/classgroups_edit.jsp b/webapp/src/main/webapp/templates/edit/specific/classgroups_edit.jsp
index 7191caed9a..3b8f838bd2 100644
--- a/webapp/src/main/webapp/templates/edit/specific/classgroups_edit.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/classgroups_edit.jsp
@@ -14,7 +14,7 @@
 			<input type="submit" class="form-button" value="display this class group's record"/>
 			<input type="hidden" name="queryspec" value="private_classgroup"/>
 			<input type="hidden" name="header" value="titleonly"/>
-			<input type="hidden" name="linkwhere" value="classgroups.id=<%=request.getCheck("firstvalue")%>"/>
+			<input type="hidden" name="linkwhere" value="classgroups.id=<%=request.getAttribute("firstvalue")%>"/>
 		</form>
 		<form action="fetch" method="get">
 			<input type="submit" class="form-button" value="see all class groups"/>
@@ -24,8 +24,8 @@
 	</td>
 	<td valign="bottom" align="center">
 		<form action="editForm" method="get">
-			<input name="id" type = "hidden" value="<%=request.getCheck("firstvalue")%>" />
-			<input type="submit" class="form-button" value="edit class group <%=request.getCheck("firstvalue")%>"/>
+			<input name="id" type = "hidden" value="<%=request.getAttribute("firstvalue")%>" />
+			<input type="submit" class="form-button" value="edit class group <%=request.getAttribute("firstvalue")%>"/>
 			<input type="hidden" name="controller" value="Classgroup"/>
 		</form>
 	</td>
@@ -36,7 +36,7 @@
 		</form>
 		<form action="editForm" method="get">
 			<input type="hidden" name="controller" value="Vclass"/>
-			<input type="hidden" name="GroupId" value="<%=request.getCheck("firstvalue")%>"/>
+			<input type="hidden" name="GroupId" value="<%=request.getAttribute("firstvalue")%>"/>
 			<input type="submit" class="form-button" value="add new class to this group"/>
 		</form>
 	</td>
diff --git a/webapp/src/main/webapp/templates/edit/specific/datatypes_edit.jsp b/webapp/src/main/webapp/templates/edit/specific/datatypes_edit.jsp
index c1e20a2ac2..f72f9210af 100644
--- a/webapp/src/main/webapp/templates/edit/specific/datatypes_edit.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/datatypes_edit.jsp
@@ -18,7 +18,7 @@
 	</td>
 	<td valign="bottom" align="center">
 		<form action="datatype_retry" method="get">
-			<input type="hidden" name="id" value="<%=request.getCheck("firstvalue")%>"/>
+			<input type="hidden" name="id" value="<%=request.getAttribute("firstvalue")%>"/>
 			<input type="submit" class="form-button" value="Edit This Datatype"/>
 		</form>
 	</td>
diff --git a/webapp/src/main/webapp/templates/edit/specific/ents_edit_head.jsp b/webapp/src/main/webapp/templates/edit/specific/ents_edit_head.jsp
index 6cc44fed1f..23d65fce28 100644
--- a/webapp/src/main/webapp/templates/edit/specific/ents_edit_head.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/ents_edit_head.jsp
@@ -9,7 +9,7 @@ String context = request.getContextPath();
 
 
 <%
-if (!(Boolean)request.getCheck("dwrDisabled")) {
+if (!(Boolean)request.getAttribute("dwrDisabled")) {
 %>
 <script type="text/javascript">
     // DWR 3 is a better citizen for co-existing with jQuery.
diff --git a/webapp/src/main/webapp/templates/edit/specific/merge_result.jsp b/webapp/src/main/webapp/templates/edit/specific/merge_result.jsp
index 287a3f7af2..7e2944b28b 100644
--- a/webapp/src/main/webapp/templates/edit/specific/merge_result.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/merge_result.jsp
@@ -7,6 +7,6 @@
 
 <h3>Merge Individuals</h3>
 <%
-String result = (String) request.getCheck("result");
+String result = (String) request.getAttribute("result");
 %>
 <p><b><%=result%></b></p>
diff --git a/webapp/src/main/webapp/templates/edit/specific/namespaces_edit.jsp b/webapp/src/main/webapp/templates/edit/specific/namespaces_edit.jsp
index 9fbba9464e..bd38218c97 100644
--- a/webapp/src/main/webapp/templates/edit/specific/namespaces_edit.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/namespaces_edit.jsp
@@ -18,8 +18,8 @@
 	</td>
 	<td valign="bottom" align="center">
 		<form action="editForm" method="get">
-			<input type="submit" class="form-button" value="Edit Namespace <%=request.getCheck("firstvalue")%>"/>
-			<input name="id" type = "hidden" value="<%=request.getCheck("firstvalue")%>" />
+			<input type="submit" class="form-button" value="Edit Namespace <%=request.getAttribute("firstvalue")%>"/>
+			<input name="id" type = "hidden" value="<%=request.getAttribute("firstvalue")%>" />
 			<input type="hidden" name="controller" value="Namespace"/>
 		</form>
 	</td>
diff --git a/webapp/src/main/webapp/templates/entity/entityListForTabs.jsp b/webapp/src/main/webapp/templates/entity/entityListForTabs.jsp
index 7b9f6beeb8..b493c3baaa 100644
--- a/webapp/src/main/webapp/templates/entity/entityListForTabs.jsp
+++ b/webapp/src/main/webapp/templates/entity/entityListForTabs.jsp
@@ -17,7 +17,7 @@
 
          bdc34 2006-01-27 created
     **********************************************/
-        if (request.getCheck("entities") == null){
+        if (request.getAttribute("entities") == null){
     String e="entityListForTabs.jsp expects that request attribute 'entities' be set to a List of Entity objects.";
     throw new JspException(e);
         }
@@ -90,10 +90,10 @@
 
 <%-- Show pages to select from --%>
 <%
-if( request.getCheck("alpha") != null && ! "all".equalsIgnoreCase((String)request.getCheck("alpha"))) {
-  request.setAttribute("pageAlpha",request.getCheck("alpha"));
+if( request.getAttribute("alpha") != null && ! "all".equalsIgnoreCase((String)request.getAttribute("alpha"))) {
+  request.setAttribute("pageAlpha",request.getAttribute("alpha"));
 }else{
-  request.setAttribute("pageAlpha",request.getCheck("all"));
+  request.setAttribute("pageAlpha",request.getAttribute("all"));
 }
 %>
 
diff --git a/webapp/src/main/webapp/templates/entity/entityListPages.jsp b/webapp/src/main/webapp/templates/entity/entityListPages.jsp
index 1571a71848..737b147ff1 100644
--- a/webapp/src/main/webapp/templates/entity/entityListPages.jsp
+++ b/webapp/src/main/webapp/templates/entity/entityListPages.jsp
@@ -5,10 +5,10 @@
 
 <%-- Show pages to select from --%>
 <%
-if( request.getCheck("alpha") != null && ! "all".equalsIgnoreCase((String)request.getCheck("alpha"))) {
-  request.setAttribute("pageAlpha",request.getCheck("alpha"));
+if( request.getAttribute("alpha") != null && ! "all".equalsIgnoreCase((String)request.getAttribute("alpha"))) {
+  request.setAttribute("pageAlpha",request.getAttribute("alpha"));
 }else{
-  request.setAttribute("pageAlpha",request.getCheck("all"));
+  request.setAttribute("pageAlpha",request.getAttribute("all"));
 }
 %>
 
diff --git a/webapp/src/main/webapp/templates/page/bodyMsg.jsp b/webapp/src/main/webapp/templates/page/bodyMsg.jsp
index bc82e4b1a0..68e89fcf85 100644
--- a/webapp/src/main/webapp/templates/page/bodyMsg.jsp
+++ b/webapp/src/main/webapp/templates/page/bodyMsg.jsp
@@ -11,7 +11,7 @@
      bdc34 2009-02-03 created
      **********************************************/
 
-     if (request.getCheck("msg") == null ){
+     if (request.getAttribute("msg") == null ){
          throw new JspException(
          "bodyMsg.jsp expects that request parameter 'msg' be set to"
          + " the message for the page.\n"
@@ -19,5 +19,5 @@
      }
    // only get the msg from the attributes, because of cross site exploits,
    // never from the parameters.
-   out.print( (String)request.getCheck("msg") );
+   out.print( (String)request.getAttribute("msg") );
 %>
diff --git a/webapp/src/main/webapp/templates/page/freemarkerTransition/footer.jsp b/webapp/src/main/webapp/templates/page/freemarkerTransition/footer.jsp
index 139e0e904b..100b525508 100644
--- a/webapp/src/main/webapp/templates/page/freemarkerTransition/footer.jsp
+++ b/webapp/src/main/webapp/templates/page/freemarkerTransition/footer.jsp
@@ -6,7 +6,7 @@
 <%
 // This is here as a safety net. We should have gotten the values in identity.jsp,
     // since it's the first jsp we hit.
-    String footer = (String) request.getCheck("ftl_footer");
+    String footer = (String) request.getAttribute("ftl_footer");
     if (footer == null) {
         FreemarkerHttpServlet.getFreemarkerComponentsForJsp(request);
     }
diff --git a/webapp/src/main/webapp/templates/page/freemarkerTransition/menu.jsp b/webapp/src/main/webapp/templates/page/freemarkerTransition/menu.jsp
index e70a8b2612..dfa80002cd 100644
--- a/webapp/src/main/webapp/templates/page/freemarkerTransition/menu.jsp
+++ b/webapp/src/main/webapp/templates/page/freemarkerTransition/menu.jsp
@@ -6,7 +6,7 @@
 <%
 // This is here as a safety net. We should have gotten the values in identity.jsp,
     // since it's the first jsp we hit.
-    String menu = (String) request.getCheck("ftl_menu");
+    String menu = (String) request.getAttribute("ftl_menu");
     if (menu == null) {
         FreemarkerHttpServlet.getFreemarkerComponentsForJsp(request);
     }

From 2550017217bbd734e0f81ed31bf0ab53d19d389c Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 24 Oct 2023 13:58:38 +0200
Subject: [PATCH 069/148] Clean up jsp files

---
 webapp/src/main/webapp/error.jsp              |  18 +-
 .../webapp/jenaIngest/csv2rdfSelectUri.jsp    |   9 +-
 .../webapp/jenaIngest/executeWorkflow.jsp     |   8 +-
 .../main/webapp/jenaIngest/merge_result.jsp   |   2 +-
 .../main/webapp/jenaIngest/permanentURI.jsp   |   5 +-
 .../jenaIngest/renameBNodesURISelect.jsp      |   9 +-
 .../main/webapp/jenaIngest/renameResult.jsp   |   4 +-
 .../webapp/jenaIngest/sparqlConstruct.jsp     |  52 ++--
 .../main/webapp/jenaIngest/workflowStep.jsp   |  10 +-
 .../jenaIngest/xmlFileUploadSuccess.jsp       |   2 +-
 .../webapp/jsp/checkDatatypeProperties.jsp    |  10 +-
 .../webapp/templates/alpha/alphaIndex.jsp     |   4 +-
 .../templates/edit/fetch/horizontal.jsp       | 240 ++++++++----------
 .../webapp/templates/edit/fetch/vertical.jsp  | 135 ++++------
 .../templates/edit/specific/merge_result.jsp  |   4 +-
 .../templates/entity/entityListForTabs.jsp    |  11 +-
 .../main/webapp/templates/page/bodyMsg.jsp    |   7 +-
 .../page/freemarkerTransition/footer.jsp      |   2 +-
 .../page/freemarkerTransition/menu.jsp        |   2 +-
 19 files changed, 225 insertions(+), 309 deletions(-)

diff --git a/webapp/src/main/webapp/error.jsp b/webapp/src/main/webapp/error.jsp
index 93561b59fc..4bd25405cf 100755
--- a/webapp/src/main/webapp/error.jsp
+++ b/webapp/src/main/webapp/error.jsp
@@ -8,7 +8,7 @@
 <%@page import="org.apache.commons.logging.Log"%>
 <%@page import="org.apache.commons.logging.LogFactory"%>
 <%
-// We have seen that this page can throw its own error.
+   // We have seen that this page can throw its own error.
    // Before it does so, be sure that we have written the original error to the log.
     Object c = request.getAttribute("javax.servlet.jsp.jspException");
     if (c instanceof Throwable) {
@@ -18,15 +18,15 @@
     }
 
 
-    VitroRequest vreq = new VitroRequest(request);
-    ApplicationBean appBean = vreq.getAppBean();
-    String themeDir = appBean.getThemeDir();
+            VitroRequest vreq = new VitroRequest(request);
+            ApplicationBean appBean = vreq.getAppBean();
+            String themeDir = appBean.getThemeDir();
 
-    request.setAttribute("bodyJsp", "/errorbody.jsp");
-    request.setAttribute("title", "Error");
-    request.setAttribute("css", "");
-    request.setAttribute("themeDir", themeDir);
-%>
+            request.setAttribute("bodyJsp", "/errorbody.jsp");
+            request.setAttribute("title", "Error");
+            request.setAttribute("css", "");
+            request.setAttribute("themeDir", themeDir);
+            %>
 
 
     <jsp:include page="/templates/page/doctype.jsp"/>
diff --git a/webapp/src/main/webapp/jenaIngest/csv2rdfSelectUri.jsp b/webapp/src/main/webapp/jenaIngest/csv2rdfSelectUri.jsp
index b3f3f88d96..322abb0aeb 100644
--- a/webapp/src/main/webapp/jenaIngest/csv2rdfSelectUri.jsp
+++ b/webapp/src/main/webapp/jenaIngest/csv2rdfSelectUri.jsp
@@ -54,11 +54,10 @@ function disableProperties(){
     <input type="radio" value="pattern" name="concatenate" onclick="selectProperties()">Use pattern based on values of </input>
 
 
-    <%
-    Map<String,LinkedList<String>> propertyMap = (Map) request.getAttribute("propertyMap");
-           Set<Entry<String,LinkedList<String>>> set = propertyMap.entrySet();
-           Iterator<Entry<String,LinkedList<String>>> itr = set.iterator();
-           Entry<String, LinkedList<String>> entry = null;
+    <% Map<String,LinkedList<String>> propertyMap = (Map) request.getAttribute("propertyMap");
+       Set<Entry<String,LinkedList<String>>> set = propertyMap.entrySet();
+       Iterator<Entry<String,LinkedList<String>>> itr = set.iterator();
+       Entry<String, LinkedList<String>> entry = null;
     %>
 
     <select name="property" id="properties" disabled="disabled">
diff --git a/webapp/src/main/webapp/jenaIngest/executeWorkflow.jsp b/webapp/src/main/webapp/jenaIngest/executeWorkflow.jsp
index 4a76b7ac5f..2a4c5e7cac 100644
--- a/webapp/src/main/webapp/jenaIngest/executeWorkflow.jsp
+++ b/webapp/src/main/webapp/jenaIngest/executeWorkflow.jsp
@@ -24,15 +24,15 @@
         <select name="workflowURI">
 
         <%
-        OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
+              OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
               jenaOntModel.enterCriticalSection(Lock.READ);
               try {
                   List savedQueries = (List) request.getAttribute("workflows");
-        	          for (Iterator it = savedQueries.iterator(); it.hasNext();)  {
-        	              Individual savedQuery = (Individual) it.next();
+	          for (Iterator it = savedQueries.iterator(); it.hasNext();)  {
+	              Individual savedQuery = (Individual) it.next();
                       String queryURI = savedQuery.getURI();
                       String queryLabel = savedQuery.getLabel(null);
-        %> <option value="<%=queryURI%>"><%=queryLabel%></option> <%
+                      %> <option value="<%=queryURI%>"><%=queryLabel%></option> <%
                   }
               } finally {
                   jenaOntModel.leaveCriticalSection();
diff --git a/webapp/src/main/webapp/jenaIngest/merge_result.jsp b/webapp/src/main/webapp/jenaIngest/merge_result.jsp
index 540441974b..1a6e73d207 100644
--- a/webapp/src/main/webapp/jenaIngest/merge_result.jsp
+++ b/webapp/src/main/webapp/jenaIngest/merge_result.jsp
@@ -13,7 +13,7 @@
 <h2><a class="ingestMenu" href="ingest">Ingest Menu</a> > Merge Individuals</h2>
 
 <%
-MergeResult resultObj = (MergeResult) request.getAttribute("result");
+    MergeResult resultObj = (MergeResult) request.getAttribute("result");
     String result = resultObj.getResultText();
 %>
 
diff --git a/webapp/src/main/webapp/jenaIngest/permanentURI.jsp b/webapp/src/main/webapp/jenaIngest/permanentURI.jsp
index 013f03567a..9157d9991e 100644
--- a/webapp/src/main/webapp/jenaIngest/permanentURI.jsp
+++ b/webapp/src/main/webapp/jenaIngest/permanentURI.jsp
@@ -29,14 +29,13 @@ URIs exactly of the form created through the GUI interface.</p>
 <input type="hidden" name="action" value="permanentURI" />
 <p>Current namespace of resources
 <select name=oldNamespace>
-<%
-List namespaces = (List)request.getAttribute("namespaceList");
+<%List namespaces = (List)request.getAttribute("namespaceList");
 if(namespaces != null) {
 	Iterator namespaceItr = namespaces.iterator();
 	Integer count = 0;
 	while (namespaceItr.hasNext()){
 		String namespaceText = (String) namespaceItr.next();
-%>
+		%>
         <option value="<%=namespaceText%>"><%=namespaceText%></option>
 <%  }
 }%>
diff --git a/webapp/src/main/webapp/jenaIngest/renameBNodesURISelect.jsp b/webapp/src/main/webapp/jenaIngest/renameBNodesURISelect.jsp
index 4c808f94fa..76b81e8eb5 100644
--- a/webapp/src/main/webapp/jenaIngest/renameBNodesURISelect.jsp
+++ b/webapp/src/main/webapp/jenaIngest/renameBNodesURISelect.jsp
@@ -58,11 +58,10 @@ function disableProperties(){
     <input type="radio" value="pattern" name="concatenate" onclick="selectProperties()">Use pattern based on values of </input>
 
 
-    <%
-    Map<String,LinkedList<String>> propertyMap = (Map) request.getAttribute("propertyMap");
-           Set<Entry<String,LinkedList<String>>> set = propertyMap.entrySet();
-           Iterator<Entry<String,LinkedList<String>>> itr = set.iterator();
-           Entry<String, LinkedList<String>> entry = null;
+    <% Map<String,LinkedList<String>> propertyMap = (Map) request.getAttribute("propertyMap");
+       Set<Entry<String,LinkedList<String>>> set = propertyMap.entrySet();
+       Iterator<Entry<String,LinkedList<String>>> itr = set.iterator();
+       Entry<String, LinkedList<String>> entry = null;
     %>
     <%if(itr.hasNext()){%>
     <select name="property" id="properties" disabled="disabled">
diff --git a/webapp/src/main/webapp/jenaIngest/renameResult.jsp b/webapp/src/main/webapp/jenaIngest/renameResult.jsp
index c7855dfe33..a6c38dbb60 100644
--- a/webapp/src/main/webapp/jenaIngest/renameResult.jsp
+++ b/webapp/src/main/webapp/jenaIngest/renameResult.jsp
@@ -9,7 +9,5 @@
 
 <h2><a class="ingestMenu" href="ingest">Ingest Menu</a> > Rename Resource</h2>
 
-<%
-String result = (String) request.getAttribute("result");
-%>
+<%String result = (String) request.getAttribute("result");%>
 <p><b><%=result%></b></p>
diff --git a/webapp/src/main/webapp/jenaIngest/sparqlConstruct.jsp b/webapp/src/main/webapp/jenaIngest/sparqlConstruct.jsp
index f1d6a175fb..4d705c3e20 100644
--- a/webapp/src/main/webapp/jenaIngest/sparqlConstruct.jsp
+++ b/webapp/src/main/webapp/jenaIngest/sparqlConstruct.jsp
@@ -48,22 +48,22 @@
 <h3>SPARQL Query <select name="savedQuery">
 	<option value="">select saved query</option>
 	<%
-	OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
-	      jenaOntModel.enterCriticalSection(Lock.READ);
-	      try {
-	          List savedQueries = (List) request.getAttribute("savedQueries");
-		          for (Iterator it = savedQueries.iterator(); it.hasNext();)  {
-		              Individual savedQuery = (Individual) it.next();
-	              String queryURI = savedQuery.getURI();
-	              String queryLabel = savedQuery.getLabel(null);
-	%>
+              OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
+              jenaOntModel.enterCriticalSection(Lock.READ);
+              try {
+                  List savedQueries = (List) request.getAttribute("savedQueries");
+	          for (Iterator it = savedQueries.iterator(); it.hasNext();)  {
+	              Individual savedQuery = (Individual) it.next();
+                      String queryURI = savedQuery.getURI();
+                      String queryLabel = savedQuery.getLabel(null);
+                      %>
 	<option value="<%=queryURI%>"><%=queryLabel%></option>
 	<%
-	}
-	      } finally {
-	          jenaOntModel.leaveCriticalSection();
-		      }
-	%>
+                  }
+              } finally {
+                  jenaOntModel.leaveCriticalSection();
+	      }
+        %>
 </select>
 
 <textarea rows="25" cols="40" name="sparqlQueryStr" class="maxWidth"><c:choose>
@@ -77,19 +77,17 @@ PREFIX owl:   &lt;http://www.w3.org/2002/07/owl#&gt;
 PREFIX xsd:   &lt;http://www.w3.org/2001/XMLSchema#&gt;
 PREFIX vitro: &lt;http://vitro.mannlib.cornell.edu/ns/vitro/0.7#&gt;
 PREFIX swrl:  &lt;http://www.w3.org/2003/11/swrl#&gt;
-PREFIX swrlb: &lt;http://www.w3.org/2003/11/swrlb#&gt;<%
-    List prefixes = (List)request.getAttribute("prefixList");
-    if(prefixes != null){
-    	Iterator prefixItr = prefixes.iterator();
-    	Integer count = 0;
-    	while (prefixItr.hasNext()){
-    		String prefixText = (String) prefixItr.next();
-    		if(prefixText.equals("(not yet specified)")){
-    			count++;
-    			prefixText = "p." + count.toString();
-    		}
-    		String urlText = (String) prefixItr.next();
-    %>
+PREFIX swrlb: &lt;http://www.w3.org/2003/11/swrlb#&gt;<%List prefixes = (List)request.getAttribute("prefixList");
+if(prefixes != null){
+	Iterator prefixItr = prefixes.iterator();
+	Integer count = 0;
+	while (prefixItr.hasNext()){
+		String prefixText = (String) prefixItr.next();
+		if(prefixText.equals("(not yet specified)")){
+			count++;
+			prefixText = "p." + count.toString();
+		}
+		String urlText = (String) prefixItr.next();%>
 PREFIX <%=prefixText%>: <<%=urlText%>><%}}%>
 
 
diff --git a/webapp/src/main/webapp/jenaIngest/workflowStep.jsp b/webapp/src/main/webapp/jenaIngest/workflowStep.jsp
index 4c170c115d..8f1201b84b 100644
--- a/webapp/src/main/webapp/jenaIngest/workflowStep.jsp
+++ b/webapp/src/main/webapp/jenaIngest/workflowStep.jsp
@@ -26,16 +26,16 @@
 		<select name="workflowStepURI">
 
         <%
-        OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
+              OntModel jenaOntModel = ModelAccess.on(getServletContext()).getOntModel();
               jenaOntModel.enterCriticalSection(Lock.READ);
               try {
                   List workflowSteps  = (List) request.getAttribute("workflowSteps");
-        	          for (Iterator it = workflowSteps.iterator(); it.hasNext();)  {
-        	              Individual workflowStep = (Individual) it.next();
+	          for (Iterator it = workflowSteps.iterator(); it.hasNext();)  {
+	              Individual workflowStep = (Individual) it.next();
                       String workflowStepURI = workflowStep.getURI();
                       String workflowStepLabel = workflowStep.getLabel(null);
-        					  String workflowStepString = (workflowStepLabel != null) ? workflowStepLabel : workflowStepURI;
-        %> <option value="<%=workflowStepURI%>"><%=workflowStepString%></option> <%
+					  String workflowStepString = (workflowStepLabel != null) ? workflowStepLabel : workflowStepURI;
+                      %> <option value="<%=workflowStepURI%>"><%=workflowStepString%></option> <%
                   }
               } finally {
                   jenaOntModel.leaveCriticalSection();
diff --git a/webapp/src/main/webapp/jenaIngest/xmlFileUploadSuccess.jsp b/webapp/src/main/webapp/jenaIngest/xmlFileUploadSuccess.jsp
index 299e095acb..90cb6d8a47 100644
--- a/webapp/src/main/webapp/jenaIngest/xmlFileUploadSuccess.jsp
+++ b/webapp/src/main/webapp/jenaIngest/xmlFileUploadSuccess.jsp
@@ -11,6 +11,6 @@
 <vitro:confirmAuthorization />
 
 <p>Uploaded XML files and converted to RDF.</p>
-<p>Loaded <%=request.getAttribute("statementCount")%> statements to the model <%=request.getAttribute("targetModel")%>.</p>
+<p>Loaded <%= request.getAttribute("statementCount") %> statements to the model <%= request.getAttribute("targetModel") %>.</p>
 
 <h2><a class="ingestMenu" href="ingest">Ingest Menu</a></h2>
diff --git a/webapp/src/main/webapp/jsp/checkDatatypeProperties.jsp b/webapp/src/main/webapp/jsp/checkDatatypeProperties.jsp
index 575ba24399..f52b232237 100644
--- a/webapp/src/main/webapp/jsp/checkDatatypeProperties.jsp
+++ b/webapp/src/main/webapp/jsp/checkDatatypeProperties.jsp
@@ -6,13 +6,13 @@
 <%@ page import="edu.cornell.mannlib.vedit.beans.ButtonForm" %>
 
 <%
-if (request.getAttribute("title") != null) {
-%>
+if (request.getAttribute("title") != null) { %>
     <h2><%=request.getAttribute("title")%></h2><%
-    }
+}
+
+ArrayList<String> logResults = (ArrayList<String>)request.getAttribute("results");
 
-    ArrayList<String> logResults = (ArrayList<String>)request.getAttribute("results");
-    %>
+%>
 
 <div class="editingForm">
 	<table style="margin-bottom:1.5ex;">
diff --git a/webapp/src/main/webapp/templates/alpha/alphaIndex.jsp b/webapp/src/main/webapp/templates/alpha/alphaIndex.jsp
index 22a592240d..f264595642 100644
--- a/webapp/src/main/webapp/templates/alpha/alphaIndex.jsp
+++ b/webapp/src/main/webapp/templates/alpha/alphaIndex.jsp
@@ -32,9 +32,7 @@
          </c:if>
     </c:forEach>
 
-    <%
-    if( request.getAttribute("alpha") != null && ! "all".equalsIgnoreCase((String)request.getAttribute("alpha"))) {
-    %>
+    <%  if( request.getAttribute("alpha") != null && ! "all".equalsIgnoreCase((String)request.getAttribute("alpha"))) {  %>
         <a href='<c:url value=".${requestScope.servlet}?&amp;alpha=all&amp;${requestScope.controllerParam}"/>'>all </a>
         <c:if test='${not empty requestScope.count }'>
             (${requestScope.count} that start with ${requestScope.alpha })
diff --git a/webapp/src/main/webapp/templates/edit/fetch/horizontal.jsp b/webapp/src/main/webapp/templates/edit/fetch/horizontal.jsp
index b91c35fd69..a9c4c99c00 100644
--- a/webapp/src/main/webapp/templates/edit/fetch/horizontal.jsp
+++ b/webapp/src/main/webapp/templates/edit/fetch/horizontal.jsp
@@ -4,41 +4,31 @@
 <%@ page import="edu.cornell.mannlib.vedit.beans.ButtonForm" %>
 
 <%
-if (request.getAttribute("title") != null) {
-%>
+if (request.getAttribute("title") != null) { %>
     <h2><%=request.getAttribute("title")%></h2><%
-    }
-    %>
-<%
-if (request.getAttribute("title") == "Tabs") {
+}
 %>
+<%
+if (request.getAttribute("title") == "Tabs") { %>
     <div id="flash-message" role="alert">Tabs have been deprecated with the 1.2 release and is no longer recommended for production VIVO instances. All development relating to tabs has ceased, and it will not be distributed in future releases.
     </div><%
-    }
-    %>
+}
+%>
 
 <table style="margin-bottom:1.5ex;">
 <tr>
   <td style="width:0;padding:0;margin:0;"/>
 
 
-<%
-if (request.getAttribute("horizontalJspAddButtonUrl") != null) {
-%>
+<%if (request.getAttribute("horizontalJspAddButtonUrl") != null) {%>
   <td>
     <form action="<%=request.getAttribute("horizontalJspAddButtonUrl")%>" method="get"><input type="submit" class="form-button" value="<%=request.getAttribute("horizontalJspAddButtonText")%>"/>
-<%
-if (request.getAttribute("horizontalJspAddButtonControllerParam") != null) {
-%>
+<%  if (request.getAttribute("horizontalJspAddButtonControllerParam") != null) {%>
         <input type="hidden" name="controller" value="<%=request.getAttribute("horizontalJspAddButtonControllerParam")%>"/>
-<%
-}
-    if (request.getAttribute("home") != null) {
-%>
+<%  }
+    if (request.getAttribute("home") != null) {%>
         <input type="hidden" name="home" value="<%=request.getAttribute("home")%>"/>
-<%
-}
-%>
+<%  }%>
     </form>
   </td>
 <%
@@ -47,27 +37,20 @@ List <ButtonForm> topButtons = (List)request.getAttribute("topButtons");
 if (topButtons!=null) {
     Iterator iter = topButtons.iterator();
     while (iter.hasNext()){
-       ButtonForm b = (ButtonForm)iter.next();
-%>
+       ButtonForm b = (ButtonForm)iter.next();%>
        <td>
        <form <%=b.getCssClass()%> action="<%=b.getAction()%>" method="get">
-<%
-HashMap<String,String> params=b.getParams();
+<%         HashMap<String,String> params=b.getParams();
            if (params!=null) {
-       for (String key : b.getParams().keySet()) {
-%>
+               for (String key : b.getParams().keySet()) {%>
                    <input type="hidden" name="<%=key%>" value="<%=params.get(key)%>"/>
-<%
-}
-           }
-%>
+<%             }
+           }%>
            <input type="submit" class="form-button" value="<%=b.getLabel()%>"/>
        </form>
        </td>
-<%
-}
-}
-%>
+<%  }
+}%>
 
 </tr></table>
 
@@ -75,8 +58,7 @@ HashMap<String,String> params=b.getParams();
 
 <jsp:useBean id="results" class="java.util.ArrayList" scope="request" />
 
-<%
-int columns = 0;
+<% int columns = 0;
     boolean havePostQueryData = false;
 
     String editFormStr = (String)request.getAttribute("editform");
@@ -92,169 +74,150 @@ int columns = 0;
         /* start enclosing table cell that holds all results */
 %>
 
-<%
-String suppressStr = null;
+<%      String suppressStr = null;
         boolean isPostQHeaderRow = false;
 
         if ( ( suppressStr = (String)request.getAttribute("suppressquery")) == null ) { // only inserted into request if true
 %>
-<i><b><%=(results.size() - columns) / columns%></b> rows of results were retrieved in <b><%=columns%></b> columns for query "<%=request.getAttribute("querystring")%>".</i>
+<i><b><%=(results.size() - columns) / columns %></b> rows of results were retrieved in <b><%= columns %></b> columns for query "<%=request.getAttribute("querystring")%>".</i>
 <br/>
-<%
-}
+<%      }
         Iterator iter = results.iterator();
         int resultCount = 0, primaryRowNumber=0, pageRowNumber=0;
         while (iter.hasNext()) {
-    String classString;
+            String classString;
 
-    String thisResult = (String)iter.next();
-    if ( "+".equals(thisResult) ) {
-        havePostQueryData = true;
-        classString = "database_postheader";
-        isPostQHeaderRow = true;
-        thisResult = "&nbsp;";
-    } else if ( thisResult != null && thisResult.indexOf("@@")== 0) {
-        classString=thisResult.substring(2);
-        thisResult ="&nbsp;"; //leave as follows for diagnostics: thisResult.substring(2);
-        isPostQHeaderRow = false;
-    } else {
-        classString = isPostQHeaderRow ? "database_postheader" : "row";
-        if ( thisResult == null || "".equals(thisResult) )
-            thisResult = "&nbsp;";
-    }
-        if ( resultCount == 0 ) { // first pass : column names
+            String thisResult = (String)iter.next();
+            if ( "+".equals(thisResult) ) {
+                havePostQueryData = true;
+                classString = "database_postheader";
+                isPostQHeaderRow = true;
+                thisResult = "&nbsp;";
+            } else if ( thisResult != null && thisResult.indexOf("@@")== 0) {
+                classString=thisResult.substring(2);
+                thisResult ="&nbsp;"; //leave as follows for diagnostics: thisResult.substring(2);
+                isPostQHeaderRow = false;
+            } else {
+                classString = isPostQHeaderRow ? "database_postheader" : "row";
+                if ( thisResult == null || "".equals(thisResult) )
+                    thisResult = "&nbsp;";
+            }
+                if ( resultCount == 0 ) { // first pass : column names
 %>
 
 <table border="0" cellpadding="2" cellspacing="0" width = "100%">
-                        <%
-                        if ( clickSortStr != null && "true".equals(clickSortStr) ) {
-                                    if ( (results.size() - columns) / columns > 2 ) {
-                        %>
+                        <%              if ( clickSortStr != null && "true".equals(clickSortStr) ) {
+                    if ( (results.size() - columns) / columns > 2 ) {
+%>
 <tr>
 <td class="database_upperleftcorner" colspan="<%=columns%>">
 <i>Click on the column header to sort rows by that column.</i>
 </td>
 </tr>
-<%
-}
-        }
+<%                  }
+                }
 %>
 
 <tr class="row">
     <td class="rownumheader">#</td>
-     <%
-     if ( !("XX".equals(thisResult) )) {
-     %>
+     <%             if ( !("XX".equals(thisResult) )) {
+%>
     <td class="database_header">
-<%
-}
-        } else if ( resultCount == columns ) {  // end column names and start numbered list
-        ++ primaryRowNumber;
-        ++ pageRowNumber;
-        firstValue = thisResult;
+<%              }
+                } else if ( resultCount == columns ) {  // end column names and start numbered list
+                ++ primaryRowNumber;
+                ++ pageRowNumber;
+                firstValue = thisResult;
 %>
 
 </tr>
 <tr valign="top" class="row">
     <td class="rownum">1</td>
-      <%
-      if ( !("XX".equals(thisResult) )) {
-      %>
+      <%                if ( !("XX".equals(thisResult) )) { %>
     <td class="row">
-<%
-}
-    } else if ( resultCount % columns == 0 ) {  // end row and start next row with calculated row number
-        ++ pageRowNumber;
+<%              }
+            } else if ( resultCount % columns == 0 ) {  // end row and start next row with calculated row number
+                ++ pageRowNumber;
 %>
 </tr>
 <!-- <tr valign="top" class="<%=classString%>" > -->
-      <%
-      if ( "row".equals(classString) ) {
-                  if ( havePostQueryData ) {
-      %>
+      <%                if ( "row".equals(classString) ) {
+                    if ( havePostQueryData ) {
+%>
 <tr><td>&nbsp;</td></tr>
-<%
-havePostQueryData = false;
-            }
-            ++ primaryRowNumber;
+<%                      havePostQueryData = false;
+                    }
+                    ++ primaryRowNumber;
 %>
 <tr valign="top" class="row">
-    <td class="rownum"><%=primaryRowNumber /*resultCount / columns*/%></td>
-<%
-} else { // classString does not equal "row"
+    <td class="rownum"><%= primaryRowNumber /*resultCount / columns*/%></td>
+<%              } else { // classString does not equal "row"
 %>
 <tr valign="top" class="<%=classString%>" >
-<%
-}
-        if ( !("XX".equals(thisResult) )) {
+<%              }
+                if ( !("XX".equals(thisResult) )) {
 %>
     <td class="<%=classString%>">
-<%
-}
-    } else { // not the end of a row
-        if ( resultCount <= columns ) { // header rows
-            if ( !("XX".equals(thisResult) )) {
+<%              }
+            } else { // not the end of a row
+                if ( resultCount <= columns ) { // header rows
+                    if ( !("XX".equals(thisResult) )) {
 %>
     <td class="database_header">
 <%
-}
-        } else if ( resultCount == columns + 1 ) {
-            secondValue=thisResult;
-            if ( !( "XX".equals(thisResult) )) {
+                    }
+                } else if ( resultCount == columns + 1 ) {
+                    secondValue=thisResult;
+                    if ( !( "XX".equals(thisResult) )) {
 %>
     <td class="row">
 <%
-}
-        } else  { // cells in later rows
-            if ( !( "XX".equals(thisResult) )) {
-                if ( "row".equals(classString) ) {
-                    if ( primaryRowNumber % 2 == 0 ) {
-                        if ( pageRowNumber % 2 == 0 ) {
+                    }
+                } else  { // cells in later rows
+                    if ( !( "XX".equals(thisResult) )) {
+                        if ( "row".equals(classString) ) {
+                            if ( primaryRowNumber % 2 == 0 ) {
+                                if ( pageRowNumber % 2 == 0 ) {
 %>
     <td class="rowalternate">
-<%
-} else {
+<%                              } else {
 %>
     <td class="row">
-<%
-}
-                    } else if ( pageRowNumber % 2 == 0 ) {
+<%                              }
+                            } else if ( pageRowNumber % 2 == 0 ) {
 %>
     <td class="rowalternate">
-<%
-} else {
+<%                          } else {
 %>
     <td class="row">
-<%
-}
-                } else {
+<%                          }
+                        } else {
 %>
     <td class="<%=classString%>" >
-<%
-}
+<%                      }
+                    }
+                }
             }
-        }
-    }
-        if ( !( "XX".equals(thisResult) )) {
+                if ( !( "XX".equals(thisResult) )) {
 %>
-                    <%=thisResult%>
+                    <%= thisResult %>
     </td>
 <%
-}
-    ++ resultCount;
+            }
+            ++ resultCount;
         }
 %>
   </tr>
 </table>
 <%
-} else { /* results not > 0 */
+    } else { /* results not > 0 */
         Iterator errorIter = results.iterator();
         while ( errorIter.hasNext()) {
-    String errorResult = (String)errorIter.next();
+            String errorResult = (String)errorIter.next();
 %>
-            <p>Error returned: <%=errorResult%></p>
+            <p>Error returned: <%= errorResult%></p>
 <%
-}
+        }
     }
 %>
 <%
@@ -264,12 +227,11 @@ if ( editFormStr != null  && minEditRoleStr != null ) {
         String currentRemoteAddrStr = request.getRemoteAddr();
         String storedRemoteAddr = (String)session.getAttribute("loginRemoteAddr");
         if ( storedRemoteAddr != null && currentRemoteAddrStr.equals( storedRemoteAddr ) ) {
-    int minEditRole = Integer.parseInt(  minEditRoleStr );
-    String authorizedRoleStr = (String)session.getAttribute("loginRole");
-    if ( authorizedRoleStr != null ) {
-        int authorizedRole = Integer.parseInt( authorizedRoleStr );
-        if ( authorizedRole >= minEditRole ) {
-%>
+            int minEditRole = Integer.parseInt(  minEditRoleStr );
+            String authorizedRoleStr = (String)session.getAttribute("loginRole");
+            if ( authorizedRoleStr != null ) {
+                int authorizedRole = Integer.parseInt( authorizedRoleStr );
+                if ( authorizedRole >= minEditRole ) { %>
                     <jsp:include page="<%=editFormStr%>" flush="true">
                     <jsp:param name="firstvalue" value="<%=firstValue%>" />
                     <jsp:param name="secondvalue" value="<%=secondValue%>" />
diff --git a/webapp/src/main/webapp/templates/edit/fetch/vertical.jsp b/webapp/src/main/webapp/templates/edit/fetch/vertical.jsp
index 4f382b49e2..fbe363869d 100644
--- a/webapp/src/main/webapp/templates/edit/fetch/vertical.jsp
+++ b/webapp/src/main/webapp/templates/edit/fetch/vertical.jsp
@@ -3,21 +3,14 @@
 <%@ page isThreadSafe = "false" %>
 <%@ page import="java.util.*,java.lang.String.*" %>
 
-<%
-if (request.getAttribute("title") != null) {
-%>
+<% if (request.getAttribute("title") != null) { %>
   <h2><%=request.getAttribute("title")%></h2>
-<%
-}
-%>
+<% } %>
 
 <%
 String headerStr = (String)request.getAttribute("header");
-if ( headerStr == null || (!headerStr.equalsIgnoreCase("noheader")) ) {
-%>
-<%
-}
-%>
+if ( headerStr == null || (!headerStr.equalsIgnoreCase("noheader")) ) { %>
+<%  } %>
 <jsp:useBean id="results" class="java.util.ArrayList" scope="request" />
 <%
 int rows = 0;
@@ -33,22 +26,16 @@ String clickSortStr = (String)request.getAttribute("clicksort");
 if ( rows > 0  && results.size() > rows ) { // avoid divide by zero error in next statement
     String suppressStr = null;
     int columns = results.size() / rows;
-    if ( ( suppressStr = (String)request.getAttribute("suppressquery")) == null ) { // only inserted into request if true
-%>
-        <p><i><b><%=columns - 1%></b> results were retrieved in <b><%=rows%></b> rows for query "<%=request.getAttribute("querystring")%>".</i></p>
-<%
-}
+    if ( ( suppressStr = (String)request.getAttribute("suppressquery")) == null ) { // only inserted into request if true %>
+        <p><i><b><%= columns - 1 %></b> results were retrieved in <b><%= rows %></b> rows for query "<%=request.getAttribute("querystring")%>".</i></p>
+<%  }
     if ( clickSortStr != null && clickSortStr.equals("true")) {
-        if ( columns > 2 ) {
-%>
+        if ( columns > 2 ) { %>
             <p><i>Click on the row header to sort columns by that row.</i></p>
-<%
-}
-    }
-%>
+<%      }
+    }  %>
     <table border="0" cellpadding="2" cellspacing="0" width="100%">
-<%
-String[] resultsArray = new String[results.size()]; // see Core Java Vol. 1 p.216
+<%  String[] resultsArray = new String[results.size()]; // see Core Java Vol. 1 p.216
     results.toArray( resultsArray );
     firstValue = resultsArray[ rows ];
     request.setAttribute("firstvalue",firstValue);
@@ -61,79 +48,61 @@ String[] resultsArray = new String[results.size()]; // see Core Java Vol. 1 p.21
     for ( int thisrow = 0; thisrow < rows; thisrow++ ) {
         //int currentPostQCol = 0;
         boolean dropRow = false;
-    for ( int thiscol = 0; thiscol < columns; thiscol++ ) {
-    String thisResult= resultsArray[ (rows * thiscol) + thisrow ];
-    if ( "+".equals(thisResult) ) { /* occurs all in first row, so postQHeaderCols should be correctly initialized */
-        classString = "postheaderright";
-        postQHeaderCols[ thiscol ] = true;
-        //++currentPostQCol;
-        thisResult="&nbsp;";
-    } else if ( thisResult != null && thisResult.indexOf("@@")== 0) {
-        classString="postheadercenter";
-        thisResult ="query values"; //leave as follows for diagnostics: thisResult.substring(2);
-        thisResult = thisResult.substring(2);
-    } else {
-        if ( postQHeaderCols[ thiscol ] == true )
-            classString = "postheaderright";
-        else if ( thiscol == 1 && thisrow < 1 ) // jc55 was thisrow<2
-            classString = "rowbold";
-        else
-            classString = "row";
-        if ( thisResult == null ||  "".equals(thisResult) )
-            thisResult="&nbsp;";
-    }
-    if ( thiscol == 0 ) { // 1st column of new row
-        if ( thisrow > 0 ) { // first must close prior row
-%>
+            for ( int thiscol = 0; thiscol < columns; thiscol++ ) {
+            String thisResult= resultsArray[ (rows * thiscol) + thisrow ];
+            if ( "+".equals(thisResult) ) { /* occurs all in first row, so postQHeaderCols should be correctly initialized */
+                classString = "postheaderright";
+                postQHeaderCols[ thiscol ] = true;
+                //++currentPostQCol;
+                thisResult="&nbsp;";
+            } else if ( thisResult != null && thisResult.indexOf("@@")== 0) {
+                classString="postheadercenter";
+                thisResult ="query values"; //leave as follows for diagnostics: thisResult.substring(2);
+                thisResult = thisResult.substring(2);
+            } else {
+                if ( postQHeaderCols[ thiscol ] == true )
+                    classString = "postheaderright";
+                else if ( thiscol == 1 && thisrow < 1 ) // jc55 was thisrow<2
+                    classString = "rowbold";
+                else
+                    classString = "row";
+                if ( thisResult == null ||  "".equals(thisResult) )
+                    thisResult="&nbsp;";
+            }
+            if ( thiscol == 0 ) { // 1st column of new row
+                if ( thisrow > 0 ) { // first must close prior row %>
                     </tr>
-                        <%
-                        if ("XX".equals(thisResult) ) {
-                                        dropRow = true;
-                                    }
-                        %>
+                        <%                  if ("XX".equals(thisResult) ) {
+                        dropRow = true;
+                    } %>
                     <tr valign="top" class="rowvert">  <!-- okay to start even a dropRow because it will get no <td> elements -->
-<%
-} else {
-%>
+<%              } else { %>
                     <tr valign="top" class="header">  <!-- okay to start even a dropRow because it will get no <td> elements -->
-<%
-}
-        if ( !dropRow ) {
-%>
+<%              }
+                if ( !dropRow ) { %>
                     <td width="15%" class="verticalfieldlabel">
                     <%=thisResult%>
-<%
-}
-    } else { // 2nd or higher column
-        if ( !dropRow ) {
-%>
+<%              }
+            } else { // 2nd or higher column
+                if ( !dropRow ) { %>
                     <td class="<%=classString%>" >
-                        <%
-                        if ("XX".equals(thisResult) ) {
-                        %>
+                        <%                  if ("XX".equals(thisResult) ) { %>
                         <%="&nbsp;"%>
-<%
-} else {
-%>
+<%                  } else { %>
                         <%=thisResult%>
-<%
-}
-        }
-    }
-    if ( !dropRow ) {
-%>
+<%                  }
+                }
+            }
+            if ( !dropRow ) { %>
                 </td>
-<%
-}
+<%          }
         }
-    }
-%>
+    }  %>
     </tr>
     </table>
 <%
 } else {
-    System.out.println("No results reported when " + rows + " rows and a result array size of " + results.size());
-%>
+    System.out.println("No results reported when " + rows + " rows and a result array size of " + results.size()); %>
     No results retrieved for query "<%=request.getAttribute("querystring")%>".
 <%  Iterator errorIter = results.iterator();
     while ( errorIter.hasNext()) {
diff --git a/webapp/src/main/webapp/templates/edit/specific/merge_result.jsp b/webapp/src/main/webapp/templates/edit/specific/merge_result.jsp
index 7e2944b28b..ce00e01f51 100644
--- a/webapp/src/main/webapp/templates/edit/specific/merge_result.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/merge_result.jsp
@@ -6,7 +6,5 @@
 <h2><a href="ingest">Ingest Home</a></h2>
 
 <h3>Merge Individuals</h3>
-<%
-String result = (String) request.getAttribute("result");
-%>
+<%String result = (String) request.getAttribute("result");%>
 <p><b><%=result%></b></p>
diff --git a/webapp/src/main/webapp/templates/entity/entityListForTabs.jsp b/webapp/src/main/webapp/templates/entity/entityListForTabs.jsp
index b493c3baaa..3ea942a80a 100644
--- a/webapp/src/main/webapp/templates/entity/entityListForTabs.jsp
+++ b/webapp/src/main/webapp/templates/entity/entityListForTabs.jsp
@@ -3,8 +3,7 @@
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%><%/* this odd thing points to something in web.xml */ %>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
 <%@ page errorPage="/error.jsp"%>
-<%
-/***********************************************
+<%  /***********************************************
         Display a list of entities for a tab.
 
          request.attributes:
@@ -18,14 +17,12 @@
          bdc34 2006-01-27 created
     **********************************************/
         if (request.getAttribute("entities") == null){
-    String e="entityListForTabs.jsp expects that request attribute 'entities' be set to a List of Entity objects.";
-    throw new JspException(e);
+            String e="entityListForTabs.jsp expects that request attribute 'entities' be set to a List of Entity objects.";
+            throw new JspException(e);
         }
 %>
 <c:set var="searchViewPrefix" value="/templates/search/"/>
-<c:set var='entities' value='${requestScope.entities}' /><%
-/* just moving this into page scope for easy use */
-%>
+<c:set var='entities' value='${requestScope.entities}' /><%/* just moving this into page scope for easy use */ %>
 <c:set var='IMG_WIDTH' value='75'/>
 <jsp:include page="/templates/alpha/alphaIndex.jsp"/>
 <ul class='tabEntities entityListForTab'>
diff --git a/webapp/src/main/webapp/templates/page/bodyMsg.jsp b/webapp/src/main/webapp/templates/page/bodyMsg.jsp
index 68e89fcf85..db88240a2e 100644
--- a/webapp/src/main/webapp/templates/page/bodyMsg.jsp
+++ b/webapp/src/main/webapp/templates/page/bodyMsg.jsp
@@ -1,7 +1,6 @@
 <%-- $This file is distributed under the terms of the license in LICENSE$ --%>
 
-<%
-/***********************************************
+<%  /***********************************************
      A JSP for displaying a simple message.
      This JSP is intened to be wraped by basicPage.jsp
 
@@ -13,8 +12,8 @@
 
      if (request.getAttribute("msg") == null ){
          throw new JspException(
-         "bodyMsg.jsp expects that request parameter 'msg' be set to"
-         + " the message for the page.\n"
+                 "bodyMsg.jsp expects that request parameter 'msg' be set to"
+                 + " the message for the page.\n"
           );
      }
    // only get the msg from the attributes, because of cross site exploits,
diff --git a/webapp/src/main/webapp/templates/page/freemarkerTransition/footer.jsp b/webapp/src/main/webapp/templates/page/freemarkerTransition/footer.jsp
index 100b525508..b42e1e792b 100644
--- a/webapp/src/main/webapp/templates/page/freemarkerTransition/footer.jsp
+++ b/webapp/src/main/webapp/templates/page/freemarkerTransition/footer.jsp
@@ -4,7 +4,7 @@
 
 <%@ page import="edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet" %>
 <%
-// This is here as a safety net. We should have gotten the values in identity.jsp,
+    // This is here as a safety net. We should have gotten the values in identity.jsp,
     // since it's the first jsp we hit.
     String footer = (String) request.getAttribute("ftl_footer");
     if (footer == null) {
diff --git a/webapp/src/main/webapp/templates/page/freemarkerTransition/menu.jsp b/webapp/src/main/webapp/templates/page/freemarkerTransition/menu.jsp
index dfa80002cd..db4829370e 100644
--- a/webapp/src/main/webapp/templates/page/freemarkerTransition/menu.jsp
+++ b/webapp/src/main/webapp/templates/page/freemarkerTransition/menu.jsp
@@ -4,7 +4,7 @@
 
 <%@ page import="edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet" %>
 <%
-// This is here as a safety net. We should have gotten the values in identity.jsp,
+    // This is here as a safety net. We should have gotten the values in identity.jsp,
     // since it's the first jsp we hit.
     String menu = (String) request.getAttribute("ftl_menu");
     if (menu == null) {

From 35d49350e5cff0b252d767522ca2fb1a709fd9ad Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 24 Oct 2023 14:29:58 +0200
Subject: [PATCH 070/148] style fixes

---
 .../webapp/auth/policy/PolicyLoader.java      | 55 ++++++++++---------
 .../auth/policy/PolicyTemplateController.java | 37 +++++--------
 .../vitro/webapp/auth/rules/AccessRule.java   |  2 +-
 .../webapp/auth/rules/AccessRuleImpl.java     |  2 +-
 .../webapp/migration/auth/ArmMigrator.java    |  2 +-
 ...ccessAllowedClassesPolicyTemplateTest.java | 43 ++++++++-------
 ...ssAllowedPropertiesPolicyTemplateTest.java | 19 ++++---
 ...edAllowedPropertiesPolicyTemplateTest.java |  5 +-
 .../webapp/auth/policy/BasicPolicyTest.java   | 25 ++++-----
 .../auth/policy/EditablePagesPolicyTest.java  |  6 +-
 .../HomeMenuItemsRestrictionPolicyTest.java   |  6 +-
 .../webapp/auth/policy/PolicyLoaderTest.java  | 12 ++--
 .../vitro/webapp/auth/policy/PolicyTest.java  |  6 +-
 .../policy/SimplePermissionTemplateTest.java  | 26 +++++----
 ...edAllowedPropertiesPolicyTemplateTest.java |  3 +-
 .../migration/auth/ArmMigratorTest.java       |  2 +-
 16 files changed, 130 insertions(+), 121 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 37ec5b00d1..f4a305bd7c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -72,7 +72,7 @@ public class PolicyLoader {
             + "    BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n"
             + "  }\n"
             + "} ORDER BY ?" + PRIORITY;
-    
+
 
     private static final String DATASET_PRIORITY_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
             + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
@@ -115,7 +115,8 @@ public class PolicyLoader {
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "SELECT DISTINCT ?policyUri ?rules ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id \n" + "WHERE {\n"
+            + "SELECT DISTINCT ?policyUri ?rules ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id \n"
+            + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "?policy rdf:type ao:Policy .\n"
             + "?policy ao:rules ?rules . \n"
@@ -150,7 +151,8 @@ public class PolicyLoader {
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "SELECT DISTINCT ?policyUri ?rules ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id ?dataSetUri \n"
+            + "SELECT DISTINCT ?policyUri ?rules ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id"
+            + " ?dataSetUri \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?policy a ao:PolicyTemplate .\n"
@@ -188,7 +190,7 @@ public class PolicyLoader {
             + "    OPTIONAL {\n"
             + "       ?check ao:value ?value .\n"
             + "       OPTIONAL {?value ao:id ?lit_value . }\n"
-            + "    }\n" 
+            + "    }\n"
             + "    BIND(?dataSet as ?dataSetUri)\n"
             + "    BIND(?policy as ?policyUri)\n"
             + "  }\n"
@@ -217,7 +219,8 @@ public class PolicyLoader {
             + "  }\n"
             + "  ?dataSetKeyUri ao:keyComponent ?key .\n";
 
-    private static final String policyKeyTemplateSuffix = "}} GROUP BY ?" + POLICY + " ?dataSet ?value ?valueId ?testData ?valueContainer";
+    private static final String policyKeyTemplateSuffix =
+            "}} GROUP BY ?" + POLICY + " ?dataSet ?value ?valueId ?testData ?valueContainer";
 
     private static final String policyStatementByKeyTemplatePrefix =
               "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
@@ -253,7 +256,7 @@ public class PolicyLoader {
             + "    ?dataSetTemplateKey ao:templateKey ?key .\n"
             + "  }\n"
             + "}\n"
-            + "GROUP BY ?dataSetTemplate ?dataSets"; 
+            + "GROUP BY ?dataSetTemplate ?dataSets";
 
     public static final String DATA_SET_KEY_TEMPLATE_QUERY = ""
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
@@ -264,8 +267,8 @@ public class PolicyLoader {
             + "    ?dataSetTemplate ao:dataSetKeyTemplate ?dataSetKeyTemplate .\n"
             + "    ?dataSetKeyTemplate ao:keyComponent ?keyComponent .\n"
             + "  }\n"
-            + "}\n"; 
-    
+            + "}\n";
+
     public static final String DATA_SET_KEY_TEMPLATES_TEMPLATE_QUERY = ""
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
@@ -275,8 +278,8 @@ public class PolicyLoader {
             + "    ?dataSetTemplate ao:dataSetKeyTemplate ?dataSetKeyTemplate .\n"
             + "    ?dataSetKeyTemplate ao:keyComponentTemplate ?keyComponentTemplate .\n"
             + "  }\n"
-            + "}\n"; 
-    
+            + "}\n";
+
     public static final String DATA_SET_VALUE_TEMPLATE_QUERY = ""
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
@@ -285,9 +288,8 @@ public class PolicyLoader {
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?dataSetTemplate ao:dataSetValues ?valueContainer .\n"
             + "  }\n"
-            + "}\n"; 
-    
-    
+            + "}\n";
+
     public static final String DATA_SET_VALUE_CONTAINER_TEMPLATES_TEMPLATE_QUERY = ""
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
@@ -297,7 +299,7 @@ public class PolicyLoader {
             + "    ?dataSetTemplate ao:dataSetValueTemplate ?valueContainerTemplate .\n"
             + "  }\n"
             + "}\n";
-    
+
     public static final String CONSTRUCT_VALUE_CONTAINER_QUERY = ""
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
@@ -321,7 +323,7 @@ public class PolicyLoader {
             + "    }"
             + "  }"
             + "}\n";
-    
+
     private RDFService rdfService;
     public static final String RULE = "rule";
     public static final String LITERAL_VALUE = "lit_value";
@@ -377,7 +379,7 @@ protected void processQuerySolution(QuerySolution qs) {
 
         return policyUris;
     }
-    
+
     @Deprecated
     public DynamicPolicy loadPolicy(String uri) {
         List<String> dataSetNames = getDataSetNames(uri);
@@ -401,7 +403,7 @@ public DynamicPolicy loadPolicy(String uri) {
         policy.addRules(rules);
         return policy;
     }
-    
+
     public DynamicPolicy loadPolicyFromTemplateDataSet(String dataSetUri) {
         Set<AccessRule> rules = new HashSet<>();
         long priority = getPriorityFromDataSet(dataSetUri);
@@ -581,7 +583,8 @@ private static String getDataSetByKeyQuery(String[] uris, String[] ids) {
         }
         int i = 0;
         for (String id : ids) {
-            query.append(String.format("  ?dataSetKeyUri ao:keyComponent ?uri%d .\n  ?uri%d ao:id \"%s\" . \n", i, i, id));
+            query.append(
+                    String.format("  ?dataSetKeyUri ao:keyComponent ?uri%d .\n  ?uri%d ao:id \"%s\" . \n", i, i, id));
             i++;
         }
         query.append(policyKeyTemplateSuffix);
@@ -769,7 +772,8 @@ private static boolean isInvalidPolicySolution(QuerySolution qs) {
         }
         String check = qs.get("check").asResource().getLocalName();
         if (!qs.contains("value")) {
-            log.error(String.format("Query solution for policy <%s> rule %s check %s doesn't contain value", policy, rule, check));
+            log.error(String.format("Query solution for policy <%s> rule %s check %s doesn't contain value", policy,
+                    rule, check));
             return true;
         }
         if (!qs.contains("typeId") || !qs.get("typeId").isLiteral()) {
@@ -830,8 +834,8 @@ protected void processQuerySolution(QuerySolution qs) {
         return uri[0];
     }
 
-    public Map<String,String> getRoleDataSetTemplates() {
-        Map<String,String> dataSetTemplates = new HashMap<>();
+    public Map<String, String> getRoleDataSetTemplates() {
+        Map<String, String> dataSetTemplates = new HashMap<>();
         long expectedSize = 1;
         final String queryText = DATA_SET_TEMPLATES_QUERY;
         debug("SPARQL Query to get data set templates:\n %s", queryText);
@@ -847,13 +851,12 @@ protected void processQuerySolution(QuerySolution qs) {
                         return;
                     }
                     if (!qs.contains("dataSetTemplate") || !qs.get("dataSetTemplate").isResource()) {
-                       return;
+                        return;
                     }
                     if (!qs.contains("dataSets") || !qs.get("dataSets").isResource()) {
                         return;
-                     }
-                    dataSetTemplates.put(
-                            qs.getResource("dataSetTemplate").getURI(),
+                    }
+                    dataSetTemplates.put(qs.getResource("dataSetTemplate").getURI(),
                             qs.getResource("dataSets").getURI());
                 }
             });
@@ -961,5 +964,5 @@ public void constructValueContainer(String valueContainerTemplateUri, String val
             log.error(e, e);
         }
     }
-    
+
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
index b587b01140..738a048666 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -44,33 +44,25 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
         }
         Model dataSetModel = VitroModelFactory.createModel();
         // Add ?dataSets ao:policyDataSet dataSetUri .
-        dataSetModel.add(new StatementImpl(
-                dataSetModel.createResource(dataSetsUri),
-                dataSetModel.createProperty(PREFIX_AO + "policyDataSet"),
-                dataSetModel.createResource(dataSetUri)));
-        
-        dataSetModel.add(new StatementImpl(
-                dataSetModel.createResource(dataSetUri),
+        dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetsUri),
+                dataSetModel.createProperty(PREFIX_AO + "policyDataSet"), dataSetModel.createResource(dataSetUri)));
+
+        dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
                 dataSetModel.createProperty("http://www.w3.org/1999/02/22-rdf-syntax-ns#type"),
                 dataSetModel.createResource(PREFIX_AO + "PolicyDataSet")));
-        
-        dataSetModel.add(new StatementImpl(
-                dataSetModel.createResource(dataSetUri),
-                dataSetModel.createProperty(PREFIX_AO + "dataSetKey"),
-                dataSetModel.createResource(dataSetKeyUri)));
-        
+
+        dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
+                dataSetModel.createProperty(PREFIX_AO + "dataSetKey"), dataSetModel.createResource(dataSetKeyUri)));
+
         for (String key : keys) {
-            dataSetModel.add(new StatementImpl(
-                    dataSetModel.createResource(dataSetKeyUri),
-                    dataSetModel.createProperty(PREFIX_AO + "keyComponent"),
-                    dataSetModel.createResource(key)));
+            dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetKeyUri),
+                    dataSetModel.createProperty(PREFIX_AO + "keyComponent"), dataSetModel.createResource(key)));
         }
-        
+
         List<String> valueContainerUris = policyLoader.getDataSetValuesFromTemplate(dataSetTemplateUri);
         for (String valueContainerUri : valueContainerUris) {
             // Add ?dataSetUri ao:dataSetValues ?valueContainerUri .
-            dataSetModel.add(new StatementImpl(
-                    dataSetModel.createResource(dataSetUri),
+            dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
                     dataSetModel.createProperty(PREFIX_AO + "dataSetValues"),
                     dataSetModel.createResource(valueContainerUri)));
         }
@@ -79,11 +71,10 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
 
         for (String valueContainerTemplateUri : valueContainerTemplateUris) {
             String valueContainerUri = getUriFromTemplate(valueContainerTemplateUri, role);
-            dataSetModel.add(new StatementImpl(
-                    dataSetModel.createResource(dataSetUri),
+            dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
                     dataSetModel.createProperty(PREFIX_AO + "dataSetValues"),
                     dataSetModel.createResource(valueContainerUri)));
-            
+
             policyLoader.constructValueContainer(valueContainerTemplateUri, valueContainerUri, roleUri, dataSetModel);
             // TODO: Check uri doesn't exists in access control graph
             // If value container template is subject role, then role uri should be added to the container
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
index 5df38bec21..86700b1237 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
@@ -5,8 +5,8 @@
 import java.util.List;
 import java.util.Set;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.Check;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Check;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
 public interface AccessRule {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
index 198cecbb79..06d28805b6 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
@@ -11,8 +11,8 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.Check;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Check;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
index ef9528572b..00f565fba5 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
@@ -167,7 +167,7 @@ protected void collectAdditions(Map<AccessObjectType, Set<String>> entityTypeMap
                     for (AccessOperation ao : OperationGroup.getOperations(og)) {
                         for (String entityUri : intersectionEntities) {
                             EntityPolicyController.getDataValueStatements(entityUri, type, ao,
-                            Collections.singleton(newRole), additions);
+                                    Collections.singleton(newRole), additions);
                         }
                     }
                 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
index 2bab9ac3bf..a606451796 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
@@ -48,7 +48,8 @@ public void testPolicy() {
         }
         EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), roles);
         DynamicPolicy policy = null;
-        String dataSet = loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
+        String dataSet =
+                loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
 
         policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
@@ -59,26 +60,26 @@ public void testPolicy() {
     @Parameterized.Parameters
     public static Collection<Object[]> requests() {
         return Arrays.asList(new Object[][] {
-                { DISPLAY, CLASS, PUBLIC, 1, Collections.singleton(4) },
-                { DISPLAY, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
-                { DISPLAY, CLASS, EDITOR, 1, Collections.singleton(4) },
-                { DISPLAY, CLASS, CURATOR, 1, Collections.singleton(4) },
-                { DISPLAY, CLASS, ADMIN, 1, Collections.singleton(4) },
-                { DISPLAY, CLASS, CUSTOM, 1, Collections.singleton(4) },
-
-                { PUBLISH, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
-                { PUBLISH, CLASS, EDITOR, 1, Collections.singleton(4) },
-                { PUBLISH, CLASS, CURATOR, 1, Collections.singleton(4) },
-                { PUBLISH, CLASS, ADMIN, 1, Collections.singleton(4) },
-                { PUBLISH, CLASS, CUSTOM, 1, Collections.singleton(4) },
-
-                { UPDATE, CLASS, PUBLIC, 1, Collections.singleton(4) },
-                { UPDATE, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
-                { UPDATE, CLASS, EDITOR, 1, Collections.singleton(4) },
-                { UPDATE, CLASS, CURATOR, 1, Collections.singleton(4) },
-                { UPDATE, CLASS, ADMIN, 1, Collections.singleton(4) },
-                { UPDATE, CLASS, CUSTOM, 1, Collections.singleton(4) },});
-        
+            { DISPLAY, CLASS, PUBLIC, 1, Collections.singleton(4) },
+            { DISPLAY, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
+            { DISPLAY, CLASS, EDITOR, 1, Collections.singleton(4) },
+            { DISPLAY, CLASS, CURATOR, 1, Collections.singleton(4) },
+            { DISPLAY, CLASS, ADMIN, 1, Collections.singleton(4) },
+            { DISPLAY, CLASS, CUSTOM, 1, Collections.singleton(4) },
+
+            { PUBLISH, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
+            { PUBLISH, CLASS, EDITOR, 1, Collections.singleton(4) },
+            { PUBLISH, CLASS, CURATOR, 1, Collections.singleton(4) },
+            { PUBLISH, CLASS, ADMIN, 1, Collections.singleton(4) },
+            { PUBLISH, CLASS, CUSTOM, 1, Collections.singleton(4) },
+
+            { UPDATE, CLASS, PUBLIC, 1, Collections.singleton(4) },
+            { UPDATE, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
+            { UPDATE, CLASS, EDITOR, 1, Collections.singleton(4) },
+            { UPDATE, CLASS, CURATOR, 1, Collections.singleton(4) },
+            { UPDATE, CLASS, ADMIN, 1, Collections.singleton(4) },
+            { UPDATE, CLASS, CUSTOM, 1, Collections.singleton(4) }, });
+
     }
 
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
index c3502863f5..76b032596a 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
@@ -26,7 +26,7 @@
 
 @RunWith(Parameterized.class)
 public class AccessAllowedPropertiesPolicyTemplateTest extends PolicyTest {
-    
+
     @org.junit.runners.Parameterized.Parameter(0)
     public AccessOperation ao;
 
@@ -53,7 +53,8 @@ public void testPolicy() {
         }
         EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), roles);
         DynamicPolicy policy = null;
-        String dataSet = loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
+        String dataSet =
+                loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
         policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
         Set<String> values = loader.getDataSetValues(ao, type, roleUri);
@@ -87,7 +88,7 @@ public static Collection<Object[]> requests() {
                 { DISPLAY, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
                 { DISPLAY, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) },
                 { DISPLAY, FAUX_DATA_PROPERTY, CUSTOM, 2, num(4) },
-                
+
                 { PUBLISH, OBJECT_PROPERTY, ADMIN, 2, num(4) },
                 { PUBLISH, OBJECT_PROPERTY, CURATOR, 2, num(4) },
                 { PUBLISH, OBJECT_PROPERTY, EDITOR, 2, num(4) },
@@ -107,7 +108,7 @@ public static Collection<Object[]> requests() {
                 { PUBLISH, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
                 { PUBLISH, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
                 { PUBLISH, FAUX_DATA_PROPERTY, CUSTOM, 2, num(4) },
-                
+
                 { EDIT, OBJECT_PROPERTY, ADMIN, 2, num(4) },
                 { EDIT, OBJECT_PROPERTY, CURATOR, 2, num(4) },
                 { EDIT, OBJECT_PROPERTY, EDITOR, 2, num(4) },
@@ -119,7 +120,7 @@ public static Collection<Object[]> requests() {
                 { ADD, OBJECT_PROPERTY, EDITOR, 2, num(4) },
                 { ADD, OBJECT_PROPERTY, PUBLIC, 2, num(4) },
                 { ADD, OBJECT_PROPERTY, CUSTOM, 2, num(4) },
-                
+
                 { DROP, OBJECT_PROPERTY, ADMIN, 2, num(4) },
                 { DROP, OBJECT_PROPERTY, CURATOR, 2, num(4) },
                 { DROP, OBJECT_PROPERTY, EDITOR, 2, num(4) },
@@ -149,25 +150,25 @@ public static Collection<Object[]> requests() {
                 { EDIT, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
                 { EDIT, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
                 { EDIT, FAUX_OBJECT_PROPERTY, CUSTOM, 2, num(4) },
-                
+
                 { ADD, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
                 { ADD, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
                 { ADD, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
                 { ADD, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
                 { ADD, FAUX_OBJECT_PROPERTY, CUSTOM, 2, num(4) },
-                
+
                 { DROP, FAUX_OBJECT_PROPERTY, ADMIN, 2, num(4) },
                 { DROP, FAUX_OBJECT_PROPERTY, CURATOR, 2, num(4) },
                 { DROP, FAUX_OBJECT_PROPERTY, EDITOR, 2, num(4) },
                 { DROP, FAUX_OBJECT_PROPERTY, PUBLIC, 2, num(4) },
                 { DROP, FAUX_OBJECT_PROPERTY, CUSTOM, 2, num(4) },
-                
+
                 { EDIT, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
                 { EDIT, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
                 { EDIT, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
                 { EDIT, FAUX_DATA_PROPERTY, PUBLIC, 2, num(4) },
                 { EDIT, FAUX_DATA_PROPERTY, CUSTOM, 2, num(4) },
-                
+
                 { ADD, FAUX_DATA_PROPERTY, ADMIN, 2, num(4) },
                 { ADD, FAUX_DATA_PROPERTY, CURATOR, 2, num(4) },
                 { ADD, FAUX_DATA_PROPERTY, EDITOR, 2, num(4) },
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
index d7cfbaabf4..700ed2be7e 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -21,7 +21,7 @@
 
 @RunWith(Parameterized.class)
 public class AccessRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest {
-   
+
     @org.junit.runners.Parameterized.Parameter(0)
     public AccessOperation ao;
 
@@ -42,7 +42,8 @@ public void testPolicy() {
         load(TEMPLATE_RELATED_PROPERTIES_PATH);
         EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
         DynamicPolicy policy = null;
-        String dataSet = loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
+        String dataSet =
+                loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
 
         policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
index 7d77c2c166..79c7a5fd65 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
@@ -5,8 +5,6 @@
 
 import java.io.StringWriter;
 import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
 
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
@@ -18,7 +16,8 @@ public class BasicPolicyTest extends PolicyTest {
     public static final String BROKEN_POLICY_BROKEN_TYPE = RESOURCES_RULES_PREFIX + "test_policy_broken2.n3";
     public static final String BROKEN_POLICY_BROKEN_TEST_ID = RESOURCES_RULES_PREFIX + "test_policy_broken3.n3";
     public static final String BROKEN_POLICY_BROKEN_TYPE_ID = RESOURCES_RULES_PREFIX + "test_policy_broken4.n3";
-    public static final String BROKEN_POLICY_BROKEN_ATTRIBUTE_VALUES = RESOURCES_RULES_PREFIX + "test_policy_broken5.n3";
+    public static final String BROKEN_POLICY_BROKEN_ATTRIBUTE_VALUES =
+            RESOURCES_RULES_PREFIX + "test_policy_broken5.n3";
 
     @Test
     public void testGetPolicyUris() {
@@ -35,8 +34,8 @@ public void testValidPolicy() {
     @Test
     public void testValidPolicyTemplate() {
         load(VALID_POLICY_TEMPLATE);
-        DynamicPolicy policy = loader
-                .loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/ValidTestSetPolicy");
+        DynamicPolicy policy =
+                loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/ValidTestSetPolicy");
         countRulesAndAttributes(policy, 2, Collections.singleton(2));
     }
 
@@ -51,8 +50,8 @@ public void testBrokenTestId() {
     @Test
     public void testBrokenTypeId() {
         load(BROKEN_POLICY_BROKEN_TYPE_ID);
-        DynamicPolicy policy = loader
-                .loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyTypeId");
+        DynamicPolicy policy =
+                loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyTypeId");
         assertTrue(policy == null);
     }
 
@@ -67,24 +66,24 @@ public void testBrokenTest() {
     @Test
     public void testBrokenType() {
         load(BROKEN_POLICY_BROKEN_TYPE);
-        DynamicPolicy policy = loader
-                .loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyType");
+        DynamicPolicy policy =
+                loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyType");
         assertTrue(policy == null);
     }
 
     @Test
     public void testBrokenAttributeValue() {
         load(BROKEN_POLICY_BROKEN_ATTRIBUTE_VALUES);
-        DynamicPolicy policy = loader
-                .loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
+        DynamicPolicy policy =
+                loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
         assertTrue(policy == null);
     }
 
     @Test
     public void testBrokenPolicyTemplate() {
         load(BROKEN_POLICY_TEMPLATE);
-        DynamicPolicy policy = loader
-                .loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
+        DynamicPolicy policy =
+                loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
         assertTrue(policy == null);
     }
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
index 1393aef56a..e0b255b2bf 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
@@ -9,12 +9,14 @@
 
 public class EditablePagesPolicyTest extends PolicyTest {
 
-    public static final String EDITABLE_PAGES_POLICY_PATH = PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + "policy_editable_pages.n3";
+    public static final String EDITABLE_PAGES_POLICY_PATH =
+            PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + "policy_editable_pages.n3";
 
     @Test
     public void testLoadEditablePagesPolicy() {
         load(EDITABLE_PAGES_POLICY_PATH);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/edit-individual-pages/Policy";
+        String policyUri =
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/edit-individual-pages/Policy";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
         countRulesAndAttributes(policy, 2, new HashSet<>(Arrays.asList(5, 6)));
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
index 9095d1da9c..87676bc5cf 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
@@ -14,12 +14,14 @@
 
 public class HomeMenuItemsRestrictionPolicyTest extends PolicyTest {
 
-    public static final String MENU_ITEMS_POLICY_PATH = PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + "policy_menu_items_editing.n3";
+    public static final String MENU_ITEMS_POLICY_PATH =
+            PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + "policy_menu_items_editing.n3";
 
     @Test
     public void testHomeMenuItemsRestrictionPolicy() {
         load(MENU_ITEMS_POLICY_PATH);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/restrict-home-menu-items-editing/Policy";
+        String policyUri =
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/restrict-home-menu-items-editing/Policy";
         DynamicPolicy policy = loader.loadPolicy(policyUri);
         assertTrue(policy != null);
         assertEquals(9000, policy.getPriority());
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
index 41176797b2..b058b7dcce 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
@@ -21,9 +21,9 @@ public void getRoleDataSetTemplatesTest() {
         Map<String, String> templates = PolicyLoader.getInstance().getRoleDataSetTemplates();
         assertEquals(2, templates.size());
         assertTrue(templates.containsKey(PREFIX + "RoleDataSetTemplate1"));
-        assertEquals(PREFIX + "DataSets" , templates.get(PREFIX + "RoleDataSetTemplate1"));
+        assertEquals(PREFIX + "DataSets", templates.get(PREFIX + "RoleDataSetTemplate1"));
         assertTrue(templates.containsKey(PREFIX + "RoleDataSetTemplate2"));
-        assertEquals(PREFIX + "DataSets" , templates.get(PREFIX + "RoleDataSetTemplate2"));
+        assertEquals(PREFIX + "DataSets", templates.get(PREFIX + "RoleDataSetTemplate2"));
     }
 
     @Test
@@ -38,7 +38,8 @@ public void getRoleDataSetKeyTemplateTest() {
     @Test
     public void getRoleDataSetDraftKeyTemplateTest() {
         load(DATA_SET);
-        List<String> keys = PolicyLoader.getInstance().getDataSetKeyTemplatesFromTemplate(PREFIX + "RoleDataSetTemplate1");
+        List<String> keys =
+                PolicyLoader.getInstance().getDataSetKeyTemplatesFromTemplate(PREFIX + "RoleDataSetTemplate1");
         assertEquals(1, keys.size());
         assertTrue(keys.contains("https://vivoweb.org/ontology/vitro-application/auth/individual/SubjectRole"));
     }
@@ -51,12 +52,13 @@ public void getDataSetUriByKeyTest() {
                 new String[] { AccessObjectType.NAMED_OBJECT.toString() });
         assertEquals(PREFIX + "PublicDataSet", uri);
     }
-    
+
     @Test
     public void getRoleDataSetValuesTemplateTest() {
         load(DATA_SET);
         List<String> values = PolicyLoader.getInstance().getDataSetValuesFromTemplate(PREFIX + "RoleDataSetTemplate1");
         assertEquals(1, values.size());
-        assertEquals(values.get(0), "https://vivoweb.org/ontology/vitro-application/auth/individual/PublicRoleValueContainer");
+        assertEquals(values.get(0),
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/PublicRoleValueContainer");
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index edb20a7b9c..0cbf1853e5 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -61,7 +61,7 @@ public class PolicyTest {
 
     public static final String TEMPLATE_RELATED_UPDATE_PATH =
             USER_ACCOUNTS_HOME_FIRSTTIME + "template_update_related_allowed_property.n3";
-    
+
     protected static final List<String> ROLE_LIST = Arrays.asList(ADMIN, CURATOR, EDITOR, SELF_EDITOR, PUBLIC);
     public static final String PREFIX = "https://vivoweb.org/ontology/vitro-application/auth/individual/";
     public static final String DATASET = "_dataset";
@@ -69,8 +69,8 @@ public class PolicyTest {
 
     private static final Log log = LogFactory.getLog(PolicyTest.class);
 
-    protected static final List<String> entityPolicies =
-            Arrays.asList(TEMPLATE_CLASS_PATH, TEMPLATE_PROPERTIES_PATH, TEMPLATE_RELATED_PROPERTIES_PATH, TEMPLATE_RELATED_UPDATE_PATH);
+    protected static final List<String> entityPolicies = Arrays.asList(TEMPLATE_CLASS_PATH, TEMPLATE_PROPERTIES_PATH,
+            TEMPLATE_RELATED_PROPERTIES_PATH, TEMPLATE_RELATED_UPDATE_PATH);
 
     protected Model accessControlModel;
     protected PolicyLoader loader;
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
index 646e341398..80d687b7e5 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
@@ -25,7 +25,8 @@ public class SimplePermissionTemplateTest extends PolicyTest {
     public void testAdminSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + ADMIN_SIMPLE_PERMISSIONS_PATH + EXT);
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/AdminDataSet";
+        String dataSetUri =
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/AdminDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
@@ -45,7 +46,8 @@ public void testAdminSimplePermissionPolicy() {
     public void testCuratorSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + CURATOR_SIMPLE_PERMISSIONS_PATH + EXT);
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/CuratorDataSet";
+        String dataSetUri =
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/CuratorDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
@@ -65,7 +67,8 @@ public void testCuratorSimplePermissionPolicy() {
     public void testEditorSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + EDITOR_SIMPLE_PERMISSIONS_PATH + EXT);
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/EditorDataSet";
+        String dataSetUri =
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/EditorDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
@@ -85,7 +88,8 @@ public void testEditorSimplePermissionPolicy() {
     public void testSelfEditorSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_PATH + EXT);
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/SelfEditorDataSet";
+        String dataSetUri =
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/SelfEditorDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
@@ -105,7 +109,8 @@ public void testSelfEditorSimplePermissionPolicy() {
     public void testPublicSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + PUBLIC_SIMPLE_PERMISSIONS_PATH + EXT);
-        String dataSetUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/PublicDataSet";
+        String dataSetUri =
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/PublicDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
@@ -120,15 +125,16 @@ public void testPublicSimplePermissionPolicy() {
         ar.setRoleUris(Arrays.asList(PUBLIC));
         assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
     }
-    
+
     @Test
     public void testCustomRole() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
-        
-        //Create custom data set
+
+        // Create custom data set
         PolicyTemplateController.createRoleDataSets(CUSTOM);
-        //Get data set uri by key: role uri and named object
-        String dataSetUri = loader.getDataSetUriByKey(new String[] { CUSTOM }, new String[] { AccessObjectType.NAMED_OBJECT.toString() });
+        // Get data set uri by key: role uri and named object
+        String dataSetUri = loader.getDataSetUriByKey(new String[] { CUSTOM },
+                new String[] { AccessObjectType.NAMED_OBJECT.toString() });
 
         assertTrue(dataSetUri != null);
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
index e20f6c157a..397874ef15 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -43,7 +43,8 @@ public void testPolicy() {
         load(TEMPLATE_RELATED_UPDATE_PATH);
         EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
         DynamicPolicy policy = null;
-        String dataSet = loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
+        String dataSet =
+                loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
 
         policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index 0dabc20f15..cd5b0b1e22 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -72,7 +72,7 @@ public void getEntityMapTest() {
 
     @Test
     public void getStatementsToRemoveTest() {
-        StringBuilder removals = armMigrator.getStatementsToRemove(); 
+        StringBuilder removals = armMigrator.getStatementsToRemove();
         assertTrue(StringUtils.isBlank(removals.toString()));
         EntityPolicyController.updateEntityDataSet("test:entity", AccessObjectType.CLASS,
                 AccessOperation.DISPLAY, ROLE_LIST, ROLE_LIST);

From 271a0d5285edb9244801835fca45514d645d64a9 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 24 Oct 2023 15:56:36 +0200
Subject: [PATCH 071/148] reorganized non modifiable statements policy template
 files

---
 .../NonModifiableStatementsPolicyTest.java    |  3 +-
 ...olicy_not_modifiable_statements_dataset.n3 | 27 ----------
 ... => template_not_modifiable_statements.n3} | 50 +++++++++++++------
 3 files changed, 35 insertions(+), 45 deletions(-)
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3
 rename home/src/main/resources/rdf/accessControl/firsttime/{policy_not_modifiable_statements.n3 => template_not_modifiable_statements.n3} (66%)

diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
index 7d621d186f..4736c0b437 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
@@ -19,12 +19,11 @@ public class NonModifiableStatementsPolicyTest extends PolicyTest {
 
     private static final String VALID = "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Valid";
     private static final String MOD_TIME = "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime";
-    public static final String NOT_MODIFIABLE_STATEMENTS_POLICY_PATH = "policy_not_modifiable_statements";
+    public static final String NOT_MODIFIABLE_STATEMENTS_POLICY_PATH = "template_not_modifiable_statements";
 
     @Test
     public void testNonModifiableStatementsPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + NOT_MODIFIABLE_STATEMENTS_POLICY_PATH + EXT);
-        load(USER_ACCOUNTS_HOME_FIRSTTIME + NOT_MODIFIABLE_STATEMENTS_POLICY_PATH + DATASET + EXT);
 
         String policyUri =
                 "https://vivoweb.org/ontology/vitro-application/auth/individual/template/non-modifiable-statements/PolicyTemplate";
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3
deleted file mode 100644
index e9c664e575..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements_dataset.n3
+++ /dev/null
@@ -1,27 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-ai:ProhibitedNamespaceExceptionsValueContainer
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#moniker> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/public#mainImage> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Link> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#primaryLink> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#additionalLink> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkAnchor> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkURL> ;
-    .
-
-ai:ProhibitedNamespaceValueContainer
-    ao:dataValue  ai:prohibitedNamespacePrefix ; 
-    .
-
-ai:prohibitedNamespacePrefix a ao:TestValue ;
-    ao:id "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#" ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
similarity index 66%
rename from home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index b4b4336aa7..5af333d4f9 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -66,52 +66,70 @@
 :PredicateUriStartWithProhibitedNamespace a ao:Check ;
     ao:operator ai:StartsWith ;
     ao:attribute ai:StatementPredicateUri ;
-    ao:templateValue ai:ProhibitedNamespaceValueSet .
+    ao:templateValue :ProhibitedNamespaceValueSet .
 
 :PredicateNotANamespaceException a ao:Check ;
     ao:operator ai:NotOneOf ;
     ao:attribute ai:StatementPredicateUri ;
-    ao:templateValue ai:ProhibitedNamespaceExceptionsValueSet .
+    ao:templateValue :ProhibitedNamespaceExceptionsValueSet .
 
 :SubjectUriStartWithProhibitedNamespace a ao:Check ;
     ao:operator ai:StartsWith ;
     ao:attribute ai:StatementSubjectUri ;
-    ao:templateValue ai:ProhibitedNamespaceValueSet .
+    ao:templateValue :ProhibitedNamespaceValueSet .
 
 :StatementSubjectNotOneOfProhibitedExceptions a ao:Check ;
     ao:operator ai:NotOneOf ;
     ao:attribute ai:StatementSubjectUri ;
-    ao:templateValue ai:ProhibitedNamespaceExceptionsValueSet .    
+    ao:templateValue :ProhibitedNamespaceExceptionsValueSet .    
 
 :StatementObjectUriStartsWithProhibitedNameSpace a ao:Check ;
     ao:operator ai:StartsWith ;
     ao:attribute ai:StatementObjectUri ;
-    ao:templateValue ai:ProhibitedNamespaceValueSet .
+    ao:templateValue :ProhibitedNamespaceValueSet .
 
 :ObjectUriNotOneOfProhibitedExceptions a ao:Check ;
     ao:operator ai:NotOneOf ;
     ao:attribute ai:StatementObjectUri ;
-    ao:templateValue ai:ProhibitedNamespaceExceptionsValueSet .  
+    ao:templateValue :ProhibitedNamespaceExceptionsValueSet .  
 
 ### Not modifiable data property statement attributes    
 
 ###DataSets
 :DataSets a ao:PolicyDataSets ;
-    ao:policyDataSet ai:NotModifiableStatementsPolicyDataSet .
+    ao:policyDataSet :NotModifiableStatementsPolicyDataSet .
 
-ai:NotModifiableStatementsPolicyDataSet a ao:PolicyDataSet ;
-    ao:dataSetValues ai:ProhibitedNamespaceExceptionsValueContainer ;
-    ao:dataSetValues ai:ProhibitedNamespaceValueContainer .
+:NotModifiableStatementsPolicyDataSet a ao:PolicyDataSet ;
+    ao:dataSetValues :ProhibitedNamespaceExceptionsValueContainer ;
+    ao:dataSetValues :ProhibitedNamespaceValueContainer .
 
-ai:ProhibitedNamespaceValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ProhibitedNamespaceValueContainer .
+:ProhibitedNamespaceValueSet a ao:AttributeValueSet ;
+    ao:attributeValue :ProhibitedNamespaceValueContainer .
 
-ai:ProhibitedNamespaceExceptionsValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ProhibitedNamespaceExceptionsValueContainer .
+:ProhibitedNamespaceExceptionsValueSet a ao:AttributeValueSet ;
+    ao:attributeValue :ProhibitedNamespaceExceptionsValueContainer .
 
-ai:ProhibitedNamespaceExceptionsValueContainer a ao:ValueContainer ;
+:ProhibitedNamespaceExceptionsValueContainer a ao:ValueContainer ;
     .
 
-ai:ProhibitedNamespaceValueContainer a ao:ValueContainer ;
+:ProhibitedNamespaceValueContainer a ao:ValueContainer ;
     .
+
+:ProhibitedNamespaceExceptionsValueContainer
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#moniker> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/public#mainImage> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Link> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#primaryLink> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#additionalLink> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkAnchor> ;
+    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkURL> ;
+    .
+
+:ProhibitedNamespaceValueContainer
+    ao:dataValue  :prohibitedNamespacePrefix ; 
+    .
+
+:prohibitedNamespacePrefix a ao:TestValue ;
+    ao:id "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#" ;
     

From 14b5c4fb7f4babfb27a5f4d04292a986c77ed0cc Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 24 Oct 2023 18:58:16 +0200
Subject: [PATCH 072/148] fixed policy/policy template loading

---
 .../vedit/controller/BaseEditController.java  | 28 +++----
 .../vedit/controller/OperationController.java |  3 +-
 .../auth/attributes/AccessOperation.java      | 10 +--
 .../auth/policy/EntityPolicyController.java   |  7 +-
 .../vitro/webapp/auth/policy/Policies.java    |  2 +
 .../webapp/auth/policy/PolicyLoader.java      | 74 ++++++++++---------
 .../vitro/webapp/auth/policy/PolicyStore.java | 16 +++-
 .../webapp/auth/policy/BasicPolicyTest.java   | 47 ++++++------
 .../auth/policy/EditablePagesPolicyTest.java  |  6 +-
 .../HomeMenuItemsRestrictionPolicyTest.java   |  7 +-
 .../NonModifiableStatementsPolicyTest.java    |  8 +-
 .../webapp/auth/policy/ProximityTest.java     |  5 +-
 .../auth/policy/RootUserPolicyTest.java       |  5 +-
 .../rdf/accessControl/firsttime/ontology.n3   |  1 -
 14 files changed, 130 insertions(+), 89 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
index 526f2196fd..a1a3179522 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
@@ -16,26 +16,25 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Random;
+import java.util.Set;
 
 import javax.servlet.http.HttpServletRequest;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
-import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import edu.cornell.mannlib.vedit.beans.EditProcessObject;
 import edu.cornell.mannlib.vedit.beans.Option;
 import edu.cornell.mannlib.vedit.util.FormUtils;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
+import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
 import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
-import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
 import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 public class BaseEditController extends VitroHttpServlet {
 
@@ -219,9 +218,12 @@ protected static void addAccessAttributes(HttpServletRequest req, String entityU
         }  
         req.setAttribute("roles", permissionSets);
         // If the namespace is empty (e.e. we are creating a new record)
-        for (AccessOperation ao : AccessOperation.getUserInterfaceSet()){
-            String groupName = ao.toString().toLowerCase().split("_")[0];
-            final String attributeName = groupName + "Roles";
+        List<AccessOperation> operations = AccessOperation.getUserInterfaceList();
+        req.setAttribute("operations", operations);
+
+        for (AccessOperation ao : operations){
+            String operationName = ao.toString().toLowerCase().split("_")[0];
+            final String attributeName = operationName + "Roles";
             if (StringUtils.isEmpty(entityURI)) {
                 // predefined values
                 req.setAttribute(attributeName, roleUris);
diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
index 07c3735c9b..992dbf4b1a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
@@ -150,7 +150,8 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
                     roleUris.add(permissionSet.getUri());
                 }  
                 // Get the granted permissions from the request object
-                for (AccessOperation ao : AccessOperation.getUserInterfaceSet()) {
+                List<AccessOperation> operations = AccessOperation.getUserInterfaceList();
+                for (AccessOperation ao : operations) {
                     String operationGroupName = ao.toString().toLowerCase().split("_")[0];
                     String[] selectedRoles = request.getParameterValues(operationGroupName + "Roles");
                     if(StringUtils.isBlank(entityUri)) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
index 539184dab2..889f87eb6a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
@@ -2,8 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
-import java.util.EnumSet;
-import java.util.Set;
+import java.util.Arrays;
+import java.util.List;
 
 public enum AccessOperation {
     EXECUTE,
@@ -14,8 +14,8 @@ public enum AccessOperation {
     DROP,
     EDIT;
 
-    public static Set<AccessOperation> getUserInterfaceSet() {
-        return EnumSet.of(AccessOperation.DISPLAY, AccessOperation.ADD, AccessOperation.DROP, AccessOperation.EDIT,
-                AccessOperation.PUBLISH);
+    public static List<AccessOperation> getUserInterfaceList() {
+        return Arrays.asList(AccessOperation.DISPLAY, AccessOperation.PUBLISH, AccessOperation.ADD,
+                AccessOperation.DROP, AccessOperation.EDIT);
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index 2fc435d87c..d6cde6d3f5 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -47,14 +47,17 @@ public static void updateEntityDataSet(String entityUri, AccessObjectType aot, A
                         String.format("Policy wasn't found by key:\n%s\n%s\n%s", ao.toString(), aot.toString(), role));
                 continue;
             }
+            PolicyStore policyStore = PolicyStore.getInstance();
             if (isSelected && !isInDataSet) {
                 loader.addEntityToPolicyDataSet(entityUri, aot, ao, role);
+                policyStore.remove(dataSetUri);
                 DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
-                PolicyStore.getInstance().add(policy);
+                policyStore.add(policy);
             } else if (!isSelected && isInDataSet) {
                 loader.removeEntityFromPolicyDataSet(entityUri, aot, ao, role);
+                policyStore.remove(dataSetUri);
                 DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
-                PolicyStore.getInstance().add(policy);
+                policyStore.add(policy);
             }
         }
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
index b22e0cdb2b..cdb6096599 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
@@ -17,4 +17,6 @@ public interface Policies {
     public long size();
 
     public void clear();
+
+    void remove(String policyUri);
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index f4a305bd7c..022e07a4cb 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -48,15 +48,14 @@ public class PolicyLoader {
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "SELECT DISTINCT ?" + POLICY + " ?" + PRIORITY + " \n"
+            + "SELECT DISTINCT ?policy \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?" + POLICY + " rdf:type ao:Policy .\n"
-            + "    OPTIONAL {?" + POLICY + " ao:priority ?set_priority"
-            + " . }\n"
-            + "    BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n"
+            + "    { ?policy a ao:Policy . }\n"
+            + "      UNION \n"
+            + "    { ?policy a ao:PolicyTemplate . }\n"
             + "  }\n"
-            + "} ORDER BY ?" + PRIORITY;
+            + "}";
 
     private static final String PRIORITY_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
             + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
@@ -349,11 +348,10 @@ public void loadPolicies() {
         List<String> policyUris = getPolicyUris();
         for (String uri : policyUris) {
             debug("Loading policy %s", uri);
-            DynamicPolicy policy = loadPolicy(uri);
-            if (policy != null) {
-                log.debug("Loaded policy " + uri);
-                // take policy priority into account
+            Set<DynamicPolicy> policies = loadPolicies(uri);
+            for (DynamicPolicy policy : policies) {
                 PolicyStore.getInstance().add(policy);
+                log.info("Loaded policy " + policy.getUri());
             }
         }
     }
@@ -380,28 +378,33 @@ protected void processQuerySolution(QuerySolution qs) {
         return policyUris;
     }
 
-    @Deprecated
-    public DynamicPolicy loadPolicy(String uri) {
+    public Set<DynamicPolicy> loadPolicies(String uri) {
+        Set<DynamicPolicy> policies = new HashSet<>();
         List<String> dataSetNames = getDataSetNames(uri);
-        Set<AccessRule> rules = new HashSet<>();
-        long priority = getPriority(uri);
-        try {
-            if (dataSetNames.isEmpty()) {
+        if (dataSetNames.isEmpty()) {
+            Set<AccessRule> rules = new HashSet<>();
+            try {
                 loadRulesWithoutDataSet(uri, rules);
-            } else {
-                for (String dataSetName : dataSetNames) {
-                    loadRulesForDataSet(rules, dataSetName);
+            } catch (Exception e) {
+                log.info(String.format("Policy '%s' failed to load ", uri));
+                log.debug(e, e);
+            }
+            if (!rules.isEmpty()) {
+                long priority = getPriority(uri);
+                DynamicPolicy policy = new DynamicPolicy(uri, priority);
+                policy.addRules(rules);
+                policies.add(policy);
+            }
+        } else {
+            for (String dataSetName : dataSetNames) {
+                DynamicPolicy policy = loadPolicyFromTemplateDataSet(dataSetName);
+                if (policy != null) {
+                    policies.add(policy);
                 }
             }
-        } catch (Exception e) {
-            return null;
-        }
-        if (rules.isEmpty()) {
-            return null;
         }
-        DynamicPolicy policy = new DynamicPolicy(uri, priority);
-        policy.addRules(rules);
-        return policy;
+
+        return policies;
     }
 
     public DynamicPolicy loadPolicyFromTemplateDataSet(String dataSetUri) {
@@ -410,7 +413,8 @@ public DynamicPolicy loadPolicyFromTemplateDataSet(String dataSetUri) {
         try {
             loadRulesForDataSet(rules, dataSetUri);
         } catch (Exception e) {
-            log.error(e, e);
+            log.info(String.format("Policy template dataset '%s' failed to load ", dataSetUri));
+            log.debug(e, e);
             return null;
         }
         if (rules.isEmpty()) {
@@ -753,35 +757,35 @@ private static void populateRule(AccessRule ar, QuerySolution qs) throws Excepti
 
     private static boolean isInvalidPolicySolution(QuerySolution qs) {
         if (!qs.contains("policyUri") || !qs.get("policyUri").isResource()) {
-            log.error("Query solution doesn't contain policy uri");
+            log.debug("Query solution doesn't contain policy uri");
             return true;
         }
         String policy = qs.get("policyUri").asResource().getURI();
         if (!qs.contains("rules") || !qs.get("rules").isResource()) {
-            log.error(String.format("Query solution for policy <%s> doesn't contain rules uri", policy));
+            log.debug(String.format("Query solution for policy <%s> doesn't contain rules uri", policy));
             return true;
         }
         if (!qs.contains("rule") || !qs.get("rule").isResource()) {
-            log.error(String.format("Query solution for policy <%s> doesn't contain rule uri", policy));
+            log.debug(String.format("Query solution for policy <%s> doesn't contain rule uri", policy));
             return true;
         }
         String rule = qs.get("rule").asResource().getLocalName();
         if (!qs.contains("check") || !qs.get("check").isResource()) {
-            log.error(String.format("Query solution for policy <%s> doesn't contain check uri", policy));
+            log.debug(String.format("Query solution for policy <%s> doesn't contain check uri", policy));
             return true;
         }
         String check = qs.get("check").asResource().getLocalName();
         if (!qs.contains("value")) {
-            log.error(String.format("Query solution for policy <%s> rule %s check %s doesn't contain value", policy,
+            log.debug(String.format("Query solution for policy <%s> rule %s check %s doesn't contain value", policy,
                     rule, check));
             return true;
         }
         if (!qs.contains("typeId") || !qs.get("typeId").isLiteral()) {
-            log.error(String.format("Query solution for policy <%s> doesn't contain check type id", policy));
+            log.debug(String.format("Query solution for policy <%s> doesn't contain check type id", policy));
             return true;
         }
         if (!qs.contains("testId") || !qs.get("testId").isLiteral()) {
-            log.error(String.format("Query solution for policy <%s> doesn't contain check test id", policy));
+            log.debug(String.format("Query solution for policy <%s> doesn't contain check test id", policy));
             return true;
         }
         return false;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
index 8ac6a403d5..26314fe453 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
@@ -5,10 +5,11 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Comparator;
-import java.util.LinkedHashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.CopyOnWriteArrayList;
 
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
 import org.apache.commons.logging.Log;
@@ -28,14 +29,23 @@ public static PolicyStore getInstance() {
         return INSTANCE;
     }
 
-    protected List<Policy> policyList = Collections.synchronizedList(new ArrayList<Policy>());
-    protected Map<String, Policy> policyMap = Collections.synchronizedMap(new LinkedHashMap<String, Policy>());
+    protected List<Policy> policyList = new CopyOnWriteArrayList<>();
+    protected Map<String, Policy> policyMap = new ConcurrentHashMap<>();
 
     @Override
     public boolean contains(Policy policy) {
         return policyList.contains(policy);
     }
 
+    @Override
+    public synchronized void remove(String policyUri) {
+        Policy oldPolicy = policyMap.get(policyUri);
+        if (oldPolicy != null) {
+            policyList.remove(oldPolicy);
+        }
+        policyMap.remove(policyUri);
+    }
+
     @Override
     public synchronized void add(Policy policy) {
         if (policy == null) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
index 79c7a5fd65..fca742cd2b 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyTest.java
@@ -5,6 +5,7 @@
 
 import java.io.StringWriter;
 import java.util.Collections;
+import java.util.Set;
 
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
@@ -34,57 +35,61 @@ public void testValidPolicy() {
     @Test
     public void testValidPolicyTemplate() {
         load(VALID_POLICY_TEMPLATE);
-        DynamicPolicy policy =
-                loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/ValidTestSetPolicy");
-        countRulesAndAttributes(policy, 2, Collections.singleton(2));
+        String uri = "https://vivoweb.org/ontology/vitro-application/auth/individual/ValidTestSetPolicy";
+        Set<DynamicPolicy> policies = loader.loadPolicies(uri);
+        assertEquals(2, policies.size());
+        DynamicPolicy policy = policies.iterator().next();
+        countRulesAndAttributes(policy, 1, Collections.singleton(2));
+        policy = policies.iterator().next();
+        countRulesAndAttributes(policy, 1, Collections.singleton(2));
     }
 
     @Test
     public void testBrokenTestId() {
         load(BROKEN_POLICY_BROKEN_TEST_ID);
-        DynamicPolicy policy = loader.loadPolicy(
-                "https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyBrokenTestTypeId");
-        assertTrue(policy == null);
+        String uri = "https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyBrokenTestTypeId";
+        Set<DynamicPolicy> policies = loader.loadPolicies(uri);
+        assertEquals(0, policies.size());
     }
 
     @Test
     public void testBrokenTypeId() {
         load(BROKEN_POLICY_BROKEN_TYPE_ID);
-        DynamicPolicy policy =
-                loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyTypeId");
-        assertTrue(policy == null);
+        String uri = "https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyTypeId";
+        Set<DynamicPolicy> policies = loader.loadPolicies(uri);
+        assertEquals(0, policies.size());
     }
 
     @Test
     public void testBrokenTest() {
         load(BROKEN_POLICY_BROKEN_TEST);
-        DynamicPolicy policy = loader.loadPolicy(
-                "https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyBrokenTestType");
-        assertTrue(policy == null);
+        String uri = "https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyBrokenTestType";
+        Set<DynamicPolicy> policies = loader.loadPolicies(uri);
+        assertEquals(0, policies.size());
     }
 
     @Test
     public void testBrokenType() {
         load(BROKEN_POLICY_BROKEN_TYPE);
-        DynamicPolicy policy =
-                loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyType");
-        assertTrue(policy == null);
+        String uri = "https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenPolicyType";
+        Set<DynamicPolicy> policies = loader.loadPolicies(uri);
+        assertEquals(0, policies.size());
     }
 
     @Test
     public void testBrokenAttributeValue() {
         load(BROKEN_POLICY_BROKEN_ATTRIBUTE_VALUES);
-        DynamicPolicy policy =
-                loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
-        assertTrue(policy == null);
+        String uri = "https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy";
+        Set<DynamicPolicy> policies = loader.loadPolicies(uri);
+        assertEquals(0, policies.size());
     }
 
     @Test
     public void testBrokenPolicyTemplate() {
         load(BROKEN_POLICY_TEMPLATE);
-        DynamicPolicy policy =
-                loader.loadPolicy("https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy");
-        assertTrue(policy == null);
+        String uri = "https://vivoweb.org/ontology/vitro-application/auth/individual/BrokenTestSetPolicy";
+        Set<DynamicPolicy> policies = loader.loadPolicies(uri);
+        assertEquals(0, policies.size());
     }
 
     @Test
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
index e0b255b2bf..af493045ee 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
@@ -1,9 +1,11 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
 import java.util.Arrays;
 import java.util.HashSet;
+import java.util.Set;
 
 import org.junit.Test;
 
@@ -17,7 +19,9 @@ public void testLoadEditablePagesPolicy() {
         load(EDITABLE_PAGES_POLICY_PATH);
         String policyUri =
                 "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/edit-individual-pages/Policy";
-        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
+        assertEquals(1, policies.size());
+        DynamicPolicy policy = policies.iterator().next();
         assertTrue(policy != null);
         countRulesAndAttributes(policy, 2, new HashSet<>(Arrays.asList(5, 6)));
     }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
index 87676bc5cf..56310870c5 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
@@ -3,6 +3,8 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
+import java.util.Set;
+
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
@@ -22,8 +24,9 @@ public void testHomeMenuItemsRestrictionPolicy() {
         load(MENU_ITEMS_POLICY_PATH);
         String policyUri =
                 "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/restrict-home-menu-items-editing/Policy";
-        DynamicPolicy policy = loader.loadPolicy(policyUri);
-        assertTrue(policy != null);
+        Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
+        assertEquals(1, policies.size());
+        DynamicPolicy policy = policies.iterator().next();
         assertEquals(9000, policy.getPriority());
         assertTrue(policy.getRules().size() > 0);
         final AccessRule rule = policy.getRules().iterator().next();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
index 4736c0b437..825d461289 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
@@ -4,7 +4,8 @@
 import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_LITERAL;
 import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
+
+import java.util.Set;
 
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
@@ -27,8 +28,9 @@ public void testNonModifiableStatementsPolicy() {
 
         String policyUri =
                 "https://vivoweb.org/ontology/vitro-application/auth/individual/template/non-modifiable-statements/PolicyTemplate";
-        DynamicPolicy policy = loader.loadPolicy(policyUri);
-        assertTrue(policy != null);
+        Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
+        assertEquals(1, policies.size());
+        DynamicPolicy policy = policies.iterator().next();
         assertEquals(8000, policy.getPriority());
         assertEquals(5, policy.getRules().size());
         AccessRule rule = policy.getRules().iterator().next();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
index 21d2617925..4f002f945e 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ProximityTest.java
@@ -4,6 +4,7 @@
 import static org.junit.Assert.assertTrue;
 
 import java.util.Arrays;
+import java.util.Set;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
@@ -25,7 +26,9 @@ public class ProximityTest extends PolicyTest {
     public void testProximityPolicy() {
         load(PROXIMITY_POLICY_PATH);
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/ProximityTestPolicy";
-        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
+        assertEquals(1, policies.size());
+        DynamicPolicy policy = policies.iterator().next();
         assertTrue(policy != null);
         assertTrue(policy.getRules().size() == 1);
         AccessRule rule = policy.getRules().iterator().next();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
index 8cac718d27..018cc11fe2 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
@@ -4,6 +4,7 @@
 import static org.junit.Assert.assertTrue;
 
 import java.util.Collections;
+import java.util.Set;
 
 import org.junit.Test;
 
@@ -15,7 +16,9 @@ public class RootUserPolicyTest extends PolicyTest {
     public void testLoadRootUserPolicy() {
         load(ROOT_POLICY_PATH);
         String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/root-user/Policy";
-        DynamicPolicy policy = loader.loadPolicy(policyUri);
+        Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
+        assertEquals(1, policies.size());
+        DynamicPolicy policy = policies.iterator().next();
         assertTrue(policy != null);
         assertEquals(10000, policy.getPriority());
         countRulesAndAttributes(policy, 1, Collections.singleton(1));
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3 b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
index 233ab57ce3..40bff200db 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
@@ -5,7 +5,6 @@
 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ##### Ontology

From 3dee33393f480408776d02fc6194fdf1c570c5bd Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 25 Oct 2023 14:46:55 +0200
Subject: [PATCH 073/148] fix jsp forms to support new operations

---
 .../vedit/controller/BaseEditController.java  | 196 ++++++++++++------
 .../vedit/controller/OperationController.java |   5 +-
 .../auth/attributes/AccessOperation.java      |  12 +-
 .../edit/DatapropRetryController.java         |   2 +-
 .../edit/specific/dataprop_retry.jsp          |  54 ++---
 .../edit/specific/fauxProperty_retry.jsp      |  54 ++---
 .../edit/specific/property_retry.jsp          |  54 ++---
 .../templates/edit/specific/vclass_retry.jsp  |  54 ++---
 8 files changed, 229 insertions(+), 202 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
index a1a3179522..39c1dc811e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
@@ -12,6 +12,8 @@
 import java.util.Comparator;
 import java.util.Enumeration;
 import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@@ -38,7 +40,7 @@
 
 public class BaseEditController extends VitroHttpServlet {
 
-	public static final String ENTITY_URI_ATTRIBUTE_NAME = "_permissionsEntityURI";
+    public static final String ENTITY_URI_ATTRIBUTE_NAME = "_permissionsEntityURI";
     public static final String ENTITY_TYPE_ATTRIBUTE_NAME = "_permissionsEntityType";
 
     public static final boolean FORCE_NEW = true; // when you know you're starting a new edit process
@@ -56,82 +58,87 @@ public class BaseEditController extends VitroHttpServlet {
     private final int MAX_EPOS = 5;
     private final Calendar cal = Calendar.getInstance();
 
-    /* EPO is reused if the controller is passed an epoKey, e.g.
-      if a previous form submission failed validation, or the edit is a multistage process. */
+    /*
+     * EPO is reused if the controller is passed an epoKey, e.g. if a previous form submission failed validation, or the
+     * edit is a multistage process.
+     */
 
     protected EditProcessObject createEpo(HttpServletRequest request) {
-    	return createEpo(request, false);
+        return createEpo(request, false);
     }
 
     protected EditProcessObject createEpo(HttpServletRequest request, boolean forceNew) {
-        /* this is actually a bit of a misnomer, because we will reuse an epo
-        if an epoKey parameter is passed */
+        /*
+         * this is actually a bit of a misnomer, because we will reuse an epo if an epoKey parameter is passed
+         */
         EditProcessObject epo = null;
         HashMap epoHash = getEpoHash(request);
         String existingEpoKey = request.getParameter("_epoKey");
-        if (!forceNew && existingEpoKey != null && epoHash.get(existingEpoKey) != null)  {
+        if (!forceNew && existingEpoKey != null && epoHash.get(existingEpoKey) != null) {
             epo = (EditProcessObject) epoHash.get(existingEpoKey);
             epo.setKey(existingEpoKey);
             epo.setUseRecycledBean(true);
         } else {
             LinkedList epoKeylist = getEpoKeylist(request);
             if (epoHash.size() == MAX_EPOS) {
-            	try {
-            		epoHash.remove(epoKeylist.getFirst());
-            		epoKeylist.removeFirst();
-            	} catch (Exception e) {
-            		// see JIRA issue VITRO-340, "Odd exception from backend editing"
-            		// possible rare concurrency issue here
-            		log.error("Error removing old EPO", e);
-            	}
+                try {
+                    epoHash.remove(epoKeylist.getFirst());
+                    epoKeylist.removeFirst();
+                } catch (Exception e) {
+                    // see JIRA issue VITRO-340, "Odd exception from backend editing"
+                    // possible rare concurrency issue here
+                    log.error("Error removing old EPO", e);
+                }
             }
             Random rand = new Random();
             String epoKey = createEpoKey();
             while (epoHash.get(epoKey) != null) {
-                epoKey+=Integer.toHexString(rand.nextInt());
+                epoKey += Integer.toHexString(rand.nextInt());
             }
             epo = new EditProcessObject();
-            epoHash.put (epoKey,epo);
+            epoHash.put(epoKey, epo);
             epoKeylist.add(epoKey);
             epo.setKey(epoKey);
-            epo.setReferer( (forceNew) ? request.getRequestURL().append('?').append(request.getQueryString()).toString() : request.getHeader("Referer") );
+            epo.setReferer((forceNew) ? request.getRequestURL().append('?').append(request.getQueryString()).toString()
+                    : request.getHeader("Referer"));
             epo.setSession(request.getSession());
         }
         return epo;
     }
 
-    private LinkedList getEpoKeylist(HttpServletRequest request){
+    private LinkedList getEpoKeylist(HttpServletRequest request) {
         return (LinkedList) request.getSession().getAttribute(EPO_KEYLIST_ATTR);
     }
 
-    private HashMap getEpoHash(HttpServletRequest request){
+    private HashMap getEpoHash(HttpServletRequest request) {
         HashMap epoHash = (HashMap) request.getSession().getAttribute(EPO_HASH_ATTR);
         if (epoHash == null) {
             epoHash = new HashMap();
-            request.getSession().setAttribute(EPO_HASH_ATTR,epoHash);
-            //since we're making a new EPO hash, we should also make a new keylist.
+            request.getSession().setAttribute(EPO_HASH_ATTR, epoHash);
+            // since we're making a new EPO hash, we should also make a new keylist.
             LinkedList epoKeylist = new LinkedList();
-            request.getSession().setAttribute(EPO_KEYLIST_ATTR,epoKeylist);
+            request.getSession().setAttribute(EPO_KEYLIST_ATTR, epoKeylist);
         }
         return epoHash;
     }
 
-    private String createEpoKey(){
+    private String createEpoKey() {
         return Long.toHexString(cal.getTimeInMillis());
     }
 
-    protected void setRequestAttributes(HttpServletRequest request, EditProcessObject epo){
-    	VitroRequest vreq = new VitroRequest(request);
-        request.setAttribute("epoKey",epo.getKey());
-        request.setAttribute("epo",epo);
-        request.setAttribute("globalErrorMsg",epo.getAttribute("globalErrorMsg"));
-        request.setAttribute("css", "<link rel=\"stylesheet\" type=\"text/css\" href=\""+vreq.getAppBean().getThemeDir()+"css/edit.css\"/>");
+    protected void setRequestAttributes(HttpServletRequest request, EditProcessObject epo) {
+        VitroRequest vreq = new VitroRequest(request);
+        request.setAttribute("epoKey", epo.getKey());
+        request.setAttribute("epo", epo);
+        request.setAttribute("globalErrorMsg", epo.getAttribute("globalErrorMsg"));
+        request.setAttribute("css", "<link rel=\"stylesheet\" type=\"text/css\" href=\""
+                + vreq.getAppBean().getThemeDir() + "css/edit.css\"/>");
     }
 
     protected void populateBeanFromParams(Object bean, HttpServletRequest request) {
         Map params = request.getParameterMap();
         Enumeration paramNames = request.getParameterNames();
-        while (paramNames.hasMoreElements()){
+        while (paramNames.hasMoreElements()) {
             String key = "";
             try {
                 key = (String) paramNames.nextElement();
@@ -162,9 +169,9 @@ protected void populateBeanFromParams(Object bean, HttpServletRequest request) {
         }
     }
 
-    public List<Option> getSortedList(HashMap<String,Option> hashMap, List<Option> optionList, VitroRequest vreq){
+    public List<Option> getSortedList(HashMap<String, Option> hashMap, List<Option> optionList, VitroRequest vreq) {
 
-        class ListComparator implements Comparator<String>{
+        class ListComparator implements Comparator<String> {
 
             Collator collator;
 
@@ -179,23 +186,22 @@ public int compare(String str1, String str2) {
 
         }
 
-       List<String> bodyVal = new ArrayList<String>();
-       List<Option> options = new ArrayList<Option>();
+        List<String> bodyVal = new ArrayList<String>();
+        List<Option> options = new ArrayList<Option>();
         for (Option option : optionList) {
             hashMap.put(option.getBody(), option);
             bodyVal.add(option.getBody());
         }
 
-
-       bodyVal.sort(new ListComparator(vreq.getCollator()));
+        bodyVal.sort(new ListComparator(vreq.getCollator()));
         for (String aBodyVal : bodyVal) {
             options.add(hashMap.get(aBodyVal));
         }
-       return options;
-   }
+        return options;
+    }
 
     protected WebappDaoFactory getWebappDaoFactory() {
-    	return ModelAccess.getInstance().getWebappDaoFactory(ASSERTIONS_ONLY);
+        return ModelAccess.getInstance().getWebappDaoFactory(ASSERTIONS_ONLY);
     }
 
     protected WebappDaoFactory getWebappDaoFactory(String userURI) {
@@ -203,7 +209,7 @@ protected WebappDaoFactory getWebappDaoFactory(String userURI) {
     }
 
     public String getDefaultLandingPage(HttpServletRequest request) {
-    	return(request.getContextPath() + DEFAULT_LANDING_PAGE);
+        return (request.getContextPath() + DEFAULT_LANDING_PAGE);
     }
 
     protected static void addAccessAttributes(HttpServletRequest req, String entityURI, AccessObjectType aot) {
@@ -212,27 +218,97 @@ protected static void addAccessAttributes(HttpServletRequest req, String entityU
 
         // Get the available permission sets
         List<PermissionSet> permissionSets = buildListOfSelectableRoles(ModelAccess.on(req).getWebappDaoFactory());
+        List<RoleInfo> roles = new ArrayList<>();
         List<String> roleUris = new ArrayList<>();
+
         for (PermissionSet permissionSet : permissionSets) {
+            roles.add(new RoleInfo(permissionSet));
             roleUris.add(permissionSet.getUri());
-        }  
-        req.setAttribute("roles", permissionSets);
-        // If the namespace is empty (e.e. we are creating a new record)
-        List<AccessOperation> operations = AccessOperation.getUserInterfaceList();
-        req.setAttribute("operations", operations);
-
-        for (AccessOperation ao : operations){
-            String operationName = ao.toString().toLowerCase().split("_")[0];
-            final String attributeName = operationName + "Roles";
-            if (StringUtils.isEmpty(entityURI)) {
-                // predefined values
-                req.setAttribute(attributeName, roleUris);
-            } else {
-                // Get the permission sets that grant permission for this entity
-                req.setAttribute(attributeName, EntityPolicyController.getGrantedRoles(entityURI, ao, aot, roleUris));
+        }
+        List<AccessOperation> accessOperations = AccessOperation.getOperations(aot);
+        // Operation, list of roles>
+        Map<String, List<RoleInfo>> operationsToRoles = new LinkedHashMap<>();
+        for (AccessOperation operation : accessOperations) {
+            List<RoleInfo> roleInfos = new LinkedList<>();
+            String operationName = StringUtils.capitalize(operation.toString().toLowerCase());
+            operationsToRoles.put(operationName, roleInfos);
+            for (RoleInfo role : roles) {
+                RoleInfo roleCopy = role.clone();
+                roleInfos.add(roleCopy);
+                if (operation.equals(AccessOperation.ADD) || operation.equals(AccessOperation.DROP)
+                        || operation.equals(AccessOperation.EDIT) || operation.equals(AccessOperation.PUBLISH)
+                        || operation.equals(AccessOperation.UPDATE)) {
+                    if (roleCopy.isPublic) {
+                        roleCopy.setEnabled(false);
+                        roleCopy.setGranted(false);
+                    }
+                }
             }
+            // If we are creating a new record
+            if (!StringUtils.isEmpty(entityURI)) {
+                Set<String> grantedRoles = new HashSet<String>(
+                        EntityPolicyController.getGrantedRoles(entityURI, operation, aot, roleUris));
+                for (RoleInfo roleInfo : roleInfos) {
+                    if (!grantedRoles.contains(roleInfo.getUri())) {
+                        roleInfo.setGranted(false);
+                    }
+                }
+            }
+        }
+        req.setAttribute("operationsToRoles", operationsToRoles);
+
+    }
+
+    public static class RoleInfo {
+        String uri;
+        String label;
+        private boolean enabled = true;
+        private boolean granted = true;
+        private boolean isPublic;
+
+        public RoleInfo(PermissionSet ps) {
+            uri = ps.getUri();
+            label = ps.getLabel();
+            isPublic = ps.isForPublic();
+        }
+
+        public RoleInfo(String uri, String label, boolean isPublic) {
+            this.uri = uri;
+            this.label = label;
+            this.isPublic = isPublic;
+        }
+
+        public String getUri() {
+            return uri;
+        }
+
+        public String getLabel() {
+            return label;
+        }
+
+        public boolean isEnabled() {
+            return enabled;
+        }
+
+        public void setEnabled(boolean enabled) {
+            this.enabled = enabled;
+        }
+
+        public boolean isGranted() {
+            return granted;
+        }
+
+        public void setGranted(boolean granted) {
+            this.granted = granted;
+        }
+
+        public RoleInfo clone() {
+            return new RoleInfo(uri, label, isPublic);
+        }
+
+        public boolean isPublic() {
+            return isPublic;
         }
-        
     }
 
     /**
@@ -242,7 +318,7 @@ protected static List<PermissionSet> buildListOfSelectableRoles(WebappDaoFactory
         List<PermissionSet> permissionSets = new ArrayList<>();
 
         // Get the non-public PermissionSets.
-        for (PermissionSet ps: wadf.getUserAccountsDao().getAllPermissionSets()) {
+        for (PermissionSet ps : wadf.getUserAccountsDao().getAllPermissionSets()) {
             if (!ps.isForPublic()) {
                 permissionSets.add(ps);
             }
@@ -257,12 +333,12 @@ public int compare(PermissionSet ps1, PermissionSet ps2) {
         });
 
         // Add the public PermissionSets.
-        for (PermissionSet ps: wadf.getUserAccountsDao().getAllPermissionSets()) {
+        for (PermissionSet ps : wadf.getUserAccountsDao().getAllPermissionSets()) {
             if (ps.isForPublic()) {
                 permissionSets.add(ps);
             }
         }
-        
+
         return permissionSets;
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
index 992dbf4b1a..6db4baebe9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
@@ -150,7 +150,8 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
                     roleUris.add(permissionSet.getUri());
                 }  
                 // Get the granted permissions from the request object
-                List<AccessOperation> operations = AccessOperation.getUserInterfaceList();
+                AccessObjectType aot = AccessObjectType.valueOf(entityType);
+                List<AccessOperation> operations = AccessOperation.getOperations(aot);
                 for (AccessOperation ao : operations) {
                     String operationGroupName = ao.toString().toLowerCase().split("_")[0];
                     String[] selectedRoles = request.getParameterValues(operationGroupName + "Roles");
@@ -162,7 +163,7 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
                         if (selectedRoles == null) {
                             selectedRoles = new String[0];
                         }
-                        EntityPolicyController.updateEntityDataSet(entityUri, AccessObjectType.valueOf(entityType), ao, Arrays.asList(selectedRoles), roleUris);
+                        EntityPolicyController.updateEntityDataSet(entityUri, aot, ao, Arrays.asList(selectedRoles), roleUris);
                     }
                 }
             }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
index 889f87eb6a..8a2b426e5a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java
@@ -14,8 +14,14 @@ public enum AccessOperation {
     DROP,
     EDIT;
 
-    public static List<AccessOperation> getUserInterfaceList() {
-        return Arrays.asList(AccessOperation.DISPLAY, AccessOperation.PUBLISH, AccessOperation.ADD,
-                AccessOperation.DROP, AccessOperation.EDIT);
+    public static List<AccessOperation> getOperations(AccessObjectType aot) {
+        if (aot.equals(AccessObjectType.DATA_PROPERTY)
+                || aot.equals(AccessObjectType.OBJECT_PROPERTY)
+                || aot.equals(AccessObjectType.FAUX_DATA_PROPERTY)
+                || aot.equals(AccessObjectType.FAUX_OBJECT_PROPERTY)) {
+            return Arrays.asList(AccessOperation.DISPLAY, AccessOperation.PUBLISH, AccessOperation.ADD,
+                    AccessOperation.DROP, AccessOperation.EDIT);
+        }
+        return Arrays.asList(AccessOperation.DISPLAY, AccessOperation.PUBLISH, AccessOperation.UPDATE);
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java
index 3fd3fda43e..7153ddaf9f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java
@@ -191,7 +191,7 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
         } catch (Exception e) {
             log.error("DatatypeRetryController could not forward to view.");
             log.error(e.getMessage());
-            log.error(e.getStackTrace());
+            log.error(e, e);
         }
 
     }
diff --git a/webapp/src/main/webapp/templates/edit/specific/dataprop_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/dataprop_retry.jsp
index 959828b2ca..6b35856959 100644
--- a/webapp/src/main/webapp/templates/edit/specific/dataprop_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/dataprop_retry.jsp
@@ -127,43 +127,29 @@
 </tr>
 <tr><td colspan="5"><hr class="formDivider"/></td></tr>
 <!-- Permissions -->
-<c:if test="${!empty roles}">
+<c:if test="${!empty operationsToRoles}">
 	<input id="_permissions" type="hidden" name="_permissions" value="enabled" />
 	<input id="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" value="${_permissionsEntityURI}" />
 	<input id="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" value="DATA_PROPERTY" />
-	<tr class="editformcell">
-		<td valign="top" colspan="5">
-			<b>Display</b> permissions for this property<br/>
-			<c:forEach var="role" items="${roles}">
-				<input id="display${role.label}" type="checkbox" name="displayRoles" value="${role.uri}" ${fn:contains(displayRoles, role.uri)?'checked':''}  />
-				<label class="inline" for="display${role.label}"> ${role.label}</label>
-				&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-			</c:forEach>
-		</td>
-	</tr>
-	<tr><td colspan="5"><hr class="formDivider"/></td></tr>
-	<tr class="editformcell">
-		<td valign="top" colspan="5">
-			<b>Update</b> permissions for this property<br/>
-			<c:forEach var="role" items="${roles}">
-				<input id="update${role.label}" type="checkbox" name="updateRoles" value="${role.uri}" ${fn:contains(updateRoles, role.uri)?'checked':''} ${role.isForPublic()?'disabled':''} />
-				<label class="inline" for="update${role.label}"> ${role.label}</label>
-				&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-			</c:forEach>
-		</td>
-	</tr>
-	<tr><td colspan="5"><hr class="formDivider"/></td></tr>
-	<tr class="editformcell">
-		<td valign="top" colspan="5">
-			<b>Publish</b> permissions for this property<br/>
-			<c:forEach var="role" items="${roles}">
-				<input id="publish${role.label}" type="checkbox" name="publishRoles" value="${role.uri}" ${fn:contains(publishRoles, role.uri)?'checked':''}  />
-				<label class="inline" for="publish${role.label}"> ${role.label}</label>
-				&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-			</c:forEach>
-		</td>
-	</tr>
-	<tr><td colspan="5"><hr class="formDivider"/></td></tr>
+	<c:forEach var="entry" items="${operationsToRoles}">
+		<tr class="editformcell">
+			<td valign="top" colspan="5"><b>${entry.key}</b> permissions for this property<br /> 
+				<c:set var="operationLowercase" value="${fn:toLowerCase(entry.key)}" />
+				<c:forEach var="role" items="${entry.value}">
+					<input id="${operationLowercase}${role.label}"
+						type="checkbox" name="${operationLowercase}Roles"
+						value="${role.uri}" ${role.granted?'checked':''}
+						${role.enabled?'':'disabled'} />
+					<label class="inline" for="${operationLowercase}${role.label}">${role.label}</label>
+				</c:forEach>
+			</td>
+		</tr>
+		<tr>
+			<td colspan="5">
+				<hr class="formDivider" />
+			</td>
+		</tr>
+	</c:forEach>
 </c:if>
 <!-- Permissions End -->
 <tr class="editformcell">
diff --git a/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp
index 2d864f27c7..577d30ea5c 100644
--- a/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/fauxProperty_retry.jsp
@@ -63,43 +63,29 @@
 <tr><td colspan="5"><hr class="formDivider"/></td></tr>
 
 <!-- Permissions -->
-<c:if test="${!empty roles}">
+<c:if test="${!empty operationsToRoles}">
     <input id="_permissions" type="hidden" name="_permissions" value="enabled" />
     <input id="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" value="${_permissionsEntityURI}" />
     <input id="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" value="${_faux_property_type}" />
-    <tr class="editformcell">
-        <td valign="top" colspan="5">
-            <b>Display</b> permissions for this property<br/>
-            <c:forEach var="role" items="${roles}">
-                <input id="display${role.label}" type="checkbox" name="displayRoles" value="${role.uri}" ${fn:contains(displayRoles, role.uri)?'checked':''}  />
-                <label class="inline" for="display${role.label}"> ${role.label}</label>
-                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-            </c:forEach>
-        </td>
-    </tr>
-    <tr><td colspan="5"><hr class="formDivider"/></td></tr>
-    <tr class="editformcell">
-        <td valign="top" colspan="5">
-            <b>Update</b> permissions for this property<br/>
-            <c:forEach var="role" items="${roles}">
-                <input id="update${role.label}" type="checkbox" name="updateRoles" value="${role.uri}" ${fn:contains(updateRoles, role.uri)?'checked':''} ${role.isForPublic()?'disabled':''} />
-                <label class="inline" for="update${role.label}"> ${role.label}</label>
-                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-            </c:forEach>
-        </td>
-    </tr>
-    <tr><td colspan="5"><hr class="formDivider"/></td></tr>
-    <tr class="editformcell">
-        <td valign="top" colspan="5">
-            <b>Publish</b> permissions for this property<br/>
-            <c:forEach var="role" items="${roles}">
-                <input id="publish${role.label}" type="checkbox" name="publishRoles" value="${role.uri}" ${fn:contains(publishRoles, role.uri)?'checked':''}  />
-                <label class="inline" for="publish${role.label}"> ${role.label}</label>
-                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-            </c:forEach>
-        </td>
-    </tr>
-    <tr><td colspan="5"><hr class="formDivider"/></td></tr>
+	<c:forEach var="entry" items="${operationsToRoles}">
+		<tr class="editformcell">
+			<td valign="top" colspan="5"><b>${entry.key}</b> permissions for this property<br /> 
+				<c:set var="operationLowercase" value="${fn:toLowerCase(entry.key)}" />
+				<c:forEach var="role" items="${entry.value}">
+					<input id="${operationLowercase}${role.label}"
+						type="checkbox" name="${operationLowercase}Roles"
+						value="${role.uri}" ${role.granted?'checked':''}
+						${role.enabled?'':'disabled'} />
+					<label class="inline" for="${operationLowercase}${role.label}">${role.label}</label>
+				</c:forEach>
+			</td>
+		</tr>
+		<tr>
+			<td colspan="5">
+				<hr class="formDivider" />
+			</td>
+		</tr>
+	</c:forEach>
 </c:if>
 <!-- Permissions End -->
 
diff --git a/webapp/src/main/webapp/templates/edit/specific/property_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/property_retry.jsp
index 19da776ae2..00ad410eb9 100644
--- a/webapp/src/main/webapp/templates/edit/specific/property_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/property_retry.jsp
@@ -190,43 +190,29 @@
 </tr>
 <tr><td colspan="5"><hr class="formDivider"/></td></tr>
 <!-- Permissions -->
-<c:if test="${!empty roles}">
+<c:if test="${!empty operationsToRoles}">
     <input id="_permissions" type="hidden" name="_permissions" value="enabled" />
     <input id="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" value="${_permissionsEntityURI}" />
     <input id="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" value="OBJECT_PROPERTY" />
-    <tr class="editformcell">
-        <td valign="top" colspan="5">
-            <b>Display</b> permissions for this property<br/>
-            <c:forEach var="role" items="${roles}">
-                <input id="display${role.label}" type="checkbox" name="displayRoles" value="${role.uri}" ${fn:contains(displayRoles, role.uri)?'checked':''}  />
-                <label class="inline" for="display${role.label}"> ${role.label}</label>
-                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-            </c:forEach>
-        </td>
-    </tr>
-    <tr><td colspan="5"><hr class="formDivider"/></td></tr>
-    <tr class="editformcell">
-        <td valign="top" colspan="5">
-            <b>Update</b> permissions for this property<br/>
-            <c:forEach var="role" items="${roles}">
-                <input id="update${role.label}" type="checkbox" name="updateRoles" value="${role.uri}" ${fn:contains(updateRoles, role.uri)?'checked':''} ${role.isForPublic()?'disabled':''} />
-                <label class="inline" for="update${role.label}"> ${role.label}</label>
-                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-            </c:forEach>
-        </td>
-    </tr>
-    <tr><td colspan="5"><hr class="formDivider"/></td></tr>
-    <tr class="editformcell">
-        <td valign="top" colspan="5">
-            <b>Publish</b> permissions for this property<br/>
-            <c:forEach var="role" items="${roles}">
-                <input id="publish${role.label}" type="checkbox" name="publishRoles" value="${role.uri}" ${fn:contains(publishRoles, role.uri)?'checked':''}  />
-                <label class="inline" for="publish${role.label}"> ${role.label}</label>
-                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-            </c:forEach>
-        </td>
-    </tr>
-    <tr><td colspan="5"><hr class="formDivider"/></td></tr>
+	<c:forEach var="entry" items="${operationsToRoles}">
+		<tr class="editformcell">
+			<td valign="top" colspan="5"><b>${entry.key}</b> permissions for this property<br /> 
+				<c:set var="operationLowercase" value="${fn:toLowerCase(entry.key)}" />
+				<c:forEach var="role" items="${entry.value}">
+					<input id="${operationLowercase}${role.label}"
+						type="checkbox" name="${operationLowercase}Roles"
+						value="${role.uri}" ${role.granted?'checked':''}
+						${role.enabled?'':'disabled'} />
+					<label class="inline" for="${operationLowercase}${role.label}">${role.label}</label>
+				</c:forEach>
+			</td>
+		</tr>
+		<tr>
+			<td colspan="5">
+				<hr class="formDivider" />
+			</td>
+		</tr>
+	</c:forEach>
 </c:if>
 <!-- Permissions End -->
 <tr class="editformcell">
diff --git a/webapp/src/main/webapp/templates/edit/specific/vclass_retry.jsp b/webapp/src/main/webapp/templates/edit/specific/vclass_retry.jsp
index 307815ad40..864879e82c 100644
--- a/webapp/src/main/webapp/templates/edit/specific/vclass_retry.jsp
+++ b/webapp/src/main/webapp/templates/edit/specific/vclass_retry.jsp
@@ -88,43 +88,29 @@
 </tr>
 <tr><td colspan="4"><hr class="formDivider"/></td></tr>
 <!-- Permissions -->
-<c:if test="${!empty roles}">
+<c:if test="${!empty operationsToRoles}">
     <input id="_permissions" type="hidden" name="_permissions" value="enabled" />
     <input id="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_URI_ATTRIBUTE_NAME}" value="${_permissionsEntityURI}" />
     <input id="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" type="hidden" name="${BaseEditController.ENTITY_TYPE_ATTRIBUTE_NAME}" value="CLASS" />
-    <tr class="editformcell">
-        <td valign="top" colspan="4">
-            <b>Display</b> permissions for this property<br/>
-            <c:forEach var="role" items="${roles}">
-                <input id="display${role.label}" type="checkbox" name="displayRoles" value="${role.uri}" ${fn:contains(displayRoles, role.uri)?'checked':''} />
-                <label class="inline" for="display${role.label}"> ${role.label}</label>
-                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-            </c:forEach>
-        </td>
-    </tr>
-    <tr><td colspan="4"><hr class="formDivider"/></td></tr>
-    <tr class="editformcell">
-        <td valign="top" colspan="4">
-            <b>Update</b> permissions for this property<br/>
-            <c:forEach var="role" items="${roles}">
-                <input id="update${role.label}" type="checkbox" name="updateRoles" value="${role.uri}" ${fn:contains(updateRoles, role.uri)?'checked':''} ${role.isForPublic()?'disabled':''} />
-                <label class="inline" for="update${role.label}"> ${role.label}</label>
-                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-            </c:forEach>
-        </td>
-    </tr>
-    <tr><td colspan="4"><hr class="formDivider"/></td></tr>
-    <tr class="editformcell">
-        <td valign="top" colspan="4">
-            <b>Publish</b> permissions for this property<br/>
-            <c:forEach var="role" items="${roles}">
-                <input id="publish${role.label}" type="checkbox" name="publishRoles" value="${role.uri}" ${fn:contains(publishRoles, role.uri)?'checked':''}  />
-                <label class="inline" for="publish${role.label}"> ${role.label}</label>
-                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-            </c:forEach>
-        </td>
-    </tr>
-    <tr><td colspan="4"><hr class="formDivider"/></td></tr>
+	<c:forEach var="entry" items="${operationsToRoles}">
+		<tr class="editformcell">
+			<td valign="top" colspan="5"><b>${entry.key}</b> permissions for this property<br /> 
+				<c:set var="operationLowercase" value="${fn:toLowerCase(entry.key)}" />
+				<c:forEach var="role" items="${entry.value}">
+					<input id="${operationLowercase}${role.label}"
+						type="checkbox" name="${operationLowercase}Roles"
+						value="${role.uri}" ${role.granted?'checked':''}
+						${role.enabled?'':'disabled'} />
+					<label class="inline" for="${operationLowercase}${role.label}">${role.label}</label>
+				</c:forEach>
+			</td>
+		</tr>
+		<tr>
+			<td colspan="5">
+				<hr class="formDivider" />
+			</td>
+		</tr>
+	</c:forEach>
 </c:if>
 <!-- Permissions End -->
 <tr class="editformcell">

From 3ac16d731011ab209c0474b8c7e84cf8dc125d8c Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 25 Oct 2023 14:47:23 +0200
Subject: [PATCH 074/148] fix error log for jsp controllers

---
 .../webapp/controller/edit/DatatypeRetryController.java      | 5 ++---
 .../vitro/webapp/controller/edit/EntityRetryController.java  | 2 +-
 .../webapp/controller/edit/FauxPropertyRetryController.java  | 2 +-
 .../controller/edit/IndividualTypeRetryController.java       | 2 +-
 .../webapp/controller/edit/PropertyRetryController.java      | 2 +-
 5 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatatypeRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatatypeRetryController.java
index 852ebcf60b..ce8fac8c9b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatatypeRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/DatatypeRetryController.java
@@ -97,10 +97,9 @@ public void doPost (HttpServletRequest req, HttpServletResponse response) {
         try {
             JSPPageHandler.renderBasicPage(request, response, "/templates/edit/formBasic.jsp");
         } catch (Exception e) {
-            log.error("VclassRetryContro" +
-                    "ller could not forward to view.");
+            log.error("VclassRetryController could not forward to view.");
             log.error(e.getMessage());
-            log.error(e.getStackTrace());
+            log.error(e, e);
         }
 
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/EntityRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/EntityRetryController.java
index ea8c0f69b4..926545550d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/EntityRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/EntityRetryController.java
@@ -303,7 +303,7 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
         } catch (Exception e) {
             log.error("EntityRetryController could not forward to view.");
             log.error(e.getMessage());
-            log.error(e.getStackTrace());
+            log.error(e, e);
         }
 
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java
index e71fd6234c..7b45fe94f6 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java
@@ -89,7 +89,7 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) {
 		} catch (Exception e) {
 			log.error("Could not forward to view.");
 			log.error(e.getMessage());
-			log.error(e.getStackTrace());
+			log.error(e, e);
 		}
 
 	}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/IndividualTypeRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/IndividualTypeRetryController.java
index f6dbeed4cd..f9e2ddb000 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/IndividualTypeRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/IndividualTypeRetryController.java
@@ -100,7 +100,7 @@ public void doGet (HttpServletRequest request, HttpServletResponse response) {
 	        } catch (Exception e) {
 	            log.error(this.getClass().getName()+" could not forward to view.");
 	            log.error(e.getMessage());
-	            log.error(e.getStackTrace());
+	            log.error(e, e);
 	        }
 
 	}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java
index 598705d16c..a269a9c5f9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java
@@ -191,7 +191,7 @@ public void doPost (HttpServletRequest req, HttpServletResponse response) {
         } catch (Exception e) {
             log.error("PropertyRetryController could not forward to view.");
             log.error(e.getMessage());
-            log.error(e.getStackTrace());
+            log.error(e, e);
         }
 
     }

From 07f3536c42355f7b162e671ac98c89cc06e69498 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 25 Oct 2023 16:37:38 +0200
Subject: [PATCH 075/148] Migration of custom permission sets for ARM

---
 .../webapp/migration/auth/ArmMigrator.java    | 64 ++++++++++++++++---
 .../webapp/migration/auth/AuthMigrator.java   | 14 ++--
 .../migration/auth/ArmMigratorTest.java       | 33 +++++++---
 3 files changed, 90 insertions(+), 21 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
index 00f565fba5..af95195d7d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
@@ -13,6 +13,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTemplateController;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFServiceException;
@@ -36,9 +37,8 @@ public class ArmMigrator {
     protected static final String ARM_EDITOR = "EDITOR";
     protected static final String ARM_SELF_EDITOR = "SELF_EDITOR";
     protected static final String ARM_PUBLIC = "PUBLIC";
+    protected static final String ARM_CUSTOM = "CUSTOM";
 
-    protected static final List<String> armRoles =
-            Arrays.asList(ARM_ADMIN, ARM_CURATOR, ARM_EDITOR, ARM_SELF_EDITOR, ARM_PUBLIC);
     protected static final List<String> armOperations = Arrays.asList(DISPLAY, UPDATE, PUBLISH);
     protected static final List<AccessObjectType> entityTypes =
             Arrays.asList(AccessObjectType.CLASS, AccessObjectType.OBJECT_PROPERTY, AccessObjectType.DATA_PROPERTY,
@@ -47,10 +47,24 @@ public class ArmMigrator {
     private RDFService contentRdfService;
     private RDFService configurationRdfService;
 
-    private String VALUE_QUERY = "" + "SELECT ?uri \n" + "WHERE {\n" + "  GRAPH <" + ModelNames.USER_ACCOUNTS + "> {\n"
-            + "  ?permission <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity> ?uri . \n" + "  }\n"
+    private String VALUE_QUERY = "" 
+            + "SELECT ?uri \n" 
+            + "WHERE {\n" 
+            + "  GRAPH <" + ModelNames.USER_ACCOUNTS + "> {\n"
+            + "  ?permission <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity> ?uri . \n" 
+            + "  }\n"
             + "}";
 
+    private String PERMISSION_SETS_QUERY = "" 
+            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+            + "SELECT ?uri \n" 
+            + "WHERE {\n" 
+            + "  GRAPH <" + ModelNames.USER_ACCOUNTS + "> {\n"
+            + "    ?uri a auth:PermissionSet . \n" 
+            + "  }\n"
+            + "}";
+
+
     private static Map<String, String> roleMap;
     private static Map<String, OperationGroup> operationMap;
 
@@ -61,18 +75,33 @@ public ArmMigrator(RDFService contentRdfService, RDFService configurationRdfServ
         operationMap.put(DISPLAY, OperationGroup.DISPLAY_GROUP);
         operationMap.put(UPDATE, OperationGroup.UPDATE_GROUP);
         operationMap.put(PUBLISH, OperationGroup.PUBLISH_GROUP);
+        
         roleMap = new HashMap<>();
         roleMap.put(ARM_ADMIN, AuthMigrator.ROLE_ADMIN_URI);
         roleMap.put(ARM_CURATOR, AuthMigrator.ROLE_CURATOR_URI);
         roleMap.put(ARM_EDITOR, AuthMigrator.ROLE_EDITOR_URI);
         roleMap.put(ARM_SELF_EDITOR, AuthMigrator.ROLE_SELF_EDITOR_URI);
         roleMap.put(ARM_PUBLIC, AuthMigrator.ROLE_PUBLIC_URI);
+        Set<String> actualRoles = getPermissionSets();
+        for (String role : actualRoles) {
+            if(!roleMap.values().contains(role)) {
+                String roleName = getRoleName(role);
+                log.info(String.format("Custom role %s found.", roleName));
+                roleMap.put(roleName, role);
+                PolicyTemplateController.createRoleDataSets(role);
+                log.info(String.format("Created policy data sets for custom role %s.", roleName));
+            }
+        }
     }
 
     public static String getArmPermissionSubject(String operation, String role) {
         return "java:edu.cornell.mannlib.vitro.webapp.auth.permissions.Entity" + operation + "Permission#" + role;
     }
 
+    private static String getRoleName(String roleUri) {
+        return roleUri.substring(roleUri.lastIndexOf('#') + 1);
+    }
+    
     public void migrateConfiguration() {
         cleanEntityDataSetValues();
         Map<AccessObjectType, Set<String>> entityTypeMap = getEntityMap();
@@ -88,7 +117,7 @@ private void cleanEntityDataSetValues() {
 
     protected StringBuilder getStatementsToRemove() {
         StringBuilder removals = new StringBuilder();
-        for (String role : armRoles) {
+        for (String role : roleMap.keySet()) {
             String newRole = roleMap.get(role);
             for (String operation : armOperations) {
                 OperationGroup og = operationMap.get(operation);
@@ -128,7 +157,7 @@ private Set<String> getFauxByBase(String baseUri) {
 
     protected void collectAdditions(Map<AccessObjectType, Set<String>> entityTypeMap, StringBuilder additions) {
 
-        for (String role : armRoles) {
+        for (String role : roleMap.keySet()) {
             String newRole = roleMap.get(role);
             for (String operation : armOperations) {
                 String permissionUri = getArmPermissionSubject(operation, role);
@@ -272,8 +301,11 @@ public boolean isArmConfiguation() {
 
     private boolean containsAdminDisplayPermission() {
         boolean result = false;
-        String query = "" + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n" + "ASK WHERE {\n"
-                + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n" + "       <"
+        String query = "" 
+                + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n" 
+                + "ASK WHERE {\n"
+                + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n" 
+                + "       <"
                 + getArmPermissionSubject(DISPLAY, ARM_ADMIN) + "> ?p ?o .\n" + "  }\n" + "}";
         try {
             result = configurationRdfService.sparqlAskQuery(query);
@@ -282,4 +314,20 @@ private boolean containsAdminDisplayPermission() {
         }
         return result;
     }
+    
+    private Set<String> getPermissionSets() {
+        Set<String> permissionSets = new HashSet<>();
+        String queryText = PERMISSION_SETS_QUERY;
+        try {
+            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, configurationRdfService);
+            while (rs.hasNext()) {
+                QuerySolution qs = rs.next();
+                String entity = qs.getResource("uri").getURI();
+                permissionSets.add(entity);
+            }
+        } catch (Exception e) {
+            log.error(e, e);
+        }
+        return permissionSets;
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 5af1258e96..0a72ee5505 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -61,20 +61,26 @@ protected void initialize(RDFService content, RDFService configuration) {
 
     protected void convertAuthorizationConfiguration() {
         if (isArmConfiguration()) {
-            convertArmConfiguration();
+            migrateArmConfiguration();
         } else {
-            convertAnnotationConfiguation();
+            migrateAnnotationConfiguation();
         }
+        migrateSimplePermissions();
         removeVersion(getVersion());
         setVersion(1L);
     }
 
-    private void convertArmConfiguration() {
+    private void migrateSimplePermissions() {
+        // TODO Auto-generated method stub
+        
+    }
+
+    private void migrateArmConfiguration() {
         ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService);
         armMigrator.migrateConfiguration();
     }
 
-    private void convertAnnotationConfiguation() {
+    private void migrateAnnotationConfiguation() {
         AnnotationMigrator annotationMigrator = new AnnotationMigrator(contentRdfService, configurationRdfService);
         annotationMigrator.migrateConfiguration();
     }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index cd5b0b1e22..f39910ff35 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -12,6 +12,8 @@
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
+import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
 import org.apache.commons.lang3.StringUtils;
@@ -40,6 +42,7 @@ public class ArmMigratorTest extends AuthMigratorTest {
     public void initArmMigration() {
         userAccountsModel = ModelFactory.createDefaultModel();
         configurationDataSet.addNamedModel(ModelNames.USER_ACCOUNTS, userAccountsModel);
+        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.PERMISSIONSET, VitroVocabulary.RDF_TYPE);
         armMigrator = new ArmMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet));
     }
 
@@ -53,8 +56,12 @@ public void isArmConfigurationTest() {
     private void addArmStatement(String role, String operation, String uri) {
         String persmissionUri = ArmMigrator.getArmPermissionSubject(operation, role);
         String objectUri = uri;
-        Statement statement = new StatementImpl(new ResourceImpl(persmissionUri), new PropertyImpl(propertyUri),
-                new ResourceImpl(objectUri));
+        addUserAccountsStatement(persmissionUri, objectUri, propertyUri);
+    }
+
+    private void addUserAccountsStatement(String subjUri, String objUri, String pUri) {
+        Statement statement =
+                new StatementImpl(new ResourceImpl(subjUri), new PropertyImpl(pUri), new ResourceImpl(objUri));
         userAccountsModel.add(statement);
         configurationDataSet.replaceNamedModel(ModelNames.USER_ACCOUNTS, userAccountsModel);
     }
@@ -87,7 +94,7 @@ public void migrateConfigurationTest() {
         addArmStatement(ArmMigrator.ARM_CURATOR, ArmMigrator.UPDATE, OBJECT_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_SELF_EDITOR, ArmMigrator.DISPLAY, CLASS_URI);
         addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, CLASS_URI);
-        //addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.UPDATE, CLASS_URI);
+        
         addArmStatement(ArmMigrator.ARM_ADMIN, ArmMigrator.DISPLAY, DATA_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, DATA_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_CURATOR, ArmMigrator.UPDATE, DATA_PROPERTY_URI);
@@ -97,18 +104,26 @@ public void migrateConfigurationTest() {
         addArmStatement(ArmMigrator.ARM_PUBLIC, ArmMigrator.DISPLAY, FAUX_OBJECT_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, FAUX_OBJECT_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_CURATOR, ArmMigrator.UPDATE, FAUX_OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_CUSTOM, ArmMigrator.DISPLAY, OBJECT_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_CUSTOM, ArmMigrator.UPDATE, FAUX_DATA_PROPERTY_URI);
+        addArmStatement(ArmMigrator.ARM_CUSTOM, ArmMigrator.DISPLAY, CLASS_URI);
+
+        // TODO Class UPDATE permissions migration.
+        // addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.UPDATE, CLASS_URI);
+        // addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.UPDATE, CLASS_URI);
+        
         Map<AccessObjectType, Set<String>> entityTypeMap = armMigrator.getEntityMap();
         StringBuilder additions = new StringBuilder();
         armMigrator.collectAdditions(entityTypeMap, additions);
         String stringResult = additions.toString();
         assertFalse(stringResult.isEmpty());
-        assertEquals(27, getCount("\n", stringResult));
-        assertEquals(27, getCount(dataValue, stringResult));
-        assertEquals(5, getCount(OBJECT_PROPERTY_URI, stringResult));
-        assertEquals(2, getCount(CLASS_URI, stringResult));
+        assertEquals(33, getCount("\n", stringResult));
+        assertEquals(33, getCount(dataValue, stringResult));
+        assertEquals(6, getCount(OBJECT_PROPERTY_URI, stringResult));
+        assertEquals(3, getCount(CLASS_URI, stringResult));
         assertEquals(5, getCount(DATA_PROPERTY_URI, stringResult));
-        assertEquals(9, getCount(FAUX_DATA_PROPERTY_URI, stringResult));
-        assertEquals(6, getCount(FAUX_OBJECT_PROPERTY_URI, stringResult));
+        assertEquals(12, getCount(FAUX_DATA_PROPERTY_URI, stringResult));
+        assertEquals(7, getCount(FAUX_OBJECT_PROPERTY_URI, stringResult));
     }
 
     private static long getCount(String pattern, String lines) {

From a76edb9df950d93dedabdec7138eee4d8c40512d Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 25 Oct 2023 16:51:26 +0200
Subject: [PATCH 076/148] checkstyle fixes

---
 .../webapp/migration/auth/ArmMigrator.java    | 31 +++++++++----------
 .../webapp/migration/auth/AuthMigrator.java   |  2 +-
 .../migration/auth/ArmMigratorTest.java       |  4 +--
 3 files changed, 18 insertions(+), 19 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
index af95195d7d..633cda1f51 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
@@ -47,24 +47,23 @@ public class ArmMigrator {
     private RDFService contentRdfService;
     private RDFService configurationRdfService;
 
-    private String VALUE_QUERY = "" 
-            + "SELECT ?uri \n" 
-            + "WHERE {\n" 
+    private String VALUE_QUERY = ""
+            + "SELECT ?uri \n"
+            + "WHERE {\n"
             + "  GRAPH <" + ModelNames.USER_ACCOUNTS + "> {\n"
-            + "  ?permission <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity> ?uri . \n" 
+            + "  ?permission <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity> ?uri . \n"
             + "  }\n"
             + "}";
 
-    private String PERMISSION_SETS_QUERY = "" 
+    private String PERMISSION_SETS_QUERY = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-            + "SELECT ?uri \n" 
-            + "WHERE {\n" 
+            + "SELECT ?uri \n"
+            + "WHERE {\n"
             + "  GRAPH <" + ModelNames.USER_ACCOUNTS + "> {\n"
-            + "    ?uri a auth:PermissionSet . \n" 
+            + "    ?uri a auth:PermissionSet . \n"
             + "  }\n"
             + "}";
 
-
     private static Map<String, String> roleMap;
     private static Map<String, OperationGroup> operationMap;
 
@@ -75,7 +74,7 @@ public ArmMigrator(RDFService contentRdfService, RDFService configurationRdfServ
         operationMap.put(DISPLAY, OperationGroup.DISPLAY_GROUP);
         operationMap.put(UPDATE, OperationGroup.UPDATE_GROUP);
         operationMap.put(PUBLISH, OperationGroup.PUBLISH_GROUP);
-        
+
         roleMap = new HashMap<>();
         roleMap.put(ARM_ADMIN, AuthMigrator.ROLE_ADMIN_URI);
         roleMap.put(ARM_CURATOR, AuthMigrator.ROLE_CURATOR_URI);
@@ -84,7 +83,7 @@ public ArmMigrator(RDFService contentRdfService, RDFService configurationRdfServ
         roleMap.put(ARM_PUBLIC, AuthMigrator.ROLE_PUBLIC_URI);
         Set<String> actualRoles = getPermissionSets();
         for (String role : actualRoles) {
-            if(!roleMap.values().contains(role)) {
+            if (!roleMap.values().contains(role)) {
                 String roleName = getRoleName(role);
                 log.info(String.format("Custom role %s found.", roleName));
                 roleMap.put(roleName, role);
@@ -101,7 +100,7 @@ public static String getArmPermissionSubject(String operation, String role) {
     private static String getRoleName(String roleUri) {
         return roleUri.substring(roleUri.lastIndexOf('#') + 1);
     }
-    
+
     public void migrateConfiguration() {
         cleanEntityDataSetValues();
         Map<AccessObjectType, Set<String>> entityTypeMap = getEntityMap();
@@ -301,10 +300,10 @@ public boolean isArmConfiguation() {
 
     private boolean containsAdminDisplayPermission() {
         boolean result = false;
-        String query = "" 
-                + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n" 
+        String query = ""
+                + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
                 + "ASK WHERE {\n"
-                + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n" 
+                + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n"
                 + "       <"
                 + getArmPermissionSubject(DISPLAY, ARM_ADMIN) + "> ?p ?o .\n" + "  }\n" + "}";
         try {
@@ -314,7 +313,7 @@ private boolean containsAdminDisplayPermission() {
         }
         return result;
     }
-    
+
     private Set<String> getPermissionSets() {
         Set<String> permissionSets = new HashSet<>();
         String queryText = PERMISSION_SETS_QUERY;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 0a72ee5505..4326a9d458 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -72,7 +72,7 @@ protected void convertAuthorizationConfiguration() {
 
     private void migrateSimplePermissions() {
         // TODO Auto-generated method stub
-        
+
     }
 
     private void migrateArmConfiguration() {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index f39910ff35..eb813a4464 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -94,7 +94,7 @@ public void migrateConfigurationTest() {
         addArmStatement(ArmMigrator.ARM_CURATOR, ArmMigrator.UPDATE, OBJECT_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_SELF_EDITOR, ArmMigrator.DISPLAY, CLASS_URI);
         addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, CLASS_URI);
-        
+
         addArmStatement(ArmMigrator.ARM_ADMIN, ArmMigrator.DISPLAY, DATA_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, DATA_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_CURATOR, ArmMigrator.UPDATE, DATA_PROPERTY_URI);
@@ -111,7 +111,7 @@ public void migrateConfigurationTest() {
         // TODO Class UPDATE permissions migration.
         // addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.UPDATE, CLASS_URI);
         // addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.UPDATE, CLASS_URI);
-        
+
         Map<AccessObjectType, Set<String>> entityTypeMap = armMigrator.getEntityMap();
         StringBuilder additions = new StringBuilder();
         armMigrator.collectAdditions(entityTypeMap, additions);

From 699cd280ce01e08c654707787a36f2319724fc9c Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 26 Oct 2023 11:49:34 +0200
Subject: [PATCH 077/148] simple permission migration. Query user accounts
 model via OntModelSelector

---
 .../auth/permissions/SimplePermission.java    |   8 +-
 .../auth/policy/EntityPolicyController.java   |   4 +-
 .../webapp/auth/policy/PolicyLoader.java      |   8 +-
 .../migration/auth/AnnotationMigrator.java    |   9 +-
 .../webapp/migration/auth/ArmMigrator.java    |  78 +++++++-----
 .../webapp/migration/auth/AuthMigrator.java   |  58 +++++----
 .../auth/SimplePermissionMigrator.java        | 115 ++++++++++++++++++
 .../policy/SimplePermissionTemplateTest.java  |   3 +-
 .../migration/auth/ArmMigratorTest.java       |   9 +-
 .../auth/SimplePermissionMigratorTest.java    | 104 ++++++++++++++++
 .../firsttime/template_simple_permissions.n3  |   6 +
 11 files changed, 337 insertions(+), 65 deletions(-)
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigratorTest.java

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
index e11e6cc7c4..ebe992491a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
@@ -65,10 +65,16 @@ public class SimplePermission {
     
     
     public SimpleAuthorizationRequest ACTION;
+    private String uri;
+    
+    public String getUri() {
+        return uri;
+    }
+
     public static final String NS = "java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#";
 
     private SimplePermission(String uri) {
-        uri = SimplePermission.NS + uri;
+        this.uri = SimplePermission.NS + uri;
         AccessObjectImpl ao = new AccessObjectImpl(uri, AccessObjectType.NAMED_OBJECT);
         this.ACTION = new SimpleAuthorizationRequest(ao, AccessOperation.EXECUTE);
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index d6cde6d3f5..edf390d411 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -107,8 +107,8 @@ public static void insertedEntityEvent(Property newObj) {
         log.debug("Nothing to do " + newObj);
     }
 
-    private static boolean isUriInTestDataset(String entityUri, AccessOperation og, AccessObjectType aot, String role) {
-        Set<String> values = PolicyLoader.getInstance().getDataSetValues(og, aot, role);
+    private static boolean isUriInTestDataset(String entityUri, AccessOperation ao, AccessObjectType aot, String role) {
+        Set<String> values = PolicyLoader.getInstance().getDataSetValues(ao, aot, role);
         return values.contains(entityUri);
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 022e07a4cb..b7532448cf 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -797,12 +797,12 @@ private static void debug(String template, Object... objects) {
         }
     }
 
-    public void addEntityToPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation og, String role) {
-        modifyPolicyDataSetValue(entityUri, og, aot, role, true);
+    public void addEntityToPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation ao, String role) {
+        modifyPolicyDataSetValue(entityUri, ao, aot, role, true);
     }
 
-    public void removeEntityFromPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation og, String role) {
-        modifyPolicyDataSetValue(entityUri, og, aot, role, false);
+    public void removeEntityFromPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation ao, String role) {
+        modifyPolicyDataSetValue(entityUri, ao, aot, role, false);
     }
 
     private ChangeSet makeChangeSet() {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
index 000579352e..b62d7e2c0d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
@@ -206,10 +206,13 @@ private static Long[] updatePolicyDatasets(AccessObjectType aot,
     }
 
     private static String getAnnotationQuery(String typeSpecificPatterns) {
-        return "" + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
+        return ""
+                + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
                 + "PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-                + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n" + "SELECT ?base ?uri ?update ?display ?publish\n"
-                + "WHERE {\n" + typeSpecificPatterns
+                + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n"
+                + "SELECT ?base ?uri ?update ?display ?publish\n"
+                + "WHERE {\n"
+                + typeSpecificPatterns
                 + "{OPTIONAL { ?uri vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayAssigned . }\n"
                 + "BIND (COALESCE(?displayAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#public>) AS ?display)\n"
                 + "OPTIONAL { ?uri vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateAssigned . }\n"
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
index 633cda1f51..495e26fd60 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
@@ -16,11 +16,13 @@
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTemplateController;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
-import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFServiceException;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.RDFServiceUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.jena.ontology.OntModel;
 import org.apache.jena.query.ParameterizedSparqlString;
+import org.apache.jena.query.QueryExecution;
+import org.apache.jena.query.QueryExecutionFactory;
 import org.apache.jena.query.QuerySolution;
 import org.apache.jena.query.ResultSet;
 
@@ -46,30 +48,28 @@ public class ArmMigrator {
 
     private RDFService contentRdfService;
     private RDFService configurationRdfService;
+    private OntModel userAccountsModel;
 
     private String VALUE_QUERY = ""
             + "SELECT ?uri \n"
             + "WHERE {\n"
-            + "  GRAPH <" + ModelNames.USER_ACCOUNTS + "> {\n"
             + "  ?permission <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity> ?uri . \n"
-            + "  }\n"
             + "}";
 
     private String PERMISSION_SETS_QUERY = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "SELECT ?uri \n"
             + "WHERE {\n"
-            + "  GRAPH <" + ModelNames.USER_ACCOUNTS + "> {\n"
             + "    ?uri a auth:PermissionSet . \n"
-            + "  }\n"
             + "}";
 
     private static Map<String, String> roleMap;
     private static Map<String, OperationGroup> operationMap;
 
-    public ArmMigrator(RDFService contentRdfService, RDFService configurationRdfService) {
+    public ArmMigrator(RDFService contentRdfService, RDFService configurationRdfService, OntModel userAccountsModel) {
         this.contentRdfService = contentRdfService;
         this.configurationRdfService = configurationRdfService;
+        this.userAccountsModel = userAccountsModel;
         operationMap = new HashMap<>();
         operationMap.put(DISPLAY, OperationGroup.DISPLAY_GROUP);
         operationMap.put(UPDATE, OperationGroup.UPDATE_GROUP);
@@ -263,9 +263,12 @@ private String getQueryText(AccessObjectType type) {
     }
 
     private static String getQuery(String typePatterns) {
-        return "" + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
+        return ""
+                + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
                 + "PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-                + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n" + "SELECT ?base ?uri \n" + "WHERE {\n"
+                + "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n"
+                + "SELECT ?base ?uri \n"
+                + "WHERE {\n"
                 + typePatterns + "} \n";
     }
 
@@ -281,15 +284,21 @@ private Set<String> getArmEntites(String permissionUri) {
         ParameterizedSparqlString pss = new ParameterizedSparqlString(VALUE_QUERY);
         pss.setIri("permission", permissionUri);
         String queryText = pss.toString();
+        userAccountsModel.enterCriticalSection(false);
         try {
-            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, configurationRdfService);
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                String entity = qs.getResource("uri").getURI();
-                entities.add(entity);
+            QueryExecution qexec = QueryExecutionFactory.create(queryText, userAccountsModel);
+            try {
+                ResultSet results = qexec.execSelect();
+                while (results.hasNext()) {
+                    QuerySolution qs = results.next();
+                    String entity = qs.getResource("uri").getURI();
+                    entities.add(entity);
+                }
+            } finally {
+                qexec.close();
             }
-        } catch (Exception e) {
-            log.error(e, e);
+        } finally {
+            userAccountsModel.leaveCriticalSection();
         }
         return entities;
     }
@@ -300,16 +309,21 @@ public boolean isArmConfiguation() {
 
     private boolean containsAdminDisplayPermission() {
         boolean result = false;
-        String query = ""
+        String queryText = ""
                 + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
                 + "ASK WHERE {\n"
-                + "  GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n"
-                + "       <"
-                + getArmPermissionSubject(DISPLAY, ARM_ADMIN) + "> ?p ?o .\n" + "  }\n" + "}";
+                + "    <"
+                + getArmPermissionSubject(DISPLAY, ARM_ADMIN) + "> ?p ?o .\n" + "}";
+        userAccountsModel.enterCriticalSection(false);
         try {
-            result = configurationRdfService.sparqlAskQuery(query);
-        } catch (RDFServiceException e) {
-            log.error(e, e);
+            QueryExecution qexec = QueryExecutionFactory.create(queryText, userAccountsModel);
+            try {
+                result = qexec.execAsk();
+            } finally {
+                qexec.close();
+            }
+        } finally {
+            userAccountsModel.leaveCriticalSection();
         }
         return result;
     }
@@ -317,15 +331,21 @@ private boolean containsAdminDisplayPermission() {
     private Set<String> getPermissionSets() {
         Set<String> permissionSets = new HashSet<>();
         String queryText = PERMISSION_SETS_QUERY;
+        userAccountsModel.enterCriticalSection(false);
         try {
-            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, configurationRdfService);
-            while (rs.hasNext()) {
-                QuerySolution qs = rs.next();
-                String entity = qs.getResource("uri").getURI();
-                permissionSets.add(entity);
+            QueryExecution qexec = QueryExecutionFactory.create(queryText, userAccountsModel);
+            try {
+                ResultSet results = qexec.execSelect();
+                while (results.hasNext()) {
+                    QuerySolution qs = results.next();
+                    String entity = qs.getResource("uri").getURI();
+                    permissionSets.add(entity);
+                }
+            } finally {
+                qexec.close();
             }
-        } catch (Exception e) {
-            log.error(e, e);
+        } finally {
+            userAccountsModel.leaveCriticalSection();
         }
         return permissionSets;
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 4326a9d458..d785bcb2e4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -19,6 +19,7 @@
 import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.jena.ontology.OntModel;
 import org.apache.jena.query.ParameterizedSparqlString;
 import org.apache.jena.query.QuerySolution;
 import org.apache.jena.query.ResultSet;
@@ -34,13 +35,37 @@ public class AuthMigrator implements ServletContextListener {
     protected static final Set<String> ALL_ROLES = new HashSet<String>(
             Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI));
 
+    private static final String SET_VERSION_TEMPLATE = ""
+            + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
+            + "@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .\n"
+            + "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
+            + "rdf:type ao:Configuration ;\n"
+            + "ao:version ?version .";
+
+    private static final String REMOVE_VERSION_TEMPLATE = ""
+            + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
+            + "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
+            + "<https://vivoweb.org/ontology/vitro-application/auth/vocabulary/version> ?version .";
+
+    private static String VERSION_QUERY = ""
+            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "SELECT ?version \n"
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "       ?configuration rdf:type ao:Configuration .\n"
+            + "       ?configuration ao:version ?version .\n"
+            + "  }\n"
+            + "}";
+
     private RDFService contentRdfService;
     private RDFService configurationRdfService;
+    private ContextModelAccess modelAccess;
 
     @Override
     public void contextInitialized(ServletContextEvent sce) {
         long begin = System.currentTimeMillis();
-        ContextModelAccess modelAccess = ModelAccess.getInstance();
+        modelAccess = ModelAccess.getInstance();
         initialize(modelAccess.getRDFService(WhichService.CONTENT),
                 modelAccess.getRDFService(WhichService.CONFIGURATION));
         if (!isMigrationRequired()) {
@@ -71,12 +96,14 @@ protected void convertAuthorizationConfiguration() {
     }
 
     private void migrateSimplePermissions() {
-        // TODO Auto-generated method stub
-
+        OntModel userAccountsModel = modelAccess.getOntModelSelector().getUserAccountsModel();
+        SimplePermissionMigrator spm = new SimplePermissionMigrator(userAccountsModel);
+        spm.migrateConfiguration();
     }
 
     private void migrateArmConfiguration() {
-        ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService);
+        OntModel userAccountsModel = modelAccess.getOntModelSelector().getUserAccountsModel();
+        ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService, userAccountsModel);
         armMigrator.migrateConfiguration();
     }
 
@@ -93,20 +120,16 @@ private boolean isMigrationRequired() {
     }
 
     private boolean isArmConfiguration() {
-        ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService);
+        OntModel userAccountsModel = modelAccess.getOntModelSelector().getUserAccountsModel();
+        ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService, userAccountsModel);
         return armMigrator.isArmConfiguation();
     }
 
     protected long getVersion() {
         long version = 0L;
-        String query = "" + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-                + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-                + "SELECT ?version \n" + "WHERE {\n"
-                + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-                + "       ?configuration rdf:type ao:Configuration .\n"
-                + "       ?configuration ao:version ?version .\n" + "  }\n" + "}";
+
         try {
-            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(query, configurationRdfService);
+            ResultSet rs = RDFServiceUtils.sparqlSelectQuery(VERSION_QUERY, configurationRdfService);
             while (rs.hasNext()) {
                 QuerySolution qs = rs.next();
                 if (!qs.contains("version") || !qs.get("version").isLiteral()) {
@@ -121,20 +144,13 @@ protected long getVersion() {
     }
 
     protected void removeVersion(long version) {
-        String template = "" + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
-                + "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
-                + "<https://vivoweb.org/ontology/vitro-application/auth/vocabulary/version> " + "?version .";
-        ParameterizedSparqlString pss = new ParameterizedSparqlString(template);
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(REMOVE_VERSION_TEMPLATE);
         pss.setLiteral("version", version);
         PolicyLoader.getInstance().updateAccessControlModel(pss.toString(), false);
     }
 
     protected void setVersion(long version) {
-        String template = "" + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
-                + "@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .\n"
-                + "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
-                + "rdf:type ao:Configuration ;\n" + "ao:version ?version .";
-        ParameterizedSparqlString pss = new ParameterizedSparqlString(template);
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(SET_VERSION_TEMPLATE);
         pss.setLiteral("version", version);
         PolicyLoader.getInstance().updateAccessControlModel(pss.toString(), true);
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java
new file mode 100644
index 0000000000..2561406732
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java
@@ -0,0 +1,115 @@
+package edu.cornell.mannlib.vitro.webapp.migration.auth;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jena.ontology.OntModel;
+import org.apache.jena.query.ParameterizedSparqlString;
+import org.apache.jena.query.QueryExecution;
+import org.apache.jena.query.QueryExecutionFactory;
+import org.apache.jena.query.QuerySolution;
+import org.apache.jena.query.ResultSet;
+
+public class SimplePermissionMigrator {
+
+    private static final Log log = LogFactory.getLog(SimplePermissionMigrator.class);
+
+    private OntModel userAccountsModel;
+
+    private String PERMISSION_SETS_QUERY = ""
+            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+            + "SELECT ?uri \n"
+            + "WHERE {\n"
+            + "    ?uri a auth:PermissionSet . \n"
+            + "}";
+
+    private String ROLE_PERMISSIONS_QUERY = ""
+            + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+            + "SELECT ?permission \n"
+            + "WHERE {\n"
+            + "    ?role a auth:PermissionSet . \n"
+            + "    ?role auth:hasPermission ?permission .\n"
+            + "}";
+
+
+    public SimplePermissionMigrator(OntModel userAccountsModel) {
+        this.userAccountsModel = userAccountsModel;
+    }
+
+    public void migrateConfiguration() {
+        Set<String> roles = getPermissionSets();
+        PolicyLoader policyLoader = PolicyLoader.getInstance();
+        for (String role : roles) {
+            // get all simple permissions for role
+            Set<String> policyPermissions =
+                    policyLoader.getDataSetValues(AccessOperation.EXECUTE, AccessObjectType.NAMED_OBJECT, role);
+            // Compare with simple permissions in access control graph
+            Set<String> userAccountsPermissions = getUserAccountsPermissions(role);
+            Set<String> toRevoke = new HashSet<>(policyPermissions);
+            toRevoke.removeAll(userAccountsPermissions);
+            Set<String> toGrant = new HashSet<>(userAccountsPermissions);
+            toGrant.removeAll(policyPermissions);
+            for (String entityUri : toGrant) {
+                policyLoader.addEntityToPolicyDataSet(entityUri, AccessObjectType.NAMED_OBJECT, AccessOperation.EXECUTE,
+                        role);
+                log.info(String.format("Granted simple permission %s to role %s ", entityUri, role ));
+            }
+            for (String entityUri : toRevoke) {
+                policyLoader.removeEntityFromPolicyDataSet(entityUri, AccessObjectType.NAMED_OBJECT,
+                        AccessOperation.EXECUTE, role);
+                log.info(String.format("Revoked simple permission %s from role %s ", entityUri, role ));
+            }
+        }
+    }
+
+    Set<String> getPermissionSets() {
+        Set<String> permissionSets = new HashSet<>();
+        String queryText = PERMISSION_SETS_QUERY;
+        userAccountsModel.enterCriticalSection(false);
+        try {
+            QueryExecution qexec = QueryExecutionFactory.create(queryText, userAccountsModel);
+            try {
+                ResultSet results = qexec.execSelect();
+                while (results.hasNext()) {
+                    QuerySolution qs = results.next();
+                    String entity = qs.getResource("uri").getURI();
+                    permissionSets.add(entity);
+                }
+            } finally {
+                qexec.close();
+            }
+        } finally {
+            userAccountsModel.leaveCriticalSection();
+        }
+        return permissionSets;
+    }
+
+    Set<String> getUserAccountsPermissions(String role) {
+        Set<String> permissions = new HashSet<>();
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(ROLE_PERMISSIONS_QUERY);
+        pss.setIri("role", role);
+        String queryText = pss.toString();
+        userAccountsModel.enterCriticalSection(false);
+        try {
+            QueryExecution qexec = QueryExecutionFactory.create(queryText, userAccountsModel);
+            try {
+                ResultSet results = qexec.execSelect();
+                while (results.hasNext()) {
+                    QuerySolution qs = results.next();
+                    String entity = qs.getResource("permission").getURI();
+                    permissions.add(entity);
+                }
+            } finally {
+                qexec.close();
+            }
+        } finally {
+            userAccountsModel.leaveCriticalSection();
+        }
+        return permissions;
+    }
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
index 80d687b7e5..c042e0098a 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
@@ -6,6 +6,7 @@
 import java.util.Arrays;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
@@ -134,7 +135,7 @@ public void testCustomRole() {
         PolicyTemplateController.createRoleDataSets(CUSTOM);
         // Get data set uri by key: role uri and named object
         String dataSetUri = loader.getDataSetUriByKey(new String[] { CUSTOM },
-                new String[] { AccessObjectType.NAMED_OBJECT.toString() });
+                new String[] { AccessObjectType.NAMED_OBJECT.toString(), AccessOperation.EXECUTE.toString() });
 
         assertTrue(dataSetUri != null);
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index eb813a4464..de586f9412 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -17,7 +17,7 @@
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.jena.rdf.model.Model;
+import org.apache.jena.ontology.OntModel;
 import org.apache.jena.rdf.model.ModelFactory;
 import org.apache.jena.rdf.model.Statement;
 import org.apache.jena.rdf.model.impl.PropertyImpl;
@@ -33,17 +33,18 @@ public class ArmMigratorTest extends AuthMigratorTest {
     private static final String DATA_PROPERTY_URI = "http://vivoweb.org/ontology/core#abbreviation";
     private static final String CLASS_URI = "http://xmlns.com/foaf/0.1/Organization";
     private static final String OBJECT_PROPERTY_URI = "http://purl.obolibrary.org/obo/RO_0000053";
-    private Model userAccountsModel;
+    private OntModel userAccountsModel;
     private ArmMigrator armMigrator;
     private String propertyUri = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity";
     private String dataValue = "https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue";
 
     @Before
     public void initArmMigration() {
-        userAccountsModel = ModelFactory.createDefaultModel();
+        userAccountsModel = ModelFactory.createOntologyModel();
         configurationDataSet.addNamedModel(ModelNames.USER_ACCOUNTS, userAccountsModel);
         addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.PERMISSIONSET, VitroVocabulary.RDF_TYPE);
-        armMigrator = new ArmMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet));
+        armMigrator = new ArmMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet),
+                userAccountsModel);
     }
 
     @Test
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigratorTest.java
new file mode 100644
index 0000000000..87a8535500
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigratorTest.java
@@ -0,0 +1,104 @@
+package edu.cornell.mannlib.vitro.webapp.migration.auth;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Set;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTemplateController;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
+import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import org.apache.jena.ontology.OntModel;
+import org.apache.jena.rdf.model.ModelFactory;
+import org.apache.jena.rdf.model.Statement;
+import org.apache.jena.rdf.model.impl.PropertyImpl;
+import org.apache.jena.rdf.model.impl.ResourceImpl;
+import org.apache.jena.rdf.model.impl.StatementImpl;
+import org.junit.Before;
+import org.junit.Test;
+
+public class SimplePermissionMigratorTest extends AuthMigratorTest {
+
+    private OntModel userAccountsModel;
+    private SimplePermissionMigrator spm;
+    private static final String TEMPLATE_PATH = "template_simple_permissions";
+    public static final String ADMIN_SIMPLE_PERMISSIONS_PATH = "simple_permissions_admin";
+    public static final String CURATOR_SIMPLE_PERMISSIONS_PATH = "simple_permissions_curator";
+    public static final String EDITOR_SIMPLE_PERMISSIONS_PATH = "simple_permissions_editor";
+    public static final String SELF_EDITOR_SIMPLE_PERMISSIONS_PATH = "simple_permissions_self_editor";
+    public static final String PUBLIC_SIMPLE_PERMISSIONS_PATH = "simple_permissions_public";
+
+    @Before
+    public void initMigration() {
+        userAccountsModel = ModelFactory.createOntologyModel();
+        configurationDataSet.addNamedModel(ModelNames.USER_ACCOUNTS, userAccountsModel);
+        spm = new SimplePermissionMigrator(userAccountsModel);
+        load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
+    }
+
+    private void addUserAccountsStatement(String subjUri, String pUri, String objUri) {
+        Statement statement =
+                new StatementImpl(new ResourceImpl(subjUri), new PropertyImpl(pUri), new ResourceImpl(objUri));
+        userAccountsModel.add(statement);
+    }
+
+    @Test
+    public void getPermissionSetsTest() {
+        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
+        addUserAccountsStatement(PolicyTest.ADMIN, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
+        addUserAccountsStatement(PolicyTest.CURATOR, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
+        addUserAccountsStatement(PolicyTest.EDITOR, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
+        addUserAccountsStatement(PolicyTest.SELF_EDITOR, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
+        Set<String> sets = spm.getPermissionSets();
+        assertEquals(5, sets.size());
+        assertTrue(sets.contains(PolicyTest.CUSTOM));
+        assertTrue(sets.contains(PolicyTest.ADMIN));
+        assertTrue(sets.contains(PolicyTest.CURATOR));
+        assertTrue(sets.contains(PolicyTest.EDITOR));
+        assertTrue(sets.contains(PolicyTest.SELF_EDITOR));
+    }
+
+    @Test
+    public void getUserAccountPermissionsTest() {
+        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
+        addUserAccountsStatement(PolicyTest.ADMIN, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
+        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.PERMISSIONSET_HAS_PERMISSION,
+                SimplePermission.ACCESS_SPECIAL_DATA_MODELS.getUri());
+        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.PERMISSIONSET_HAS_PERMISSION,
+                SimplePermission.DO_BACK_END_EDITING.getUri());
+        Set<String> permissions = spm.getUserAccountsPermissions(PolicyTest.CUSTOM);
+        assertEquals(2, permissions.size());
+        assertTrue(permissions.contains(SimplePermission.ACCESS_SPECIAL_DATA_MODELS.getUri()));
+        assertTrue(permissions.contains(SimplePermission.DO_BACK_END_EDITING.getUri()));
+        permissions = spm.getUserAccountsPermissions(PolicyTest.ADMIN);
+        assertEquals(0, permissions.size());
+    }
+
+    @Test
+    public void migrateConfigurationTest() {
+        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
+        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.PERMISSIONSET_HAS_PERMISSION,
+                SimplePermission.ACCESS_SPECIAL_DATA_MODELS.getUri());
+        addUserAccountsStatement(PolicyTest.PUBLIC, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
+        addUserAccountsStatement(PolicyTest.PUBLIC, VitroVocabulary.PERMISSIONSET_HAS_PERMISSION,
+                SimplePermission.ACCESS_SPECIAL_DATA_MODELS.getUri());
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + PUBLIC_SIMPLE_PERMISSIONS_PATH + EXT);
+        PolicyTemplateController.createRoleDataSets(CUSTOM);
+        spm.migrateConfiguration();
+        PolicyLoader policyLoader = PolicyLoader.getInstance();
+        Set<String> entities = policyLoader.getDataSetValues(AccessOperation.EXECUTE, AccessObjectType.NAMED_OBJECT,
+                PolicyTest.CUSTOM);
+        assertEquals(1, entities.size());
+        assertTrue(entities.contains(SimplePermission.ACCESS_SPECIAL_DATA_MODELS.getUri()));
+        entities = policyLoader.getDataSetValues(AccessOperation.EXECUTE, AccessObjectType.NAMED_OBJECT,
+                PolicyTest.PUBLIC);
+        assertEquals(1, entities.size());
+        assertTrue(entities.contains(SimplePermission.ACCESS_SPECIAL_DATA_MODELS.getUri()));
+    }
+
+}
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 227d9edfcf..7c8cdde7cb 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -36,6 +36,7 @@
 
 :RoleDataSetKeyTemplate a ao:DataSetKeyTemplate ;
     ao:keyComponent ai:NamedObject ;
+    ao:keyComponent ai:ExecuteOperation ;
     ao:keyComponentTemplate ai:SubjectRole .
 
 :RoleValueContainerTemplate a ao:ValueContainerTemplate ;
@@ -58,6 +59,7 @@
 
 :PublicDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:NamedObject ;
+    ao:keyComponent ai:ExecuteOperation ;
     ao:keyComponent auth:PUBLIC .
 
 :SelfEditorDataSet a ao:PolicyDataSet ;
@@ -67,6 +69,7 @@
 
 :SelfEditorDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:NamedObject ;
+    ao:keyComponent ai:ExecuteOperation ;
     ao:keyComponent auth:SELF_EDITOR .
 
 :EditorDataSet a ao:PolicyDataSet ;
@@ -76,6 +79,7 @@
 
 :EditorDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:NamedObject ;
+    ao:keyComponent ai:ExecuteOperation ;
     ao:keyComponent auth:EDITOR .
 
 :CuratorDataSet a ao:PolicyDataSet ;
@@ -85,6 +89,7 @@
 
 :CuratorDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:NamedObject ;
+    ao:keyComponent ai:ExecuteOperation ;
     ao:keyComponent auth:CURATOR .
 
 :AdminDataSet a ao:PolicyDataSet ;
@@ -94,6 +99,7 @@
 
 :AdminDataSetKey  a ao:DataSetKey ;
     ao:keyComponent ai:NamedObject ;
+    ao:keyComponent ai:ExecuteOperation ;
     ao:keyComponent auth:ADMIN .
 
 :RuleSet a ao:Rules ;

From 0f6c6a755a48023f4dcaacfa0e548752e589c07b Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 26 Oct 2023 12:23:51 +0200
Subject: [PATCH 078/148] Revert everytime/permission_config.n3 removal

---
 .../rdf/auth/everytime/permission_config.n3   | 175 ++++++++++++++++++
 1 file changed, 175 insertions(+)
 create mode 100644 home/src/main/resources/rdf/auth/everytime/permission_config.n3

diff --git a/home/src/main/resources/rdf/auth/everytime/permission_config.n3 b/home/src/main/resources/rdf/auth/everytime/permission_config.n3
new file mode 100644
index 0000000000..f94e3516fb
--- /dev/null
+++ b/home/src/main/resources/rdf/auth/everytime/permission_config.n3
@@ -0,0 +1,175 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+@prefix displayByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.DisplayByRolePermission#> .
+@prefix editByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.EditByRolePermission#> .
+@prefix publishByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.PublishByRolePermission#> .
+
+auth:ADMIN
+    a auth:PermissionSet ;
+    rdfs:label "Site Admin" ;
+
+    # ADMIN-only permissions
+    auth:hasPermission simplePermission:AccessSpecialDataModels ;
+   	auth:hasPermission simplePermission:EnableDeveloperPanel ;
+    auth:hasPermission simplePermission:LoginDuringMaintenance ;
+    auth:hasPermission simplePermission:ManageMenus ;
+    auth:hasPermission simplePermission:ManageProxies ;
+    auth:hasPermission simplePermission:ManageSearchIndex ;
+    auth:hasPermission simplePermission:ManageUserAccounts ;
+    auth:hasPermission simplePermission:RefreshVisualizationCache ;
+    auth:hasPermission simplePermission:SeeConfiguration ;
+    auth:hasPermission simplePermission:SeeStartupStatus ;
+    auth:hasPermission simplePermission:UseAdvancedDataToolsPages ;
+    auth:hasPermission simplePermission:UseMiscellaneousAdminPages ;
+    auth:hasPermission simplePermission:UseSparqlQueryPage ;
+    auth:hasPermission simplePermission:PageViewableAdmin ;
+
+    # Uncomment the following permission line to enable the SPARQL update API.
+    # Before enabling, be sure that the URL api/sparqlUpdate is secured by HTTPS,
+    # so passwords will not be sent in clear text.
+    #auth:hasPermission simplePermission:UseSparqlUpdateApi ;
+
+    # permissions for CURATOR and above.
+    auth:hasPermission simplePermission:EditOntology ;
+    auth:hasPermission simplePermission:EditSiteInformation ;
+    auth:hasPermission simplePermission:SeeVerbosePropertyInformation ;
+    auth:hasPermission simplePermission:UseMiscellaneousCuratorPages ;
+	auth:hasPermission simplePermission:PageViewableCurator ;
+
+    # permissions for EDITOR and above.
+    auth:hasPermission simplePermission:DoBackEndEditing ;
+    auth:hasPermission simplePermission:SeeIndividualEditingPanel ;
+    auth:hasPermission simplePermission:SeeRevisionInfo ;
+    auth:hasPermission simplePermission:SeeSiteAdminPage ;
+    auth:hasPermission simplePermission:UseIndividualControlPanel ;
+    auth:hasPermission simplePermission:PageViewableEditor ;
+
+    # permissions for ANY logged-in user.
+    auth:hasPermission simplePermission:DoFrontEndEditing ;
+    auth:hasPermission simplePermission:EditOwnAccount ;
+    auth:hasPermission simplePermission:ManageOwnProxies ;
+    auth:hasPermission simplePermission:QueryUserAccountsModel ;
+    auth:hasPermission simplePermission:UseBasicAjaxControllers ;
+    auth:hasPermission simplePermission:UseMiscellaneousPages ;
+  	auth:hasPermission simplePermission:PageViewableLoggedIn ;
+
+    # permissions for ANY user, even if they are not logged in.
+    auth:hasPermission simplePermission:QueryFullModel ;
+	auth:hasPermission simplePermission:PageViewablePublic ;
+
+    # role-based permissions for ADMIN
+    auth:hasPermission displayByRole:Admin ;
+    auth:hasPermission editByRole:Admin ;
+    auth:hasPermission publishByRole:Admin ;
+    .
+
+auth:CURATOR
+    a auth:PermissionSet ;
+    rdfs:label "Curator" ;
+
+    # permissions for CURATOR and above.
+    auth:hasPermission simplePermission:EditOntology ;
+    auth:hasPermission simplePermission:EditSiteInformation ;
+    auth:hasPermission simplePermission:SeeVerbosePropertyInformation ;
+    auth:hasPermission simplePermission:UseMiscellaneousCuratorPages ;
+    auth:hasPermission simplePermission:PageViewableCurator ;
+
+    # permissions for EDITOR and above.
+    auth:hasPermission simplePermission:DoBackEndEditing ;
+    auth:hasPermission simplePermission:SeeIndividualEditingPanel ;
+    auth:hasPermission simplePermission:SeeRevisionInfo ;
+    auth:hasPermission simplePermission:SeeSiteAdminPage ;
+    auth:hasPermission simplePermission:UseIndividualControlPanel ;
+    auth:hasPermission simplePermission:PageViewableEditor ;
+
+    # permissions for ANY logged-in user.
+    auth:hasPermission simplePermission:DoFrontEndEditing ;
+    auth:hasPermission simplePermission:EditOwnAccount ;
+    auth:hasPermission simplePermission:ManageOwnProxies ;
+    auth:hasPermission simplePermission:QueryUserAccountsModel ;
+    auth:hasPermission simplePermission:UseBasicAjaxControllers ;
+    auth:hasPermission simplePermission:UseMiscellaneousPages ;
+   	auth:hasPermission simplePermission:PageViewableLoggedIn ;
+
+    # permissions for ANY user, even if they are not logged in.
+    auth:hasPermission simplePermission:QueryFullModel ;
+    auth:hasPermission simplePermission:PageViewablePublic ;
+
+    # role-based permissions for CURATOR
+    auth:hasPermission displayByRole:Curator ;
+    auth:hasPermission editByRole:Curator ;
+    auth:hasPermission publishByRole:Curator ;
+    .
+
+auth:EDITOR
+    a auth:PermissionSet ;
+    rdfs:label "Editor" ;
+
+    # permissions for EDITOR and above.
+    auth:hasPermission simplePermission:DoBackEndEditing ;
+    auth:hasPermission simplePermission:SeeIndividualEditingPanel ;
+    auth:hasPermission simplePermission:SeeRevisionInfo ;
+    auth:hasPermission simplePermission:SeeSiteAdminPage ;
+    auth:hasPermission simplePermission:UseIndividualControlPanel ;
+    auth:hasPermission simplePermission:PageViewableEditor ;
+
+    # permissions for ANY logged-in user.
+    auth:hasPermission simplePermission:DoFrontEndEditing ;
+    auth:hasPermission simplePermission:EditOwnAccount ;
+    auth:hasPermission simplePermission:ManageOwnProxies ;
+    auth:hasPermission simplePermission:QueryUserAccountsModel ;
+    auth:hasPermission simplePermission:UseBasicAjaxControllers ;
+    auth:hasPermission simplePermission:UseMiscellaneousPages ;
+    auth:hasPermission simplePermission:PageViewableLoggedIn ;
+
+    # permissions for ANY user, even if they are not logged in.
+    auth:hasPermission simplePermission:QueryFullModel ;
+   	auth:hasPermission simplePermission:PageViewablePublic ;
+
+    # role-based permissions for EDITOR
+    auth:hasPermission displayByRole:Editor ;
+    auth:hasPermission editByRole:Editor ;
+    auth:hasPermission publishByRole:Editor ;
+    .
+
+auth:SELF_EDITOR
+    a auth:PermissionSet ;
+    a auth:PermissionSetForNewUsers ;
+    rdfs:label "Self Editor" ;
+
+    # permissions for ANY logged-in user.
+    auth:hasPermission simplePermission:DoFrontEndEditing ;
+    auth:hasPermission simplePermission:EditOwnAccount ;
+    auth:hasPermission simplePermission:ManageOwnProxies ;
+    auth:hasPermission simplePermission:QueryUserAccountsModel ;
+    auth:hasPermission simplePermission:UseBasicAjaxControllers ;
+    auth:hasPermission simplePermission:UseMiscellaneousPages ;
+    auth:hasPermission simplePermission:PageViewableLoggedIn ;
+
+    # permissions for ANY user, even if they are not logged in.
+    auth:hasPermission simplePermission:QueryFullModel ;
+	auth:hasPermission simplePermission:PageViewablePublic ;
+
+    # role-based permissions for SELF_EDITOR
+    #     For role-based display and editing, SelfEditor is like Public.
+    #     SelfEditor uses its special permissions to edit/display its own values.
+    auth:hasPermission displayByRole:Public ;
+    auth:hasPermission publishByRole:Public ;
+    .
+
+auth:PUBLIC
+    a auth:PermissionSet ;
+    a auth:PermissionSetForPublic ;
+    rdfs:label "Public" ;
+
+    # permissions for ANY user, even if they are not logged in.
+    auth:hasPermission simplePermission:QueryFullModel ;
+	auth:hasPermission simplePermission:PageViewablePublic ;
+
+    # role-based permissions for PUBLIC
+    auth:hasPermission displayByRole:Public ;
+    auth:hasPermission publishByRole:Public ;
+    .

From 812214b876fac78e19f4d2fbfdcaae874e72891e Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 26 Oct 2023 14:07:54 +0200
Subject: [PATCH 079/148] improved logging, fixed policy loading

---
 .../webapp/auth/policy/DynamicPolicy.java     | 32 +++++++---
 .../webapp/auth/policy/PolicyLoader.java      | 61 ++++++++-----------
 .../webapp/auth/rules/AccessRuleFactory.java  |  4 --
 .../vitro/webapp/dao/VitroVocabulary.java     |  5 ++
 4 files changed, 56 insertions(+), 46 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
index 24dd045f7c..f587fbdec6 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
@@ -2,6 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
+import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
@@ -12,6 +13,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
+import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -36,8 +38,8 @@ public Set<AccessRule> getRules() {
         return rules;
     }
 
-    public void addRules(Set<AccessRule> addition) {
-        rules.addAll(addition);
+    public void addRules(Collection<AccessRule> collection) {
+        rules.addAll(collection);
     }
 
     public DynamicPolicy(String uri, long priority) {
@@ -52,19 +54,26 @@ public PolicyDecision decide(AuthorizationRequest ar) {
             return defaultDecision("whatToAuth was null");
         }
         for (AccessRule rule : getFilteredRules(ar)) {
+            String policyUri = getUri(uri);
+            String ruleUri = getUri(rule.getRuleUri());
             if (rule.match(ar)) {
                 if (rule.isAllowMatched()) {
-                    log.debug("Access rule " + rule.getRuleUri() + " approves request " + whatToAuth);
-                    String message = "Dynamic policy '" + uri + "' rule '" + rule.getRuleUri() + "' approved " + ar;
+                    if (log.isDebugEnabled()) {
+                        log.debug("Policy '" + policyUri + "' rule '" + ruleUri + "' approved request " + whatToAuth);
+                    }
+                    String message = "Policy '" + policyUri + "' rule '" + ruleUri + "' approved " + ar;
                     return new BasicPolicyDecision(DecisionResult.AUTHORIZED, message);
                 } else {
-                    log.debug("Access rule " + rule.getRuleUri() + " rejects request " + whatToAuth);
-                    String message = "Dynamic policy '" + uri + "' rule '" + rule.getRuleUri() + "' rejected " + ar;
+                    if (log.isDebugEnabled()) {
+                        log.debug("Policy '" + policyUri + "' rule " + ruleUri + " rejected request " + whatToAuth);
+                    }
+                    String message = "Policy '" + policyUri + "' rule '" + ruleUri + "' rejected request" + ar;
                     return new BasicPolicyDecision(DecisionResult.UNAUTHORIZED, message);
                 }
             } else {
-                log.trace("Dynamic policy '" + uri + "' rule '" + rule.getRuleUri() + "' doesn't match the request "
-                        + ar);
+                if (log.isDebugEnabled()) {
+                    log.debug("Policy '" + policyUri + "' rule '" + ruleUri + "' didn't match request " + ar);
+                }
             }
         }
 
@@ -78,4 +87,11 @@ public Set<AccessRule> getFilteredRules(AuthorizationRequest ar) {
     private PolicyDecision defaultDecision(String message) {
         return new BasicPolicyDecision(DecisionResult.INCONCLUSIVE, message);
     }
+
+    private static String getUri(String uri) {
+        if (uri.startsWith(VitroVocabulary.AUTH_INDIVIDUAL_PREFIX)) {
+            return "ai:" + uri.substring(VitroVocabulary.AUTH_INDIVIDUAL_PREFIX.length());
+        }
+        return uri;
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index b7532448cf..de014e3d00 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -382,7 +382,7 @@ public Set<DynamicPolicy> loadPolicies(String uri) {
         Set<DynamicPolicy> policies = new HashSet<>();
         List<String> dataSetNames = getDataSetNames(uri);
         if (dataSetNames.isEmpty()) {
-            Set<AccessRule> rules = new HashSet<>();
+            Map<String, AccessRule> rules = new HashMap<>();
             try {
                 loadRulesWithoutDataSet(uri, rules);
             } catch (Exception e) {
@@ -392,7 +392,7 @@ public Set<DynamicPolicy> loadPolicies(String uri) {
             if (!rules.isEmpty()) {
                 long priority = getPriority(uri);
                 DynamicPolicy policy = new DynamicPolicy(uri, priority);
-                policy.addRules(rules);
+                policy.addRules(rules.values());
                 policies.add(policy);
             }
         } else {
@@ -408,7 +408,7 @@ public Set<DynamicPolicy> loadPolicies(String uri) {
     }
 
     public DynamicPolicy loadPolicyFromTemplateDataSet(String dataSetUri) {
-        Set<AccessRule> rules = new HashSet<>();
+        Map<String, AccessRule> rules = new HashMap<>();
         long priority = getPriorityFromDataSet(dataSetUri);
         try {
             loadRulesForDataSet(rules, dataSetUri);
@@ -421,7 +421,7 @@ public DynamicPolicy loadPolicyFromTemplateDataSet(String dataSetUri) {
             return null;
         }
         DynamicPolicy policy = new DynamicPolicy(dataSetUri, priority);
-        policy.addRules(rules);
+        policy.addRules(rules.values());
         return policy;
     }
 
@@ -617,11 +617,10 @@ protected void processQuerySolution(QuerySolution qs) {
         return priority[0];
     }
 
-    private void loadRulesWithoutDataSet(String policyUri, Set<AccessRule> rules) throws Exception {
+    private void loadRulesWithoutDataSet(String policyUri, Map<String, AccessRule> rules) throws Exception {
         ParameterizedSparqlString pss = new ParameterizedSparqlString(NO_DATASET_RULES_QUERY);
         pss.setIri(POLICY, policyUri);
         debug(pss.toString());
-        AccessRule rule[] = new AccessRule[1];
         Exception ex[] = new Exception[1];
         try {
             rdfService.sparqlSelectQuery(pss.toString(), new ResultSetConsumer() {
@@ -631,13 +630,12 @@ protected void processQuerySolution(QuerySolution qs) {
                         if (isInvalidPolicySolution(qs)) {
                             throw new Exception();
                         }
-                        if (isRuleContinues(rule[0], qs)) {
-                            populateRule(rule[0], qs);
+                        if (isRuleContinues(rules, qs)) {
+                            String ruleUri = qs.getResource("rule").getURI();
+                            populateRule(rules.get(ruleUri), qs);
                         } else {
-                            if (rule[0] != null) {
-                                rules.add(rule[0]);
-                            }
-                            rule[0] = AccessRuleFactory.createRule(qs);
+                            AccessRule rule = AccessRuleFactory.createRule(qs);
+                            rules.put(rule.getRuleUri(), rule);
                         }
                     } catch (Exception e) {
                         ex[0] = e;
@@ -648,21 +646,20 @@ protected void processQuerySolution(QuerySolution qs) {
             log.error(e, e);
         }
         if (ex[0] != null) {
+            rules.clear();
             throw ex[0];
         }
-        if (rule[0] != null) {
-            rules.add(rule[0]);
-            debug("\nLoaded %s rules for %s policy", rules.size(), policyUri);
+        if (!rules.isEmpty()) {
+            debug("Loaded %s rules for %s policy\n", rules.size(), policyUri);
         } else {
-            debug("\nNo rules loaded from the user accounts model for %s policy.", policyUri);
+            debug("No rules loaded from the user accounts model for %s policy.\n", policyUri);
         }
     }
 
-    private void loadRulesForDataSet(Set<AccessRule> rules, String dataSetUri) throws Exception {
+    private void loadRulesForDataSet(Map<String, AccessRule> rules, String dataSetUri) throws Exception {
         ParameterizedSparqlString pss = new ParameterizedSparqlString(DATASET_RULES_QUERY);
         pss.setIri("dataSet", dataSetUri);
         debug(pss.toString());
-        AccessRule rule[] = new AccessRule[1];
         Exception ex[] = new Exception[1];
         try {
             rdfService.sparqlSelectQuery(pss.toString(), new ResultSetConsumer() {
@@ -672,13 +669,12 @@ protected void processQuerySolution(QuerySolution qs) {
                         if (isInvalidPolicySolution(qs)) {
                             throw new Exception();
                         }
-                        if (isRuleContinues(rule[0], qs)) {
-                            populateRule(rule[0], qs);
+                        if (isRuleContinues(rules, qs)) {
+                            String ruleUri = qs.getResource("rule").getURI();
+                            populateRule(rules.get(ruleUri), qs);
                         } else {
-                            if (rule[0] != null) {
-                                rules.add(rule[0]);
-                            }
-                            rule[0] = AccessRuleFactory.createRule(qs);
+                            AccessRule rule = AccessRuleFactory.createRule(qs);
+                            rules.put(rule.getRuleUri(), rule);
                         }
                     } catch (Exception e) {
                         ex[0] = e;
@@ -689,13 +685,13 @@ protected void processQuerySolution(QuerySolution qs) {
             log.error(e, e);
         }
         if (ex[0] != null) {
+            rules.clear();
             throw ex[0];
         }
-        if (rule[0] != null) {
-            rules.add(rule[0]);
-            debug("\nLoaded %s rules for %s dataset", rules.size(), dataSetUri);
+        if (!rules.isEmpty()) {
+            debug("Loaded %s rules for %s dataset\n", rules.size(), dataSetUri);
         } else {
-            debug("\nNo rules loaded from access control model for %s dataset.", dataSetUri);
+            debug("No rules loaded from access control model for %s dataset.\n", dataSetUri);
         }
     }
 
@@ -728,15 +724,12 @@ private void debugSelectQueryResults(ResultSet rs) {
         debug(json);
     }
 
-    private static boolean isRuleContinues(AccessRule rule, QuerySolution qs) {
-        if (rule == null) {
+    private static boolean isRuleContinues(Map<String, AccessRule> rules, QuerySolution qs) {
+        if (rules == null) {
             return false;
         }
         String ruleUri = qs.getResource("rule").getURI();
-        if (qs.contains("dataSetUri")) {
-            ruleUri += "." + qs.getResource("dataSetUri").getURI();
-        }
-        return rule.getRuleUri().equals(ruleUri);
+        return rules.containsKey(ruleUri);
     }
 
     private static void populateRule(AccessRule ar, QuerySolution qs) throws Exception {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
index 8e0a527f91..417e2c9a52 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
@@ -15,10 +15,6 @@ public class AccessRuleFactory {
     public static AccessRule createRule(QuerySolution qs) {
         AccessRule ar = new AccessRuleImpl();
         String ruleUri = qs.getResource(PolicyLoader.RULE).getURI();
-        if (qs.contains("dataSetUri")) {
-            ruleUri += "." + qs.getResource("dataSetUri").getURI();
-        }
-
         ar.setRuleUri(ruleUri);
         ar.addCheck(CheckFactory.createCheck(qs));
         if (qs.contains("decision_id") && qs.get("decision_id").isLiteral()) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/VitroVocabulary.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/VitroVocabulary.java
index 8ed597ed29..c762acfa83 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/VitroVocabulary.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/dao/VitroVocabulary.java
@@ -124,6 +124,11 @@ public class VitroVocabulary {
     // reusing displayRank property above
     public static final String PORTAL_URLPREFIX = vitroURI + "urlPrefix";
 
+    // =============== Vitro Access control vocabulary =================================
+    
+    public static final String AUTH_INDIVIDUAL_PREFIX = "https://vivoweb.org/ontology/vitro-application/auth/individual/";
+    public static final String AUTH_VOCABULARY_PREFIX = "https://vivoweb.org/ontology/vitro-application/auth/vocabulary/";
+    
     // =============== Vitro User vocabulary =================================
 
     // TODO JB This should go away when the new method of associating UserAccounts with Individuals is in place.

From 597f665ed8742df39bef7a38c6b8d1aa658b9210 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 26 Oct 2023 14:53:32 +0200
Subject: [PATCH 080/148] Overriden toString implementation in
 AuthorizationRequest for log purposes

---
 .../auth/requestedAction/AuthorizationRequest.java | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
index 492c0e8252..f6b31e4373 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
@@ -75,4 +75,18 @@ public static AuthorizationRequest or(AuthorizationRequest fist, AuthorizationRe
     public AuthorizationRequest and(AuthorizationRequest second) {
         return new AndAuthorizationRequest(this, second);
     }
+    
+    @Override
+    public String toString() {
+        String result = "";
+        if (!getRoleUris().isEmpty()) {
+            result += String.format("User with roles '%s' ", getRoleUris().toString());
+        }
+        if (!getEditorUris().isEmpty()) {
+            result += String.format(" profile uris '%s' ", getEditorUris().toString());
+        }
+        result += String.format(" requested '%s' ", getAccessOperation());
+        result += String.format(" on '%s' ", getAccessObject());
+        return result;
+    }
 }
\ No newline at end of file

From 348ac43e9264eb6548e129a52db251a7eb2e25e0 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 27 Oct 2023 10:57:52 +0200
Subject: [PATCH 081/148] Simple permission conversion and check fixes.

---
 .../auth/permissions/SimplePermission.java    |  2 +-
 .../webapp/auth/rules/AccessRuleImpl.java     |  2 +-
 .../auth/SimplePermissionMigrator.java        | 55 ++++++++++++---
 .../auth/SimplePermissionMigratorTest.java    | 70 +++++++++++--------
 .../rdf/auth/firsttime/permission_config.n3   | 33 ---------
 5 files changed, 90 insertions(+), 72 deletions(-)
 delete mode 100644 home/src/main/resources/rdf/auth/firsttime/permission_config.n3

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
index ebe992491a..530d27983b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
@@ -75,7 +75,7 @@ public String getUri() {
 
     private SimplePermission(String uri) {
         this.uri = SimplePermission.NS + uri;
-        AccessObjectImpl ao = new AccessObjectImpl(uri, AccessObjectType.NAMED_OBJECT);
+        AccessObjectImpl ao = new AccessObjectImpl(this.uri, AccessObjectType.NAMED_OBJECT);
         this.ACTION = new SimpleAuthorizationRequest(ao, AccessOperation.EXECUTE);
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
index 06d28805b6..f9cb684cbf 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
@@ -52,7 +52,7 @@ public boolean match(AuthorizationRequest ar) {
         for (Check check : checks) {
             if (!check.check(ar)) {
                 if (log.isDebugEnabled()) {
-                    log.debug(String.format("Check %s didn't match", check.getUri()));
+                    log.debug(String.format("Check %s didn't match request %s", check.getUri(), ar));
                 }
                 return false;
             }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java
index 2561406732..b53b5d899e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java
@@ -1,6 +1,16 @@
 package edu.cornell.mannlib.vitro.webapp.migration.auth;
 
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.ALL_ROLES;
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.ROLE_ADMIN_URI;
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.ROLE_CURATOR_URI;
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.ROLE_EDITOR_URI;
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.ROLE_PUBLIC_URI;
+import static edu.cornell.mannlib.vitro.webapp.migration.auth.AuthMigrator.ROLE_SELF_EDITOR_URI;
+
+import java.util.Arrays;
+import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Set;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
@@ -25,31 +35,50 @@ public class SimplePermissionMigrator {
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "SELECT ?uri \n"
             + "WHERE {\n"
-            + "    ?uri a auth:PermissionSet . \n"
+            + "  ?uri a auth:PermissionSet . \n"
             + "}";
 
     private String ROLE_PERMISSIONS_QUERY = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "SELECT ?permission \n"
             + "WHERE {\n"
-            + "    ?role a auth:PermissionSet . \n"
-            + "    ?role auth:hasPermission ?permission .\n"
+            + "  ?role a auth:PermissionSet . \n"
+            + "  ?role auth:hasPermission ?permission .\n"
+            + "  FILTER (strstarts(str(?permission), "
+            + "'java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#'))"
             + "}";
 
+    private Map<String, Set<String>> roleMap;
 
     public SimplePermissionMigrator(OntModel userAccountsModel) {
         this.userAccountsModel = userAccountsModel;
+        roleMap = new HashMap<>();
+        roleMap.put(ROLE_ADMIN_URI, ALL_ROLES);
+        roleMap.put(ROLE_CURATOR_URI, new HashSet<String>(
+                Arrays.asList(ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI)));
+        roleMap.put(ROLE_EDITOR_URI,
+                new HashSet<String>(Arrays.asList(ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI)));
+        roleMap.put(ROLE_SELF_EDITOR_URI, new HashSet<String>(Arrays.asList(ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI)));
+        roleMap.put(ROLE_PUBLIC_URI, new HashSet<String>(Arrays.asList(ROLE_PUBLIC_URI)));
     }
 
     public void migrateConfiguration() {
         Set<String> roles = getPermissionSets();
+        if (!roles.containsAll(AuthMigrator.ALL_ROLES)) {
+            log.error("Roles not found. Simple permission migration failed.");
+            return;
+        }
+        migrateRoles(roles);
+    }
+
+    private void migrateRoles(Set<String> roles) {
         PolicyLoader policyLoader = PolicyLoader.getInstance();
         for (String role : roles) {
             // get all simple permissions for role
             Set<String> policyPermissions =
                     policyLoader.getDataSetValues(AccessOperation.EXECUTE, AccessObjectType.NAMED_OBJECT, role);
             // Compare with simple permissions in access control graph
-            Set<String> userAccountsPermissions = getUserAccountsPermissions(role);
+            Set<String> userAccountsPermissions = getUserAccountPermissions(role);
             Set<String> toRevoke = new HashSet<>(policyPermissions);
             toRevoke.removeAll(userAccountsPermissions);
             Set<String> toGrant = new HashSet<>(userAccountsPermissions);
@@ -57,12 +86,12 @@ public void migrateConfiguration() {
             for (String entityUri : toGrant) {
                 policyLoader.addEntityToPolicyDataSet(entityUri, AccessObjectType.NAMED_OBJECT, AccessOperation.EXECUTE,
                         role);
-                log.info(String.format("Granted simple permission %s to role %s ", entityUri, role ));
+                log.info(String.format("Granted simple permission %s to role %s ", entityUri, role));
             }
             for (String entityUri : toRevoke) {
                 policyLoader.removeEntityFromPolicyDataSet(entityUri, AccessObjectType.NAMED_OBJECT,
                         AccessOperation.EXECUTE, role);
-                log.info(String.format("Revoked simple permission %s from role %s ", entityUri, role ));
+                log.info(String.format("Revoked simple permission %s from role %s ", entityUri, role));
             }
         }
     }
@@ -89,8 +118,19 @@ Set<String> getPermissionSets() {
         return permissionSets;
     }
 
-    Set<String> getUserAccountsPermissions(String role) {
+    Set<String> getUserAccountPermissions(String role) {
         Set<String> permissions = new HashSet<>();
+        if (AuthMigrator.ALL_ROLES.contains(role)) {
+            for (String standardRole : roleMap.get(role)) {
+                populateUserAccountPermissions(standardRole, permissions);
+            }
+        } else {
+            populateUserAccountPermissions(role, permissions);
+        }
+        return permissions;
+    }
+
+    private void populateUserAccountPermissions(String role, Set<String> permissions) {
         ParameterizedSparqlString pss = new ParameterizedSparqlString(ROLE_PERMISSIONS_QUERY);
         pss.setIri("role", role);
         String queryText = pss.toString();
@@ -110,6 +150,5 @@ Set<String> getUserAccountsPermissions(String role) {
         } finally {
             userAccountsModel.leaveCriticalSection();
         }
-        return permissions;
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigratorTest.java
index 87a8535500..a8bb9443fd 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigratorTest.java
@@ -1,17 +1,20 @@
 package edu.cornell.mannlib.vitro.webapp.migration.auth;
 
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.NAMED_OBJECT;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.EXECUTE;
+import static edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission.ACCESS_SPECIAL_DATA_MODELS;
+import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.PERMISSIONSET;
+import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.PERMISSIONSET_HAS_PERMISSION;
+import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.RDF_TYPE;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
 import java.util.Set;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTemplateController;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import org.apache.jena.ontology.OntModel;
 import org.apache.jena.rdf.model.ModelFactory;
@@ -22,6 +25,7 @@
 import org.junit.Before;
 import org.junit.Test;
 
+
 public class SimplePermissionMigratorTest extends AuthMigratorTest {
 
     private OntModel userAccountsModel;
@@ -49,56 +53,64 @@ private void addUserAccountsStatement(String subjUri, String pUri, String objUri
 
     @Test
     public void getPermissionSetsTest() {
-        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
-        addUserAccountsStatement(PolicyTest.ADMIN, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
-        addUserAccountsStatement(PolicyTest.CURATOR, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
-        addUserAccountsStatement(PolicyTest.EDITOR, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
-        addUserAccountsStatement(PolicyTest.SELF_EDITOR, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
+        addPermissionSet(PolicyTest.CUSTOM);
+        addPermissionSet(PolicyTest.ADMIN);
+        addPermissionSet(PolicyTest.CURATOR);
+        addPermissionSet(PolicyTest.EDITOR);
+        addPermissionSet(PolicyTest.SELF_EDITOR);
+        addPermissionSet(PolicyTest.PUBLIC);
         Set<String> sets = spm.getPermissionSets();
-        assertEquals(5, sets.size());
+        assertEquals(6, sets.size());
         assertTrue(sets.contains(PolicyTest.CUSTOM));
         assertTrue(sets.contains(PolicyTest.ADMIN));
         assertTrue(sets.contains(PolicyTest.CURATOR));
         assertTrue(sets.contains(PolicyTest.EDITOR));
         assertTrue(sets.contains(PolicyTest.SELF_EDITOR));
+        assertTrue(sets.contains(PolicyTest.PUBLIC));
     }
 
     @Test
     public void getUserAccountPermissionsTest() {
-        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
-        addUserAccountsStatement(PolicyTest.ADMIN, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
-        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.PERMISSIONSET_HAS_PERMISSION,
-                SimplePermission.ACCESS_SPECIAL_DATA_MODELS.getUri());
-        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.PERMISSIONSET_HAS_PERMISSION,
+        addUserAccountsStatement(PolicyTest.CUSTOM, RDF_TYPE, PERMISSIONSET);
+        addPermissionSet(PolicyTest.ADMIN);
+        addUserAccountsStatement(PolicyTest.CUSTOM, PERMISSIONSET_HAS_PERMISSION, ACCESS_SPECIAL_DATA_MODELS.getUri());
+        addUserAccountsStatement(PolicyTest.CUSTOM, PERMISSIONSET_HAS_PERMISSION,
                 SimplePermission.DO_BACK_END_EDITING.getUri());
-        Set<String> permissions = spm.getUserAccountsPermissions(PolicyTest.CUSTOM);
+        Set<String> permissions = spm.getUserAccountPermissions(PolicyTest.CUSTOM);
         assertEquals(2, permissions.size());
-        assertTrue(permissions.contains(SimplePermission.ACCESS_SPECIAL_DATA_MODELS.getUri()));
+        assertTrue(permissions.contains(ACCESS_SPECIAL_DATA_MODELS.getUri()));
         assertTrue(permissions.contains(SimplePermission.DO_BACK_END_EDITING.getUri()));
-        permissions = spm.getUserAccountsPermissions(PolicyTest.ADMIN);
+        permissions = spm.getUserAccountPermissions(PolicyTest.ADMIN);
         assertEquals(0, permissions.size());
     }
 
     @Test
     public void migrateConfigurationTest() {
-        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
-        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.PERMISSIONSET_HAS_PERMISSION,
-                SimplePermission.ACCESS_SPECIAL_DATA_MODELS.getUri());
-        addUserAccountsStatement(PolicyTest.PUBLIC, VitroVocabulary.RDF_TYPE, VitroVocabulary.PERMISSIONSET);
-        addUserAccountsStatement(PolicyTest.PUBLIC, VitroVocabulary.PERMISSIONSET_HAS_PERMISSION,
-                SimplePermission.ACCESS_SPECIAL_DATA_MODELS.getUri());
+        addPermissionSet(PolicyTest.ADMIN);
+        addPermissionSet(PolicyTest.CURATOR);
+        addPermissionSet(PolicyTest.EDITOR);
+        addPermissionSet(PolicyTest.SELF_EDITOR);
+        addPermissionSet(PolicyTest.PUBLIC);
+        addPermissionSet(PolicyTest.CUSTOM);
+        addUserAccountsStatement(PolicyTest.CUSTOM, PERMISSIONSET_HAS_PERMISSION, ACCESS_SPECIAL_DATA_MODELS.getUri());
+        addUserAccountsStatement(PolicyTest.PUBLIC, PERMISSIONSET_HAS_PERMISSION, ACCESS_SPECIAL_DATA_MODELS.getUri());
         load(USER_ACCOUNTS_HOME_FIRSTTIME + PUBLIC_SIMPLE_PERMISSIONS_PATH + EXT);
         PolicyTemplateController.createRoleDataSets(CUSTOM);
         spm.migrateConfiguration();
         PolicyLoader policyLoader = PolicyLoader.getInstance();
-        Set<String> entities = policyLoader.getDataSetValues(AccessOperation.EXECUTE, AccessObjectType.NAMED_OBJECT,
-                PolicyTest.CUSTOM);
+        Set<String> entities = policyLoader.getDataSetValues(EXECUTE, NAMED_OBJECT, PolicyTest.CUSTOM);
+        assertEquals(1, entities.size());
+        assertTrue(entities.contains(ACCESS_SPECIAL_DATA_MODELS.getUri()));
+        entities = policyLoader.getDataSetValues(EXECUTE, NAMED_OBJECT, PolicyTest.PUBLIC);
         assertEquals(1, entities.size());
-        assertTrue(entities.contains(SimplePermission.ACCESS_SPECIAL_DATA_MODELS.getUri()));
-        entities = policyLoader.getDataSetValues(AccessOperation.EXECUTE, AccessObjectType.NAMED_OBJECT,
-                PolicyTest.PUBLIC);
+        assertTrue(entities.contains(ACCESS_SPECIAL_DATA_MODELS.getUri()));
+        entities = policyLoader.getDataSetValues(EXECUTE, NAMED_OBJECT, PolicyTest.ADMIN);
         assertEquals(1, entities.size());
-        assertTrue(entities.contains(SimplePermission.ACCESS_SPECIAL_DATA_MODELS.getUri()));
+        assertTrue(entities.contains(ACCESS_SPECIAL_DATA_MODELS.getUri()));
+    }
+
+    private void addPermissionSet(String role) {
+        addUserAccountsStatement(role, RDF_TYPE, PERMISSIONSET);
     }
 
 }
diff --git a/home/src/main/resources/rdf/auth/firsttime/permission_config.n3 b/home/src/main/resources/rdf/auth/firsttime/permission_config.n3
deleted file mode 100644
index cc1c71380c..0000000000
--- a/home/src/main/resources/rdf/auth/firsttime/permission_config.n3
+++ /dev/null
@@ -1,33 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
-
-auth:ADMIN
-    a auth:PermissionSet ;
-    rdfs:label "Site Admin" ;
-    .
-
-auth:CURATOR
-    a auth:PermissionSet ;
-    rdfs:label "Curator" ;
-    .
-
-auth:EDITOR
-    a auth:PermissionSet ;
-    rdfs:label "Editor" ;
-    .
-
-auth:SELF_EDITOR
-    a auth:PermissionSet ;
-    a auth:PermissionSetForNewUsers ;
-    rdfs:label "Self Editor" ;
-    .
-
-auth:PUBLIC
-    a auth:PermissionSet ;
-    a auth:PermissionSetForPublic ;
-    rdfs:label "Public" ;
-    .
-

From 8eedd6439cbbc1e35808b7ecf7564f03fc96b4fc Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 27 Oct 2023 12:08:20 +0200
Subject: [PATCH 082/148] fix: check faux object property add/edit/drop
 permissions

---
 .../ObjectPropertyStatementTemplateModel.java   | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
index 6606dd1885..3df574bdb7 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
@@ -11,6 +11,7 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.FauxObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
@@ -50,10 +51,13 @@ private String makeDeleteUrl() {
     	if (property.isDeleteLinkSuppressed()) {
     		return "";
     	}
-
+    	AccessObject ao;
         // Determine whether the statement can be deleted
-		AccessObject ao = new ObjectPropertyStatementAccessObject(
-				vreq.getJenaOntModel(), subjectUri, property, objectUri);
+    	if (isFaux()) {
+            ao = new FauxObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, fauxProperty, objectUri);
+        } else {
+            ao = new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, property, objectUri);
+        }
         if ( ! PolicyHelper.isAuthorizedForActions(vreq, ao, AccessOperation.DROP) ) {
             return "";
         }
@@ -109,7 +113,12 @@ private String makeEditUrl() {
     	}
 
        // Determine whether the statement can be edited
-        AccessObject ao =  new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, property, objectUri);
+    	AccessObject ao;
+        if (isFaux()) {
+            ao = new FauxObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, fauxProperty, objectUri);
+        } else {
+            ao = new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), subjectUri, property, objectUri);
+        }
         if ( ! PolicyHelper.isAuthorizedForActions(vreq, ao, AccessOperation.EDIT) ) {
             return "";
         }

From fd859244f524d5ed479dafad5854641da564642b Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 27 Oct 2023 12:21:41 +0200
Subject: [PATCH 083/148] shorten policy uris for authorization info

---
 .../vitro/webapp/auth/policy/DynamicPolicy.java       | 11 ++++++++---
 .../mannlib/vitro/webapp/auth/policy/PolicyStore.java |  4 ++--
 .../vitro/webapp/auth/policy/ifaces/Policy.java       |  4 ++++
 .../webapp/controller/admin/ShowAuthController.java   |  2 +-
 4 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
index f587fbdec6..292bc6c241 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
@@ -25,6 +25,11 @@ public class DynamicPolicy implements Policy {
     public String getUri() {
         return uri;
     }
+    
+    @Override
+    public String getShortUri() {
+        return shortenUri(uri);
+    }
 
     private long priority;
 
@@ -54,8 +59,8 @@ public PolicyDecision decide(AuthorizationRequest ar) {
             return defaultDecision("whatToAuth was null");
         }
         for (AccessRule rule : getFilteredRules(ar)) {
-            String policyUri = getUri(uri);
-            String ruleUri = getUri(rule.getRuleUri());
+            String policyUri = shortenUri(uri);
+            String ruleUri = shortenUri(rule.getRuleUri());
             if (rule.match(ar)) {
                 if (rule.isAllowMatched()) {
                     if (log.isDebugEnabled()) {
@@ -88,7 +93,7 @@ private PolicyDecision defaultDecision(String message) {
         return new BasicPolicyDecision(DecisionResult.INCONCLUSIVE, message);
     }
 
-    private static String getUri(String uri) {
+    private static String shortenUri(String uri) {
         if (uri.startsWith(VitroVocabulary.AUTH_INDIVIDUAL_PREFIX)) {
             return "ai:" + uri.substring(VitroVocabulary.AUTH_INDIVIDUAL_PREFIX.length());
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
index 26314fe453..0d315245e0 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
@@ -66,10 +66,10 @@ public synchronized void clear() {
         policyMap.clear();
     }
 
-    public List<String> getUris() {
+    public List<String> getShortUris() {
         List<String> uris = new LinkedList<>();
         for (Policy policy : policyList) {
-            uris.add(policy.getUri());
+            uris.add(policy.getShortUri());
         }
         return uris;
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java
index 09b61254fb..a943c398d3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java
@@ -21,4 +21,8 @@ public default String getUri() {
     public default long getPriority() {
         return 0;
     }
+
+    public default String getShortUri() {
+        return "";
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java
index 876477be54..a9e3b0e5f2 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java
@@ -53,7 +53,7 @@ protected ResponseValues processRequest(VitroRequest vreq) {
 		body.put("currentUser", LoginStatusBean.getCurrentUser(vreq));
 		body.put("associatedIndividuals", getAssociatedIndividuals(vreq));
 		body.put("factories", ActiveIdentifierBundleFactories.getFactoryNames());
-		body.put("policies", PolicyStore.getInstance().getUris());
+		body.put("policies", PolicyStore.getInstance().getShortUris());
 		body.put("matchingProperty", getMatchingProperty(vreq));
 		body.put("authenticator", Authenticator.getInstance(vreq));
 

From 33eb96a21b4d34d3b7d1592d209a581de1f11658 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 30 Oct 2023 08:50:22 +0100
Subject: [PATCH 084/148] Added attribute value container related classes to
 reduce number of queries while updating policy data sets. Refactored code.

---
 .../vedit/controller/BaseEditController.java  |  15 +-
 .../vedit/controller/OperationController.java |  58 +++-
 .../attributes/AttributeValueContainer.java   |  29 ++
 .../AttributeValueContainerImpl.java          |  92 ++++++
 .../auth/attributes/AttributeValueKey.java    |  86 +++++
 .../auth/attributes/AttributeValues.java      |  11 +
 .../attributes/AttributeValuesRegistry.java   |  33 ++
 .../attributes/ValueContainerFactory.java     |  74 +++++
 .../{attributes => checks}/AbstractCheck.java |  14 +-
 .../AccessObjectTypeCheck.java                |   8 +-
 .../AccessObjectUriCheck.java                 |   8 +-
 .../AttributeValueChecker.java                |  30 +-
 .../auth/{attributes => checks}/Check.java    |   8 +-
 .../{attributes => checks}/CheckFactory.java  |  35 +-
 .../{attributes => checks}/CheckType.java     |   2 +-
 .../OperationCheck.java                       |   9 +-
 .../ProximityChecker.java                     |   2 +-
 .../QueryResultsMapCache.java                 |   2 +-
 .../StatementObjectUriCheck.java              |   8 +-
 .../StatementPredicateUriCheck.java           |   8 +-
 .../StatementSubjectUriCheck.java             |   8 +-
 .../SubjectRoleCheck.java                     |   8 +-
 .../SubjectTypeCheck.java                     |   8 +-
 .../webapp/auth/policy/DynamicPolicy.java     |   6 +-
 .../auth/policy/EntityPolicyController.java   | 126 ++++++--
 .../webapp/auth/policy/PolicyLoader.java      | 108 +++++--
 .../vitro/webapp/auth/rules/AccessRule.java   |   2 +-
 .../webapp/auth/rules/AccessRuleFactory.java  |   9 +-
 .../webapp/auth/rules/AccessRuleImpl.java     |   2 +-
 .../freemarker/FreemarkerHttpServlet.java     |   5 +-
 .../webapp/controller/json/JsonServlet.java   |   3 +-
 .../attributes/AttributeValueKeyTest.java     |  31 ++
 ...ccessAllowedClassesPolicyTemplateTest.java |   3 +-
 ...ssAllowedPropertiesPolicyTemplateTest.java |   4 +-
 ...edAllowedPropertiesPolicyTemplateTest.java |   3 +-
 .../auth/policy/EditablePagesPolicyTest.java  |   4 +-
 .../policy/EntityPolicyControllerTest.java    |  29 +-
 .../HomeMenuItemsRestrictionPolicyTest.java   |   4 +-
 .../NonModifiableStatementsPolicyTest.java    |  27 +-
 .../webapp/auth/policy/PolicyLoaderTest.java  |  31 +-
 .../vitro/webapp/auth/policy/PolicyTest.java  |  32 +-
 ...edAllowedPropertiesPolicyTemplateTest.java |   3 +-
 .../webapp/auth/rules/AccessRuleTest.java     |  30 +-
 .../webapp/i18n/TranslationConverterTest.java |  26 +-
 .../webapp/i18n/TranslationProviderTest.java  | 300 ++++++++++--------
 .../auth/AnnotationMigratorTest.java          |   8 +-
 .../migration/auth/AuthMigratorTest.java      |  13 +
 .../auth/SimplePermissionMigratorTest.java    |   6 +-
 .../impl/jfact/JFactTBoxReasonerTest.java     |  22 +-
 .../webapp/auth/rules/data_set_templates.n3   |   1 +
 50 files changed, 1012 insertions(+), 382 deletions(-)
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainer.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerImpl.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKey.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValues.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValuesRegistry.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/AbstractCheck.java (86%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/AccessObjectTypeCheck.java (77%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/AccessObjectUriCheck.java (76%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/AttributeValueChecker.java (80%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/Check.java (67%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/CheckFactory.java (59%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/CheckType.java (78%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/OperationCheck.java (72%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/ProximityChecker.java (97%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/QueryResultsMapCache.java (96%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/StatementObjectUriCheck.java (77%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/StatementPredicateUriCheck.java (77%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/StatementSubjectUriCheck.java (77%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/SubjectRoleCheck.java (75%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/{attributes => checks}/SubjectTypeCheck.java (79%)
 create mode 100644 api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKeyTest.java

diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
index 39c1dc811e..23a3e6f51e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
@@ -235,28 +235,27 @@ protected static void addAccessAttributes(HttpServletRequest req, String entityU
             for (RoleInfo role : roles) {
                 RoleInfo roleCopy = role.clone();
                 roleInfos.add(roleCopy);
-                if (operation.equals(AccessOperation.ADD) || operation.equals(AccessOperation.DROP)
-                        || operation.equals(AccessOperation.EDIT) || operation.equals(AccessOperation.PUBLISH)
-                        || operation.equals(AccessOperation.UPDATE)) {
+                if (isPublicForbiddenOperation(operation)) {
                     if (roleCopy.isPublic) {
                         roleCopy.setEnabled(false);
                         roleCopy.setGranted(false);
                     }
                 }
             }
-            // If we are creating a new record
             if (!StringUtils.isEmpty(entityURI)) {
-                Set<String> grantedRoles = new HashSet<String>(
-                        EntityPolicyController.getGrantedRoles(entityURI, operation, aot, roleUris));
                 for (RoleInfo roleInfo : roleInfos) {
-                    if (!grantedRoles.contains(roleInfo.getUri())) {
-                        roleInfo.setGranted(false);
+                    if (roleInfo.isEnabled()) {
+                        roleInfo.setGranted(
+                                EntityPolicyController.isGranted(entityURI, aot, operation, roleInfo.getUri()));
                     }
                 }
             }
         }
         req.setAttribute("operationsToRoles", operationsToRoles);
+    }
 
+    static boolean isPublicForbiddenOperation(AccessOperation operation) {
+        return operation.equals(AccessOperation.PUBLISH);
     }
 
     public static class RoleInfo {
diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
index 6db4baebe9..6953d7e343 100644
--- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
@@ -9,9 +9,11 @@
 import java.util.Arrays;
 import java.util.Enumeration;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -29,6 +31,7 @@
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vedit.beans.EditProcessObject;
+import edu.cornell.mannlib.vedit.controller.BaseEditController.RoleInfo;
 import edu.cornell.mannlib.vedit.forwarder.PageForwarder;
 import edu.cornell.mannlib.vedit.listener.ChangeListener;
 import edu.cornell.mannlib.vedit.listener.EditPreProcessor;
@@ -145,25 +148,27 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
                 }
                 String entityType = request.getParameter(ENTITY_TYPE_ATTRIBUTE_NAME);
                 List<PermissionSet> permissionSets = buildListOfSelectableRoles(ModelAccess.on(request).getWebappDaoFactory());
-                List<String> roleUris = new ArrayList<>();
+                Set<RoleInfo> roles = new HashSet<>();
                 for (PermissionSet permissionSet : permissionSets) {
-                    roleUris.add(permissionSet.getUri());
+                    roles.add(new RoleInfo(permissionSet));
                 }  
-                // Get the granted permissions from the request object
-                AccessObjectType aot = AccessObjectType.valueOf(entityType);
-                List<AccessOperation> operations = AccessOperation.getOperations(aot);
-                for (AccessOperation ao : operations) {
-                    String operationGroupName = ao.toString().toLowerCase().split("_")[0];
-                    String[] selectedRoles = request.getParameterValues(operationGroupName + "Roles");
-                    if(StringUtils.isBlank(entityUri)) {
-                        log.error("EntityUri is blank");
-                    } else if (StringUtils.isBlank(entityType) || !EnumUtils.isValidEnum(AccessObjectType.class, entityType)) {
-                        log.error("EntityType is not valid " + entityType);
-                    } else {
-                        if (selectedRoles == null) {
-                            selectedRoles = new String[0];
+                AccessObjectType aot = getAccessObjectType(entityUri, entityType);
+                if (aot != null) {
+                    List<AccessOperation> operations = AccessOperation.getOperations(aot);
+                    for (AccessOperation ao : operations) {
+                        String operationGroupName = ao.toString().toLowerCase().split("_")[0];
+                        Set<String> selectedRoles = getSelectedRoles(request, operationGroupName);
+                        for (RoleInfo role : roles) {
+                            if (role.isPublic() && isPublicForbiddenOperation(ao)) {
+                                continue;
+                            }
+                            if (selectedRoles.contains(role.getUri())) {
+                                EntityPolicyController.grantAccess(entityUri, aot, ao, role.getUri());    
+                            } else {
+                                EntityPolicyController.revokeAccess(entityUri, aot, ao, role.getUri());
+                            }
+                            
                         }
-                        EntityPolicyController.updateEntityDataSet(entityUri, aot, ao, Arrays.asList(selectedRoles), roleUris);
                     }
                 }
             }
@@ -225,6 +230,27 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
         }
     }
 
+    private Set<String> getSelectedRoles(HttpServletRequest request, String operationGroupName) {
+        String[] selectedRoles = request.getParameterValues(operationGroupName + "Roles");
+        if (selectedRoles == null) {
+            selectedRoles = new String[0];
+        }
+        return new HashSet<String>(Arrays.asList(selectedRoles));
+    }
+
+    private AccessObjectType getAccessObjectType(String entityUri, String entityType) {
+        AccessObjectType aot = null;
+        // Get the granted permissions from the request object
+        if(StringUtils.isBlank(entityUri)) {
+            log.error("EntityUri is blank");
+        } else if (StringUtils.isBlank(entityType) || !EnumUtils.isValidEnum(AccessObjectType.class, entityType)) {
+            log.error("EntityType is not valid " + entityType);
+        } else {
+            aot = AccessObjectType.valueOf(entityType);
+        }
+        return aot;
+    }
+
     private void retry(HttpServletRequest request,
     		           HttpServletResponse response,
     		           EditProcessObject epo) throws IOException {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainer.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainer.java
new file mode 100644
index 0000000000..d625cc21e9
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainer.java
@@ -0,0 +1,29 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+public interface AttributeValueContainer {
+
+    public void add(String value);
+
+    public void remove(String value);
+
+    public void clear();
+
+    public boolean contains(String value);
+
+    public boolean containsSingleValue();
+
+    public String getSingleValue();
+
+    public boolean isEmpty();
+
+    public void setContainerUri(String containerUri);
+
+    public String getContainerUri();
+
+    public void setType(String containerType);
+
+    public void setDataSetUri(String dataSetUri);
+
+    public void setKey(AttributeValueKey key);
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerImpl.java
new file mode 100644
index 0000000000..11ef2d0934
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerImpl.java
@@ -0,0 +1,92 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import java.util.Iterator;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class AttributeValueContainerImpl implements AttributeValueContainer {
+
+    private Set<String> values = ConcurrentHashMap.newKeySet();
+    private String containerUri;
+    private String type;
+    private AttributeValueKey key;
+    private String dataSetUri;
+
+    public void setContainerUri(String valueContainerUri) {
+        this.containerUri = valueContainerUri;
+    }
+
+    public AttributeValueContainerImpl(String value) {
+        values.add(value);
+    }
+
+    @Override
+    public String getContainerUri() {
+        return containerUri;
+    }
+
+    @Override
+    public void add(String value) {
+        if (value == null) {
+            return;
+        }
+        values.add(value);
+    }
+
+    @Override
+    public boolean contains(String value) {
+        if (value == null) {
+            return false;
+        }
+        return values.contains(value);
+    }
+
+    @Override
+    public boolean containsSingleValue() {
+        return values.size() == 1;
+    }
+
+    @Override
+    public String getSingleValue() {
+        Iterator<String> iterator = values.iterator();
+        if (iterator.hasNext()) {
+            return iterator.next();
+        }
+        return "";
+    }
+
+    @Override
+    public boolean isEmpty() {
+        return values.isEmpty();
+    }
+
+    @Override
+    public void remove(String value) {
+        values.remove(value);
+    }
+
+    @Override
+    public void setType(String type) {
+        this.type = type;
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    @Override
+    public void clear() {
+        values.clear();
+    }
+
+    @Override
+    public void setKey(AttributeValueKey valueContainerKey) {
+        this.key = valueContainerKey;
+    }
+
+    @Override
+    public void setDataSetUri(String dataSetUri) {
+        this.dataSetUri = dataSetUri;
+    }
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKey.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKey.java
new file mode 100644
index 0000000000..acbe74ce9c
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKey.java
@@ -0,0 +1,86 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.commons.lang3.builder.EqualsBuilder;
+import org.apache.commons.lang3.builder.HashCodeBuilder;
+
+public class AttributeValueKey {
+
+    private AccessOperation ao;
+    private AccessObjectType aot;
+    private String role;
+    private String containerType;
+
+    public AttributeValueKey() {
+    }
+
+    public AttributeValueKey(AccessOperation ao, AccessObjectType aot, String role, String containerType) {
+        this.ao = ao;
+        this.aot = aot;
+        this.role = role;
+        this.containerType = containerType;
+    }
+
+    public AccessOperation getAccessOperation() {
+        return ao;
+    }
+
+    public void setOperation(AccessOperation ao) {
+        this.ao = ao;
+    }
+
+    public AccessObjectType getObjectType() {
+        return aot;
+    }
+
+    public void setObjectType(AccessObjectType aot) {
+        this.aot = aot;
+    }
+
+    public String getRole() {
+        return role;
+    }
+
+    public void setRole(String role) {
+        this.role = role;
+    }
+
+    public String getContainerType() {
+        return containerType;
+    }
+
+    public void setContainerType(String containerType) {
+        this.containerType = containerType;
+    }
+
+    public AttributeValueKey clone() {
+        return new AttributeValueKey(ao, aot, role, containerType);
+    }
+
+    @Override
+    public boolean equals(Object object) {
+        if (!(object instanceof AttributeValueKey)) {
+            return false;
+        }
+        if (object == this) {
+            return true;
+        }
+        AttributeValueKey compared = (AttributeValueKey) object;
+
+        return new EqualsBuilder()
+                .append(getAccessOperation(), compared.getAccessOperation())
+                .append(getObjectType(), compared.getObjectType())
+                .append(getRole(), compared.getRole())
+                .append(getContainerType(), compared.getContainerType())
+                .isEquals();
+    }
+
+    @Override
+    public int hashCode() {
+        return new HashCodeBuilder(151, 1017)
+                .append(getAccessOperation())
+                .append(getObjectType())
+                .append(getRole())
+                .append(getContainerType())
+                .toHashCode();
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValues.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValues.java
new file mode 100644
index 0000000000..d5e550ed72
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValues.java
@@ -0,0 +1,11 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+public interface AttributeValues {
+
+    public AttributeValueContainer get(AttributeValueKey key);
+
+    public void put(AttributeValueKey key, AttributeValueContainer values);
+
+    public void clear();
+
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValuesRegistry.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValuesRegistry.java
new file mode 100644
index 0000000000..cc255ec282
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValuesRegistry.java
@@ -0,0 +1,33 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class AttributeValuesRegistry implements AttributeValues {
+
+    private static AttributeValues INSTANCE = new AttributeValuesRegistry();
+    private Map<AttributeValueKey, AttributeValueContainer> valuesMap = new ConcurrentHashMap<>();
+
+    private AttributeValuesRegistry() {
+        INSTANCE = this;
+    }
+
+    public static AttributeValues getInstance() {
+        return INSTANCE;
+    }
+
+    @Override
+    public AttributeValueContainer get(AttributeValueKey key) {
+        return valuesMap.get(key);
+    }
+
+    @Override
+    public void put(AttributeValueKey key, AttributeValueContainer values) {
+        valuesMap.put(key, values);
+    }
+
+    @Override
+    public void clear() {
+        valuesMap.clear();
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
new file mode 100644
index 0000000000..c4ca95661c
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
@@ -0,0 +1,74 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import org.apache.jena.query.QuerySolution;
+
+public class ValueContainerFactory {
+
+    public static AttributeValueContainer create(String value, QuerySolution qs,
+            AttributeValueKey dataSetKey) {
+        String type = getContainerType(qs);
+        if (type == null || dataSetKey == null) {
+            return new AttributeValueContainerImpl(value);
+        } else {
+            AttributeValueKey avcKey = getAttributeValueContainerKey(dataSetKey, type);
+            AttributeValueContainer avc = AttributeValuesRegistry.getInstance().get(avcKey);
+            if (avc == null) {
+                return createNew(value, qs, dataSetKey, avcKey);
+            } else {
+                return returnFromRegistry(value, avc);
+            }
+        }
+    }
+
+    private static AttributeValueContainer returnFromRegistry(String value, AttributeValueContainer avc) {
+        avc.clear();
+        avc.add(value);
+        return avc;
+    }
+
+    private static AttributeValueContainer createNew(String value, QuerySolution qs,
+            AttributeValueKey dataSetKey, AttributeValueKey avcKey) {
+        AttributeValueContainer avc;
+        avc = new AttributeValueContainerImpl(value);
+        avc.setContainerUri(getContainerUri(qs));
+        avc.setType(getContainerType(qs));
+        avc.setDataSetUri(getDataSetUri(qs));
+        avc.setKey(dataSetKey);
+        register(avc, avcKey);
+        return avc;
+    }
+
+    private static AttributeValueKey getAttributeValueContainerKey(AttributeValueKey dataSetKey, String type) {
+        AttributeValueKey avcKey = dataSetKey.clone();
+        avcKey.setContainerType(type);
+        return avcKey;
+    }
+
+    private static void register(AttributeValueContainer avc, AttributeValueKey key) {
+        AttributeValuesRegistry.getInstance().put(key, avc);
+    }
+
+    private static String getContainerUri(QuerySolution qs) {
+        if (qs.contains("attributeValue") && qs.get("attributeValue").isResource()) {
+            String uri = qs.getResource("attributeValue").getURI();
+            return uri;
+        }
+        return null;
+    }
+
+    private static String getContainerType(QuerySolution qs) {
+        if (qs.contains("containerType") && qs.get("containerType").isLiteral()) {
+            String containerType = qs.getLiteral("containerType").getString();
+            return containerType;
+        }
+        return null;
+    }
+
+    private static String getDataSetUri(QuerySolution qs) {
+        if (qs.contains("dataSetUri") && qs.get("dataSetUri").isResource()) {
+            String dataSetUri = qs.getResource("dataSetUri").getURI();
+            return dataSetUri;
+        }
+        return null;
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AbstractCheck.java
similarity index 86%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractCheck.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AbstractCheck.java
index 78f97fb823..c28ef7a26f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AbstractCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AbstractCheck.java
@@ -1,24 +1,22 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
-
-import java.util.HashSet;
-import java.util.Set;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
 
 public abstract class AbstractCheck implements Check {
 
-    private Set<String> values = new HashSet<>();
+    private AttributeValueContainer values;
     private String uri;
     private long computationalCost;
 
     private CheckType testType = CheckType.EQUALS;
 
-    public AbstractCheck(String uri, String value) {
+    public AbstractCheck(String uri, AttributeValueContainer values) {
         this.uri = uri;
-        values.add(value);
+        this.values = values;
     }
 
     public String getUri() {
@@ -44,7 +42,7 @@ public void addValue(String value) {
     }
 
     @Override
-    public Set<String> getValues() {
+    public AttributeValueContainer getValues() {
         return values;
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectTypeCheck.java
similarity index 77%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeCheck.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectTypeCheck.java
index 7ef2dcfc2d..f0cfaf30ef 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectTypeCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectTypeCheck.java
@@ -1,7 +1,9 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
@@ -11,8 +13,8 @@ public class AccessObjectTypeCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(AccessObjectTypeCheck.class);
 
-    public AccessObjectTypeCheck(String uri, String value) {
-        super(uri, value);
+    public AccessObjectTypeCheck(String uri, AttributeValueContainer values) {
+        super(uri, values);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectUriCheck.java
similarity index 76%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriCheck.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectUriCheck.java
index a2957dba84..3585d7e786 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessObjectUriCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectUriCheck.java
@@ -1,7 +1,9 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
@@ -11,8 +13,8 @@ public class AccessObjectUriCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(AccessObjectUriCheck.class);
 
-    public AccessObjectUriCheck(String uri, String objectUri) {
-        super(uri, objectUri);
+    public AccessObjectUriCheck(String uri, AttributeValueContainer container) {
+        super(uri, container);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueChecker.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AttributeValueChecker.java
similarity index 80%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueChecker.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AttributeValueChecker.java
index 6916575b9c..2c1445aa29 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueChecker.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AttributeValueChecker.java
@@ -1,11 +1,11 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 import java.util.Arrays;
 import java.util.List;
-import java.util.Set;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.lang3.StringUtils;
@@ -37,13 +37,12 @@ static boolean test(Check attr, AuthorizationRequest ar, String... values) {
     }
 
     private static boolean sparqlQueryContains(Check attr, AuthorizationRequest ar, String[] inputValues) {
-        Set<String> values = attr.getValues();
-        final int valuesSize = values.size();
-        if (valuesSize != 1) {
-            log.error("SparqlQueryContins value != 1");
+        AttributeValueContainer values = attr.getValues();
+        if (!values.containsSingleValue()) {
+            log.error("SparqlQueryContains more than  one value");
             return false;
         }
-        String queryTemplate = values.iterator().next();
+        String queryTemplate = values.getSingleValue();
         if (StringUtils.isBlank(queryTemplate)) {
             log.error("SparqlQueryContins template is empty");
             return false;
@@ -68,7 +67,7 @@ private static boolean sparqlQueryContains(Check attr, AuthorizationRequest ar,
     }
 
     private static boolean contains(Check attr, String... inputValues) {
-        final Set<String> values = attr.getValues();
+        AttributeValueContainer values = attr.getValues();
         for (String inputValue : inputValues) {
             if (values.contains(inputValue)) {
                 return true;
@@ -78,14 +77,12 @@ private static boolean contains(Check attr, String... inputValues) {
     }
 
     private static boolean equals(Check attr, String... inputValues) {
-        Set<String> values = attr.getValues();
-        final int valuesSize = values.size();
-        if (valuesSize != 1) {
+        AttributeValueContainer values = attr.getValues();
+        if (!values.containsSingleValue()) {
             return false;
         }
-        String value = values.iterator().next();
         for (String inputValue : inputValues) {
-            if (value.equals(inputValue)) {
+            if (values.contains(inputValue)) {
                 return true;
             }
         }
@@ -93,12 +90,11 @@ private static boolean equals(Check attr, String... inputValues) {
     }
 
     private static boolean startsWith(Check attr, String... inputValues) {
-        Set<String> values = attr.getValues();
-        final int valuesSize = values.size();
-        if (valuesSize != 1) {
+        AttributeValueContainer values = attr.getValues();
+        if (!values.containsSingleValue()) {
             return false;
         }
-        String value = values.iterator().next();
+        String value = values.getSingleValue();
         for (String inputValue : inputValues) {
             if (inputValue != null && inputValue.startsWith(value)) {
                 return true;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Check.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/Check.java
similarity index 67%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Check.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/Check.java
index 0cecda3700..dfa5c334c9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/Check.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/Check.java
@@ -1,9 +1,9 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
-
-import java.util.Set;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
 public interface Check {
@@ -18,7 +18,7 @@ public interface Check {
 
     public CheckType getType();
 
-    Set<String> getValues();
+    public AttributeValueContainer getValues();
 
     public void addValue(String value);
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/CheckFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java
similarity index 59%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/CheckFactory.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java
index 3ef6f42a52..e3ff9cbd6e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/CheckFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java
@@ -1,50 +1,54 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueKey;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.ValueContainerFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import org.apache.jena.query.QuerySolution;
 
 public class CheckFactory {
 
-    public static Check createCheck(QuerySolution qs) {
+    public static Check createCheck(QuerySolution qs, AttributeValueKey dataSetKey) {
         String typeId = qs.getLiteral(PolicyLoader.TYPE_ID).getString();
         String checkUri = qs.getResource(PolicyLoader.CHECK).getURI();
         Attribute type = Attribute.valueOf(typeId);
         String testId = qs.getLiteral("testId").getString();
         String value = getValue(qs);
-
-        Check at = null;
+        AttributeValueContainer container = ValueContainerFactory.create(value, qs, dataSetKey);
+        Check check = null;
         switch (type) {
             case SUBJECT_ROLE_URI:
-                at = new SubjectRoleCheck(checkUri, value);
+                check = new SubjectRoleCheck(checkUri, container);
                 break;
             case OPERATION:
-                at = new OperationCheck(checkUri, value);
+                check = new OperationCheck(checkUri, container);
                 break;
             case ACCESS_OBJECT_URI:
-                at = new AccessObjectUriCheck(checkUri, value);
+                check = new AccessObjectUriCheck(checkUri, container);
                 break;
             case ACCESS_OBJECT_TYPE:
-                at = new AccessObjectTypeCheck(checkUri, value);
+                check = new AccessObjectTypeCheck(checkUri, container);
                 break;
             case SUBJECT_TYPE:
-                at = new SubjectTypeCheck(checkUri, value);
+                check = new SubjectTypeCheck(checkUri, container);
                 break;
             case STATEMENT_PREDICATE_URI:
-                at = new StatementPredicateUriCheck(checkUri, value);
+                check = new StatementPredicateUriCheck(checkUri, container);
                 break;
             case STATEMENT_SUBJECT_URI:
-                at = new StatementSubjectUriCheck(checkUri, value);
+                check = new StatementSubjectUriCheck(checkUri, container);
                 break;
             case STATEMENT_OBJECT_URI:
-                at = new StatementObjectUriCheck(checkUri, value);
+                check = new StatementObjectUriCheck(checkUri, container);
                 break;
             default:
-                at = null;
+                check = null;
         }
-        at.setType(CheckType.valueOf(testId));
-        return at;
+        check.setType(CheckType.valueOf(testId));
+        return check;
     }
 
     private static String getValue(QuerySolution qs) {
@@ -57,6 +61,7 @@ private static String getValue(QuerySolution qs) {
         }
     }
 
+
     public static void extendAttribute(Check check, QuerySolution qs) throws Exception {
         String testId = qs.getLiteral("testId").getString();
         if (CheckType.ONE_OF.toString().equals(testId) || CheckType.NOT_ONE_OF.toString().equals(testId)) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/CheckType.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckType.java
similarity index 78%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/CheckType.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckType.java
index 0c45e71d47..3a5bf7fe91 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/CheckType.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckType.java
@@ -1,6 +1,6 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 public enum CheckType {
     EQUALS,
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/OperationCheck.java
similarity index 72%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationCheck.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/OperationCheck.java
index 7376a5b6e3..1d69156113 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/OperationCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/OperationCheck.java
@@ -1,7 +1,10 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -10,8 +13,8 @@ public class OperationCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(OperationCheck.class);
 
-    public OperationCheck(String uri, String operation) {
-        super(uri, operation);
+    public OperationCheck(String uri, AttributeValueContainer values) {
+        super(uri, values);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/ProximityChecker.java
similarity index 97%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/ProximityChecker.java
index 08ba72f231..14b3306f36 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ProximityChecker.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/ProximityChecker.java
@@ -1,6 +1,6 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 import java.util.ArrayList;
 import java.util.HashMap;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/QueryResultsMapCache.java
similarity index 96%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/QueryResultsMapCache.java
index 3d716ddf4f..761131cdbd 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/QueryResultsMapCache.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/QueryResultsMapCache.java
@@ -1,6 +1,6 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 import java.io.IOException;
 import java.util.HashMap;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementObjectUriCheck.java
similarity index 77%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriCheck.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementObjectUriCheck.java
index 68276feec6..36a3342797 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementObjectUriCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementObjectUriCheck.java
@@ -1,7 +1,9 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
@@ -11,8 +13,8 @@ public class StatementObjectUriCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(StatementObjectUriCheck.class);
 
-    public StatementObjectUriCheck(String uri, String value) {
-        super(uri, value);
+    public StatementObjectUriCheck(String uri, AttributeValueContainer values) {
+        super(uri, values);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementPredicateUriCheck.java
similarity index 77%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriCheck.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementPredicateUriCheck.java
index a62a322ce2..83d0e3cc54 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementPredicateUriCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementPredicateUriCheck.java
@@ -1,7 +1,9 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
@@ -11,8 +13,8 @@ public class StatementPredicateUriCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(StatementPredicateUriCheck.class);
 
-    public StatementPredicateUriCheck(String uri, String value) {
-        super(uri, value);
+    public StatementPredicateUriCheck(String uri, AttributeValueContainer values) {
+        super(uri, values);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementSubjectUriCheck.java
similarity index 77%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriCheck.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementSubjectUriCheck.java
index ec96cb62e3..a2317d9f19 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/StatementSubjectUriCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementSubjectUriCheck.java
@@ -1,7 +1,9 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
@@ -11,8 +13,8 @@ public class StatementSubjectUriCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(StatementSubjectUriCheck.class);
 
-    public StatementSubjectUriCheck(String uri, String value) {
-        super(uri, value);
+    public StatementSubjectUriCheck(String uri, AttributeValueContainer values) {
+        super(uri, values);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectRoleCheck.java
similarity index 75%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleCheck.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectRoleCheck.java
index 3acf3a1fbe..3316fd8b45 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectRoleCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectRoleCheck.java
@@ -1,9 +1,11 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 import java.util.List;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -12,8 +14,8 @@ public class SubjectRoleCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(SubjectRoleCheck.class);
 
-    public SubjectRoleCheck(String uri, String roleValue) {
-        super(uri, roleValue);
+    public SubjectRoleCheck(String uri, AttributeValueContainer values) {
+        super(uri, values);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectTypeCheck.java
similarity index 79%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeCheck.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectTypeCheck.java
index 222974bd71..53c3e3b8f3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/SubjectTypeCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectTypeCheck.java
@@ -1,7 +1,9 @@
 /* $This file is distributed under the terms of the license in LICENSE$ */
 
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsRootUser;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
@@ -12,8 +14,8 @@ public class SubjectTypeCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(SubjectTypeCheck.class);
 
-    public SubjectTypeCheck(String uri, String value) {
-        super(uri, value);
+    public SubjectTypeCheck(String uri, AttributeValueContainer values) {
+        super(uri, values);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
index 292bc6c241..6a86c533f3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
@@ -25,7 +25,7 @@ public class DynamicPolicy implements Policy {
     public String getUri() {
         return uri;
     }
-    
+
     @Override
     public String getShortUri() {
         return shortenUri(uri);
@@ -64,13 +64,13 @@ public PolicyDecision decide(AuthorizationRequest ar) {
             if (rule.match(ar)) {
                 if (rule.isAllowMatched()) {
                     if (log.isDebugEnabled()) {
-                        log.debug("Policy '" + policyUri + "' rule '" + ruleUri + "' approved request " + whatToAuth);
+                        log.debug("Policy '" + policyUri + "' rule '" + ruleUri + "' approved request " + ar);
                     }
                     String message = "Policy '" + policyUri + "' rule '" + ruleUri + "' approved " + ar;
                     return new BasicPolicyDecision(DecisionResult.AUTHORIZED, message);
                 } else {
                     if (log.isDebugEnabled()) {
-                        log.debug("Policy '" + policyUri + "' rule " + ruleUri + " rejected request " + whatToAuth);
+                        log.debug("Policy '" + policyUri + "' rule " + ruleUri + " rejected request " + ar);
                     }
                     String message = "Policy '" + policyUri + "' rule '" + ruleUri + "' rejected request" + ar;
                     return new BasicPolicyDecision(DecisionResult.UNAUTHORIZED, message);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index edf390d411..1594f0dbbc 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -2,6 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
+import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.AUTH_VOCABULARY_PREFIX;
+
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -12,11 +14,14 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueKey;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValues;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValuesRegistry;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
 public class EntityPolicyController {
 
     private static final Log log = LogFactory.getLog(EntityPolicyController.class);
@@ -27,41 +32,98 @@ public class EntityPolicyController {
      * @param aot - access object type
      * @param ao - access operation
      * @param selectedRoles - list of roles to assign
-     * @param allRoles - list of all available roles
+     * @param roles - list of all available roles
      */
     public static void updateEntityDataSet(String entityUri, AccessObjectType aot, AccessOperation ao,
-            List<String> selectedRoles, List<String> allRoles) {
+            List<String> selectedRoles, List<String> roles) {
         if (StringUtils.isBlank(entityUri)) {
             return;
         }
         Set<String> selectedSet = new HashSet<>(selectedRoles);
-        for (String role : allRoles) {
-            boolean isInDataSet = isUriInTestDataset(entityUri, ao, aot, role);
-            boolean isSelected = selectedSet.contains(role);
-            final PolicyLoader loader = PolicyLoader.getInstance();
-            final String dataSetUri =
-                    loader.getDataSetUriByKey(new String[] { role }, new String[] { ao.toString(), aot.toString() });
-
-            if (dataSetUri == null) {
-                log.debug(
-                        String.format("Policy wasn't found by key:\n%s\n%s\n%s", ao.toString(), aot.toString(), role));
-                continue;
+        for (String role : roles) {
+            if (selectedSet.contains(role)) {
+                grantAccess(entityUri, aot, ao, role);
+            } else {
+                revokeAccess(entityUri, aot, ao, role);
+            }
+        }
+    }
+
+    private static AttributeValues getRegistry() {
+        return AttributeValuesRegistry.getInstance();
+    }
+
+    public static void revokeAccess(String entityUri, AccessObjectType aot, AccessOperation ao, String role) {
+        AttributeValueKey key = new AttributeValueKey(ao, aot, role, aot.toString());
+        AttributeValueContainer container = getRegistry().get(key);
+        if (container != null) {
+            if (container.contains(entityUri)) {
+                container.remove(entityUri);
+                String toRemove = getValueStatementString(entityUri, container.getContainerUri());
+                getLoader().updateAccessControlModel(toRemove, false);
+            }
+        } else {
+            reduceInactiveValueContainer(entityUri, aot, ao, role);
+        }
+    }
+
+    private static PolicyLoader getLoader() {
+        return PolicyLoader.getInstance();
+    }
+
+    private static void reduceInactiveValueContainer(String entityUri, AccessObjectType aot, AccessOperation ao,
+            String role) {
+        StringBuilder removals = new StringBuilder();
+        getDataValueStatements(entityUri, aot, ao, Collections.singleton(role), removals);
+        getLoader().updateAccessControlModel(removals.toString(), false);
+    }
+
+    public static void grantAccess(String entityUri, AccessObjectType aot, AccessOperation ao, String role) {
+        AttributeValueKey key = new AttributeValueKey(ao, aot, role, aot.toString());
+        AttributeValueContainer container = getRegistry().get(key);
+        if (container != null) {
+            if (!container.contains(entityUri)) {
+                container.add(entityUri);
+                String toAdd = getValueStatementString(entityUri, container.getContainerUri());
+                getLoader().updateAccessControlModel(toAdd, true);
             }
-            PolicyStore policyStore = PolicyStore.getInstance();
-            if (isSelected && !isInDataSet) {
-                loader.addEntityToPolicyDataSet(entityUri, aot, ao, role);
-                policyStore.remove(dataSetUri);
-                DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
-                policyStore.add(policy);
-            } else if (!isSelected && isInDataSet) {
-                loader.removeEntityFromPolicyDataSet(entityUri, aot, ao, role);
-                policyStore.remove(dataSetUri);
-                DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
-                policyStore.add(policy);
+        } else {
+            extendInactiveValueContainer(entityUri, aot, ao, role);
+            loadPolicy(aot, ao, role);
+        }
+    }
+
+    private static void loadPolicy(AccessObjectType aot, AccessOperation ao, String role) {
+        String dataSetUri =
+                getLoader().getDataSetUriByKey(new String[] { role }, new String[] { ao.toString(), aot.toString() });
+        if (dataSetUri != null) {
+            DynamicPolicy policy = getLoader().loadPolicyFromTemplateDataSet(dataSetUri);
+            if (policy != null) {
+                PolicyStore.getInstance().add(policy);
             }
         }
     }
 
+    private static void extendInactiveValueContainer(String entityUri, AccessObjectType aot, AccessOperation ao,
+            String role) {
+        StringBuilder additions = new StringBuilder();
+        getDataValueStatements(entityUri, aot, ao, Collections.singleton(role), additions);
+        getLoader().updateAccessControlModel(additions.toString(), true);
+    }
+
+    public static boolean isGranted(String entityUri, AccessObjectType aot, AccessOperation ao, String role) {
+        if (StringUtils.isBlank(entityUri)) {
+            return false;
+        }
+        AttributeValues registry = getRegistry();
+        AttributeValueKey key = new AttributeValueKey(ao, aot, role, aot.toString());
+        AttributeValueContainer container = registry.get(key);
+        if (container == null) {
+            return false;
+        }
+        return container.contains(entityUri);
+    }
+
     public static List<String> getGrantedRoles(String entityUri, AccessOperation ao, AccessObjectType aot,
             List<String> allRoles) {
         if (StringUtils.isBlank(entityUri)) {
@@ -84,15 +146,17 @@ public static void getDataValueStatements(String entityUri, AccessObjectType aot
         for (String role : selectedRoles) {
             String valueContainerUri = getValueContainerUri(aot, ao, role);
             if (valueContainerUri == null) {
-                log.error(String.format("Policy value container wasn't found by key:\n%s\n%s\n%s", ao, aot, role));
+                log.debug(String.format("Policy value container wasn't found by key:\n%s\n%s\n%s", ao, aot, role));
                 continue;
             }
-            sb.append("<").append(valueContainerUri)
-                    .append("> <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue> <")
-                    .append(entityUri).append("> .\n");
+            sb.append(getValueStatementString(entityUri, valueContainerUri));
         }
     }
 
+    private static String getValueStatementString(String entityUri, String valueContainerUri) {
+        return "<" + valueContainerUri + "> <" + AUTH_VOCABULARY_PREFIX + "dataValue> <" + entityUri + "> .\n";
+    }
+
     public static void deletedEntityEvent(Property oldObj) {
         log.debug("Don't delete access rule if property has been deleted " + oldObj);
     }
@@ -108,7 +172,7 @@ public static void insertedEntityEvent(Property newObj) {
     }
 
     private static boolean isUriInTestDataset(String entityUri, AccessOperation ao, AccessObjectType aot, String role) {
-        Set<String> values = PolicyLoader.getInstance().getDataSetValues(ao, aot, role);
+        Set<String> values = getLoader().getDataSetValues(ao, aot, role);
         return values.contains(entityUri);
     }
 
@@ -117,7 +181,7 @@ private static String getValueContainerUri(AccessObjectType aot, AccessOperation
         if (policyKeyToDataValueMap.containsKey(key)) {
             return policyKeyToDataValueMap.get(key);
         }
-        String uri = PolicyLoader.getInstance().getEntityValueContainerUri(ao, aot, role);
+        String uri = getLoader().getEntityValueContainerUri(ao, aot, role);
         policyKeyToDataValueMap.put(key, uri);
         return uri;
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index de014e3d00..118f873f8b 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -16,7 +16,9 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.CheckFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueKey;
+import edu.cornell.mannlib.vitro.webapp.auth.checks.CheckFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRuleFactory;
 import edu.cornell.mannlib.vitro.webapp.dao.jena.event.BulkUpdateEvent;
@@ -35,6 +37,7 @@
 import org.apache.jena.query.ResultSetFormatter;
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.RDFNode;
+import org.apache.tika.utils.StringUtils;
 
 public class PolicyLoader {
 
@@ -150,8 +153,8 @@ public class PolicyLoader {
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "SELECT DISTINCT ?policyUri ?rules ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id"
-            + " ?dataSetUri \n"
+            + "SELECT DISTINCT ?policyUri ?rules ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id "
+            + " ?dataSetUri ?attributeValue ?containerType \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?policy a ao:PolicyTemplate .\n"
@@ -175,20 +178,24 @@ public class PolicyLoader {
             + "      }\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "       ?rule ao:decision ?decision .\n"
-            + "       ?decision ao:id ?decision_id .\n"
+            + "      ?rule ao:decision ?decision .\n"
+            + "      ?decision ao:id ?decision_id .\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "       ?check ao:templateValue ?attributeValueSet .\n"
-            + "       ?attributeValueSet a ao:AttributeValueSet .\n"
-            + "       ?attributeValueSet ao:attributeValue ?attributeValue .\n"
-            + "       ?attributeValue ao:dataValue ?value .\n"
-            + "       ?dataSet ao:dataSetValues ?attributeValue .\n"
-            + "       OPTIONAL {?value ao:id ?lit_value . }\n"
+            + "      ?check ao:templateValue ?attributeValueSet .\n"
+            + "      ?attributeValueSet a ao:AttributeValueSet .\n"
+            + "      ?attributeValueSet ao:attributeValue ?attributeValue .\n"
+            + "      ?attributeValue ao:dataValue ?value .\n"
+            + "      ?dataSet ao:dataSetValues ?attributeValue .\n"
+            + "      OPTIONAL {\n"
+            + "        ?attributeValue ao:containerType ?containerTypeUri .\n"
+            + "        ?containerTypeUri ao:id ?containerType ."
+            + "      }\n"
+            + "      OPTIONAL {?value ao:id ?lit_value . }\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "       ?check ao:value ?value .\n"
-            + "       OPTIONAL {?value ao:id ?lit_value . }\n"
+            + "      ?check ao:value ?value .\n"
+            + "      OPTIONAL {?value ao:id ?lit_value . }\n"
             + "    }\n"
             + "    BIND(?dataSet as ?dataSetUri)\n"
             + "    BIND(?policy as ?policyUri)\n"
@@ -268,6 +275,27 @@ public class PolicyLoader {
             + "  }\n"
             + "}\n";
 
+    public static final String DATA_SET_KEY_QUERY = ""
+            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "SELECT ?keyComponent ?id ?type \n"
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "    ?dataSet ao:dataSetKey ?dataSetKey ."
+            + "    ?dataSetKey ao:keyComponent ?keyComponent .\n"
+            + "    OPTIONAL {\n"
+            + "      ?keyComponent ao:id ?id .\n"
+            + "    }\n"
+            + "    OPTIONAL {\n"
+            + "      ?keyComponent a ao:ObjectType .\n"
+            + "      BIND('ACCESS_OBJECT_TYPE' as ?type)\n"
+            + "    }\n"
+            + "    OPTIONAL {\n"
+            + "      ?keyComponent a ao:Operation .\n"
+            + "      BIND('OPERATION' as ?type)\n"
+            + "    }\n"
+            + "  }\n"
+            + "}\n";
+
     public static final String DATA_SET_KEY_TEMPLATES_TEMPLATE_QUERY = ""
             + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
@@ -413,7 +441,7 @@ public DynamicPolicy loadPolicyFromTemplateDataSet(String dataSetUri) {
         try {
             loadRulesForDataSet(rules, dataSetUri);
         } catch (Exception e) {
-            log.info(String.format("Policy template dataset '%s' failed to load ", dataSetUri));
+            log.debug(String.format("Policy template dataset '%s' failed to load ", dataSetUri));
             log.debug(e, e);
             return null;
         }
@@ -530,7 +558,7 @@ public void modifyPolicyDataSetValue(String entityUri, AccessOperation ao, Acces
             log.error(e, e);
         }
         if (m.isEmpty()) {
-            log.error("statements to add/delete are empty");
+            log.debug("statements to add/delete are empty");
             return;
         }
         updateAccessControlModel(m, isAdd);
@@ -543,6 +571,11 @@ void updateAccessControlModel(Model data, boolean isAdd) {
     }
 
     public void updateAccessControlModel(String data, boolean isAdd) {
+        if (StringUtils.isBlank(data)) {
+            log.debug("String to update is empty");
+            return;
+        }
+
         try {
             ChangeSet changeSet = makeChangeSet();
             InputStream in = new ByteArrayInputStream(data.getBytes());
@@ -632,7 +665,7 @@ protected void processQuerySolution(QuerySolution qs) {
                         }
                         if (isRuleContinues(rules, qs)) {
                             String ruleUri = qs.getResource("rule").getURI();
-                            populateRule(rules.get(ruleUri), qs);
+                            populateRule(rules.get(ruleUri), qs, null);
                         } else {
                             AccessRule rule = AccessRuleFactory.createRule(qs);
                             rules.put(rule.getRuleUri(), rule);
@@ -657,6 +690,7 @@ protected void processQuerySolution(QuerySolution qs) {
     }
 
     private void loadRulesForDataSet(Map<String, AccessRule> rules, String dataSetUri) throws Exception {
+        AttributeValueKey dataSetKey = getDataSetKey(dataSetUri);
         ParameterizedSparqlString pss = new ParameterizedSparqlString(DATASET_RULES_QUERY);
         pss.setIri("dataSet", dataSetUri);
         debug(pss.toString());
@@ -671,9 +705,9 @@ protected void processQuerySolution(QuerySolution qs) {
                         }
                         if (isRuleContinues(rules, qs)) {
                             String ruleUri = qs.getResource("rule").getURI();
-                            populateRule(rules.get(ruleUri), qs);
+                            populateRule(rules.get(ruleUri), qs, dataSetKey);
                         } else {
-                            AccessRule rule = AccessRuleFactory.createRule(qs);
+                            AccessRule rule = AccessRuleFactory.createRule(qs, dataSetKey);
                             rules.put(rule.getRuleUri(), rule);
                         }
                     } catch (Exception e) {
@@ -732,7 +766,7 @@ private static boolean isRuleContinues(Map<String, AccessRule> rules, QuerySolut
         return rules.containsKey(ruleUri);
     }
 
-    private static void populateRule(AccessRule ar, QuerySolution qs) throws Exception {
+    private static void populateRule(AccessRule ar, QuerySolution qs, AttributeValueKey dataSetKey) throws Exception {
         if (ar == null) {
             return;
         }
@@ -742,7 +776,7 @@ private static void populateRule(AccessRule ar, QuerySolution qs) throws Excepti
             return;
         }
         try {
-            ar.addCheck(CheckFactory.createCheck(qs));
+            ar.addCheck(CheckFactory.createCheck(qs, dataSetKey));
         } catch (Exception e) {
             log.error(e, e);
         }
@@ -831,6 +865,40 @@ protected void processQuerySolution(QuerySolution qs) {
         return uri[0];
     }
 
+    public AttributeValueKey getDataSetKey(String dataSetUri) {
+        AttributeValueKey compositeKey = new AttributeValueKey();
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(DATA_SET_KEY_QUERY);
+        pss.setIri("dataSet", dataSetUri);
+        final String queryText = pss.toString();
+        debug("SPARQL Query to get data set key:\n %s", queryText);
+        try {
+            rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    String keyComponent = qs.getResource("keyComponent").getURI();
+                    if (qs.contains("id") && qs.get("id").isLiteral()) {
+                        String id = qs.getLiteral("id").getString();
+                        if (qs.contains("type") && qs.get("type").isLiteral()) {
+                            String type = qs.getLiteral("type").getString();
+                            if (Attribute.OPERATION.toString().equals(type)) {
+                                compositeKey.setOperation(AccessOperation.valueOf(id));
+                            }
+                            if (Attribute.ACCESS_OBJECT_TYPE.toString().equals(type)) {
+                                compositeKey.setObjectType(AccessObjectType.valueOf(id));
+                            }
+                        }
+                    } else {
+                        //assume keyComponent is a role
+                        compositeKey.setRole(keyComponent);
+                    }
+                }
+            });
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+        return compositeKey;
+    }
+
     public Map<String, String> getRoleDataSetTemplates() {
         Map<String, String> dataSetTemplates = new HashMap<>();
         long expectedSize = 1;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
index 86700b1237..83f44e07d4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
@@ -6,7 +6,7 @@
 import java.util.Set;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.Check;
+import edu.cornell.mannlib.vitro.webapp.auth.checks.Check;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
 public interface AccessRule {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
index 417e2c9a52..c101dc1faa 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
@@ -2,7 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.rules;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.CheckFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueKey;
+import edu.cornell.mannlib.vitro.webapp.auth.checks.CheckFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -13,10 +14,14 @@ public class AccessRuleFactory {
     private static final Log log = LogFactory.getLog(AccessRuleFactory.class);
 
     public static AccessRule createRule(QuerySolution qs) {
+        return createRule(qs, null);
+    }
+
+    public static AccessRule createRule(QuerySolution qs, AttributeValueKey key) {
         AccessRule ar = new AccessRuleImpl();
         String ruleUri = qs.getResource(PolicyLoader.RULE).getURI();
         ar.setRuleUri(ruleUri);
-        ar.addCheck(CheckFactory.createCheck(qs));
+        ar.addCheck(CheckFactory.createCheck(qs, key));
         if (qs.contains("decision_id") && qs.get("decision_id").isLiteral()) {
             String decisionId = qs.getLiteral("decision_id").getString();
             if (RuleDecision.DENY.toString().equals(decisionId)) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
index f9cb684cbf..5aa667700a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
@@ -12,7 +12,7 @@
 import java.util.stream.Collectors;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.Check;
+import edu.cornell.mannlib.vitro.webapp.auth.checks.Check;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
index e9a38008a9..cd19d42232 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
@@ -20,9 +20,8 @@
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.QueryResultsMapCache;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.ProximityChecker;
+import edu.cornell.mannlib.vitro.webapp.auth.checks.ProximityChecker;
+import edu.cornell.mannlib.vitro.webapp.auth.checks.QueryResultsMapCache;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/json/JsonServlet.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/json/JsonServlet.java
index 5439c08b42..7edb8dae0e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/json/JsonServlet.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/json/JsonServlet.java
@@ -14,8 +14,7 @@
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.QueryResultsMapCache;
+import edu.cornell.mannlib.vitro.webapp.auth.checks.QueryResultsMapCache;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKeyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKeyTest.java
new file mode 100644
index 0000000000..07252e9ef2
--- /dev/null
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKeyTest.java
@@ -0,0 +1,31 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.Map;
+
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
+import org.apache.commons.collections4.map.HashedMap;
+import org.junit.Test;
+
+public class AttributeValueKeyTest {
+
+    @Test
+    public void equalityTest() {
+        AttributeValueKey key1 = new AttributeValueKey();
+        key1.setObjectType(AccessObjectType.FAUX_DATA_PROPERTY);
+        key1.setOperation(AccessOperation.DISPLAY);
+        key1.setContainerType(AccessObjectType.FAUX_DATA_PROPERTY.toString());
+        key1.setRole(PolicyTest.ADMIN);
+        AttributeValueKey key2 = new AttributeValueKey();
+        key2.setObjectType(AccessObjectType.FAUX_DATA_PROPERTY);
+        key2.setOperation(AccessOperation.DISPLAY);
+        key2.setContainerType("FAUX_DATA_PROPERTY");
+        key2.setRole(PolicyTest.ADMIN);
+        assertEquals(key1, key2);
+        Map<AttributeValueKey, String> map = new HashedMap<>();
+        map.put(key1, "1");
+        map.put(key2, "2");
+        assertEquals(1, map.size());
+    }
+}
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
index a606451796..aedf3f463b 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
@@ -46,11 +46,10 @@ public void testPolicy() {
             PolicyTemplateController.createRoleDataSets(CUSTOM);
             roles.add(CUSTOM);
         }
-        EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), roles);
+        EntityPolicyController.grantAccess("test:entity", type, ao, roleUri);
         DynamicPolicy policy = null;
         String dataSet =
                 loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
-
         policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
         Set<String> values = loader.getDataSetValues(ao, type, roleUri);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
index 76b032596a..1f8768a2e2 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
@@ -10,6 +10,7 @@
 import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.EDIT;
 import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.PUBLISH;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -51,12 +52,13 @@ public void testPolicy() {
             PolicyTemplateController.createRoleDataSets(CUSTOM);
             roles.add(CUSTOM);
         }
-        EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), roles);
+        EntityPolicyController.grantAccess("test:entity", type, ao, roleUri);
         DynamicPolicy policy = null;
         String dataSet =
                 loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
         policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
+        assertTrue(EntityPolicyController.isGranted("test:entity", type, ao, roleUri));
         Set<String> values = loader.getDataSetValues(ao, type, roleUri);
         assertFalse(values.isEmpty());
     }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
index 700ed2be7e..fc038a0eca 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -40,11 +40,10 @@ public class AccessRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest
     @Test
     public void testPolicy() {
         load(TEMPLATE_RELATED_PROPERTIES_PATH);
-        EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
+        EntityPolicyController.grantAccess("test:entity", type, ao, roleUri);
         DynamicPolicy policy = null;
         String dataSet =
                 loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
-
         policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
         Set<String> values = loader.getDataSetValues(ao, type, roleUri);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
index af493045ee..1fa6dec276 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
@@ -7,6 +7,7 @@
 import java.util.HashSet;
 import java.util.Set;
 
+import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 import org.junit.Test;
 
 public class EditablePagesPolicyTest extends PolicyTest {
@@ -17,8 +18,7 @@ public class EditablePagesPolicyTest extends PolicyTest {
     @Test
     public void testLoadEditablePagesPolicy() {
         load(EDITABLE_PAGES_POLICY_PATH);
-        String policyUri =
-                "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/edit-individual-pages/Policy";
+        String policyUri = VitroVocabulary.AUTH_INDIVIDUAL_PREFIX + "policy/edit-individual-pages/Policy";
         Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
         assertEquals(1, policies.size());
         DynamicPolicy policy = policies.iterator().next();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
index 8d172240ad..4725cb43be 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyControllerTest.java
@@ -1,25 +1,23 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.CLASS;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DISPLAY;
 import static org.junit.Assert.assertEquals;
 
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import org.junit.Test;
 
 public class EntityPolicyControllerTest extends PolicyTest {
 
     @Test
     public void testGetGrantedRoles() {
-        load( USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_allowed_class.n3");
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_allowed_class.n3");
         List<String> allowedRoles = Arrays.asList(ADMIN, SELF_EDITOR);
-        EntityPolicyController.updateEntityDataSet("test:newClass", AccessObjectType.CLASS,
-                AccessOperation.DISPLAY, allowedRoles, ROLE_LIST);
-        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", AccessOperation.DISPLAY,
-                AccessObjectType.CLASS, ROLE_LIST);
+        EntityPolicyController.updateEntityDataSet("test:newClass", CLASS, DISPLAY, allowedRoles, ROLE_LIST);
+        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", DISPLAY, CLASS, ROLE_LIST);
         assertEquals(2, roles.size());
         roles.contains(ADMIN);
         roles.contains(EDITOR);
@@ -27,19 +25,14 @@ public void testGetGrantedRoles() {
 
     @Test
     public void testPolicyDataSetModification() {
-        load( USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_allowed_class.n3");
-        EntityPolicyController.updateEntityDataSet("test:newClass", AccessObjectType.CLASS,
-                AccessOperation.DISPLAY, Arrays.asList(ADMIN), ROLE_LIST);
-        EntityPolicyController.updateEntityDataSet("test:newClass2", AccessObjectType.CLASS,
-                AccessOperation.DISPLAY, Arrays.asList(ADMIN), ROLE_LIST);
-        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", AccessOperation.DISPLAY,
-                AccessObjectType.CLASS, ROLE_LIST);
+        load(USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_allowed_class.n3");
+        EntityPolicyController.grantAccess("test:newClass", CLASS, DISPLAY, ADMIN);
+        EntityPolicyController.grantAccess("test:newClass2", CLASS, DISPLAY, ADMIN);
+        List<String> roles = EntityPolicyController.getGrantedRoles("test:newClass", DISPLAY, CLASS, ROLE_LIST);
         assertEquals(1, roles.size());
         roles.contains(ADMIN);
-        EntityPolicyController.updateEntityDataSet("test:newClass", AccessObjectType.CLASS,
-                AccessOperation.DISPLAY, Collections.emptyList(), ROLE_LIST);
-        roles = EntityPolicyController.getGrantedRoles("test:newClass", AccessOperation.DISPLAY, AccessObjectType.CLASS,
-                ROLE_LIST);
+        EntityPolicyController.updateEntityDataSet("test:newClass", CLASS, DISPLAY, Collections.emptyList(), ROLE_LIST);
+        roles = EntityPolicyController.getGrantedRoles("test:newClass", DISPLAY, CLASS, ROLE_LIST);
         assertEquals(0, roles.size());
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
index 56310870c5..a03670b921 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
@@ -12,6 +12,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
+import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 import org.junit.Test;
 
 public class HomeMenuItemsRestrictionPolicyTest extends PolicyTest {
@@ -22,8 +23,7 @@ public class HomeMenuItemsRestrictionPolicyTest extends PolicyTest {
     @Test
     public void testHomeMenuItemsRestrictionPolicy() {
         load(MENU_ITEMS_POLICY_PATH);
-        String policyUri =
-                "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/restrict-home-menu-items-editing/Policy";
+        String policyUri = VitroVocabulary.AUTH_INDIVIDUAL_PREFIX + "policy/restrict-home-menu-items-editing/Policy";
         Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
         assertEquals(1, policies.size());
         DynamicPolicy policy = policies.iterator().next();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
index 825d461289..38e99ceb54 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
@@ -3,6 +3,8 @@
 import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DROP;
 import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_LITERAL;
 import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
+import static edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult.INCONCLUSIVE;
+import static edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult.UNAUTHORIZED;
 import static org.junit.Assert.assertEquals;
 
 import java.util.Set;
@@ -10,10 +12,10 @@
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.DataPropertyStatementAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
+import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 import org.junit.Test;
 
 public class NonModifiableStatementsPolicyTest extends PolicyTest {
@@ -26,8 +28,7 @@ public class NonModifiableStatementsPolicyTest extends PolicyTest {
     public void testNonModifiableStatementsPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + NOT_MODIFIABLE_STATEMENTS_POLICY_PATH + EXT);
 
-        String policyUri =
-                "https://vivoweb.org/ontology/vitro-application/auth/individual/template/non-modifiable-statements/PolicyTemplate";
+        String policyUri = VitroVocabulary.AUTH_INDIVIDUAL_PREFIX + "template/non-modifiable-statements/PolicyTemplate";
         Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
         assertEquals(1, policies.size());
         DynamicPolicy policy = policies.iterator().next();
@@ -41,38 +42,38 @@ public void testNonModifiableStatementsPolicy() {
 
         AccessObject ao = new ObjectPropertyStatementAccessObject(null, VALID, null, null);
         SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(ao, DROP);
-        assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
+        assertEquals(UNAUTHORIZED, policy.decide(ar).getDecisionResult());
         ao = new ObjectPropertyStatementAccessObject(null, MOD_TIME, null, null);
         ar = new SimpleAuthorizationRequest(ao, DROP);
-        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        assertEquals(INCONCLUSIVE, policy.decide(ar).getDecisionResult());
 
         ao = new ObjectPropertyStatementAccessObject(null, null, new Property(VALID), null);
         ar = new SimpleAuthorizationRequest(ao, DROP);
-        assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
+        assertEquals(UNAUTHORIZED, policy.decide(ar).getDecisionResult());
         ao = new ObjectPropertyStatementAccessObject(null, null, new Property(MOD_TIME), null);
         ar = new SimpleAuthorizationRequest(ao, DROP);
-        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        assertEquals(INCONCLUSIVE, policy.decide(ar).getDecisionResult());
 
         ao = new ObjectPropertyStatementAccessObject(null, null, null, VALID);
         ar = new SimpleAuthorizationRequest(ao, DROP);
-        assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
+        assertEquals(UNAUTHORIZED, policy.decide(ar).getDecisionResult());
         ao = new ObjectPropertyStatementAccessObject(null, null, null, MOD_TIME);
         ar = new SimpleAuthorizationRequest(ao, DROP);
-        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        assertEquals(INCONCLUSIVE, policy.decide(ar).getDecisionResult());
 
         // Data property statement
         ao = new DataPropertyStatementAccessObject(null, VALID, SOME_URI, SOME_LITERAL);
         ar = new SimpleAuthorizationRequest(ao, DROP);
-        assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
+        assertEquals(UNAUTHORIZED, policy.decide(ar).getDecisionResult());
         ao = new DataPropertyStatementAccessObject(null, MOD_TIME, SOME_URI, SOME_LITERAL);
         ar = new SimpleAuthorizationRequest(ao, DROP);
-        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        assertEquals(INCONCLUSIVE, policy.decide(ar).getDecisionResult());
 
         ao = new DataPropertyStatementAccessObject(null, SOME_URI, VALID, SOME_LITERAL);
         ar = new SimpleAuthorizationRequest(ao, DROP);
-        assertEquals(DecisionResult.UNAUTHORIZED, policy.decide(ar).getDecisionResult());
+        assertEquals(UNAUTHORIZED, policy.decide(ar).getDecisionResult());
         ao = new DataPropertyStatementAccessObject(null, SOME_URI, MOD_TIME, SOME_LITERAL);
         ar = new SimpleAuthorizationRequest(ao, DROP);
-        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        assertEquals(INCONCLUSIVE, policy.decide(ar).getDecisionResult());
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
index b058b7dcce..19d8f3e56b 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
@@ -1,12 +1,15 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.NAMED_OBJECT;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.EXECUTE;
+import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.AUTH_INDIVIDUAL_PREFIX;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
 import java.util.List;
 import java.util.Map;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueKey;
 import org.junit.Test;
 
 public class PolicyLoaderTest extends PolicyTest {
@@ -31,8 +34,8 @@ public void getRoleDataSetKeyTemplateTest() {
         load(DATA_SET);
         List<String> keys = PolicyLoader.getInstance().getDataSetKeysFromTemplate(PREFIX + "RoleDataSetTemplate1");
         assertEquals(2, keys.size());
-        assertTrue(keys.contains("https://vivoweb.org/ontology/vitro-application/auth/individual/NamedObject"));
-        assertTrue(keys.contains("https://vivoweb.org/ontology/vitro-application/auth/individual/ExecuteOperation"));
+        assertTrue(keys.contains(AUTH_INDIVIDUAL_PREFIX + "NamedObject"));
+        assertTrue(keys.contains(AUTH_INDIVIDUAL_PREFIX + "ExecuteOperation"));
     }
 
     @Test
@@ -41,15 +44,14 @@ public void getRoleDataSetDraftKeyTemplateTest() {
         List<String> keys =
                 PolicyLoader.getInstance().getDataSetKeyTemplatesFromTemplate(PREFIX + "RoleDataSetTemplate1");
         assertEquals(1, keys.size());
-        assertTrue(keys.contains("https://vivoweb.org/ontology/vitro-application/auth/individual/SubjectRole"));
+        assertTrue(keys.contains(AUTH_INDIVIDUAL_PREFIX + "SubjectRole"));
     }
 
     @Test
     public void getDataSetUriByKeyTest() {
         load(DATA_SET);
-        String uri = PolicyLoader.getInstance().getDataSetUriByKey(
-                new String[] { "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC" },
-                new String[] { AccessObjectType.NAMED_OBJECT.toString() });
+        String uri = PolicyLoader.getInstance().getDataSetUriByKey(new String[] { PUBLIC },
+                new String[] { NAMED_OBJECT.toString(), EXECUTE.toString() });
         assertEquals(PREFIX + "PublicDataSet", uri);
     }
 
@@ -58,7 +60,18 @@ public void getRoleDataSetValuesTemplateTest() {
         load(DATA_SET);
         List<String> values = PolicyLoader.getInstance().getDataSetValuesFromTemplate(PREFIX + "RoleDataSetTemplate1");
         assertEquals(1, values.size());
-        assertEquals(values.get(0),
-                "https://vivoweb.org/ontology/vitro-application/auth/individual/PublicRoleValueContainer");
+        assertEquals(values.get(0), AUTH_INDIVIDUAL_PREFIX + "PublicRoleValueContainer");
+    }
+
+    @Test
+    public void getDataSetKeyTest() {
+        load(DATA_SET);
+        AttributeValueKey expectedKey = new AttributeValueKey();
+        expectedKey.setOperation(EXECUTE);
+        expectedKey.setRole(PUBLIC);
+        expectedKey.setObjectType(NAMED_OBJECT);
+        AttributeValueKey compositeKey = PolicyLoader.getInstance().getDataSetKey(PREFIX + "PublicDataSet");
+        assertEquals(expectedKey, compositeKey);
+
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 0cbf1853e5..acc497ed1e 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -9,7 +9,8 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.Check;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValuesRegistry;
+import edu.cornell.mannlib.vitro.webapp.auth.checks.Check;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
@@ -20,16 +21,20 @@
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
 import org.apache.jena.shared.Lock;
+import org.apache.log4j.Level;
+import org.apache.log4j.LogManager;
+import org.apache.log4j.Logger;
+import org.junit.After;
 import org.junit.Before;
 
 public class PolicyTest {
     public static final String USER_ACCOUNTS_HOME_FIRSTTIME = "../home/src/main/resources/rdf/accessControl/firsttime/";
 
-    protected static final String ADMIN = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
-    protected static final String EDITOR = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
-    protected static final String SELF_EDITOR = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR";
-    protected static final String CURATOR = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR";
-    protected static final String PUBLIC = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
+    public static final String ADMIN = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN";
+    public static final String EDITOR = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR";
+    public static final String SELF_EDITOR = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR";
+    public static final String CURATOR = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR";
+    public static final String PUBLIC = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC";
     protected static final String CUSTOM = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CUSTOM";
 
     public static final String ONTOLOGY_PATH = USER_ACCOUNTS_HOME_FIRSTTIME + "ontology.n3";
@@ -41,10 +46,8 @@ public class PolicyTest {
     public static final String PROFILE_PROXIMITY_QUERY = USER_ACCOUNTS_HOME_FIRSTTIME + "profile_proximity_query.n3";
     public static final String TEST_DECISIONS = USER_ACCOUNTS_HOME_FIRSTTIME + "decisions.n3";
     public static final String ROLES = USER_ACCOUNTS_HOME_FIRSTTIME + "roles.n3";
-
-    protected static final String RESOURCES_RULES_PREFIX =
-            "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/";
     protected static final String RESOURCES_PREFIX = "src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/";
+    protected static final String RESOURCES_RULES_PREFIX = RESOURCES_PREFIX + "rules/";
 
     public static final String VALID_POLICY = RESOURCES_RULES_PREFIX + "test_policy_valid.n3";
     public static final String VALID_POLICY_TEMPLATE = RESOURCES_RULES_PREFIX + "test_policy_valid_set.n3";
@@ -90,9 +93,16 @@ public void init() {
         load(PROFILE_PROXIMITY_QUERY);
         load(TEST_DECISIONS);
         RDFServiceModel rdfService = new RDFServiceModel(configurationDataSet);
-
+        AttributeValuesRegistry.getInstance().clear();
         PolicyLoader.initialize(rdfService);
         loader = PolicyLoader.getInstance();
+        Logger logger = LogManager.getLogger(PolicyLoader.class);
+        logger.setLevel(Level.ERROR);
+    }
+
+    @After
+    public void finish() {
+        AttributeValuesRegistry.getInstance().clear();
     }
 
     protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<Integer> attrCount) {
@@ -116,7 +126,7 @@ protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<
             }
             assertTrue(attrCount.contains(ar.getChecks().size()));
             for (Check att : ar.getChecks()) {
-                assertTrue(att.getValues().size() > 0);
+                assertTrue(!att.getValues().isEmpty());
             }
         }
     }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
index 397874ef15..beda01af9d 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -41,11 +41,10 @@ public class UpdateRelatedAllowedPropertiesPolicyTemplateTest extends PolicyTest
     @Test
     public void testPolicy() {
         load(TEMPLATE_RELATED_UPDATE_PATH);
-        EntityPolicyController.updateEntityDataSet("test:entity", type, ao, Arrays.asList(roleUri), ROLE_LIST);
+        EntityPolicyController.grantAccess("test:entity", type, ao, roleUri);
         DynamicPolicy policy = null;
         String dataSet =
                 loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
-
         policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
         Set<String> values = loader.getDataSetValues(ao, type, roleUri);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
index d7e9ce11c9..62f9f8ab0a 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
@@ -1,12 +1,16 @@
 package edu.cornell.mannlib.vitro.webapp.auth.rules;
 
+import static edu.cornell.mannlib.vitro.webapp.auth.checks.CheckType.EQUALS;
+import static edu.cornell.mannlib.vitro.webapp.auth.checks.CheckType.ONE_OF;
+import static edu.cornell.mannlib.vitro.webapp.auth.checks.CheckType.SPARQL_SELECT_QUERY_CONTAINS;
 import static org.junit.Assert.assertEquals;
 
 import java.util.List;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectUriCheck;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.Check;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.CheckType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainerImpl;
+import edu.cornell.mannlib.vitro.webapp.auth.checks.AccessObjectUriCheck;
+import edu.cornell.mannlib.vitro.webapp.auth.checks.Check;
 import org.junit.Test;
 
 public class AccessRuleTest {
@@ -14,12 +18,12 @@ public class AccessRuleTest {
     @Test
     public void testAttributeOrderByComputationalCost() {
         AccessRule rule = new AccessRuleImpl();
-        Check cheapAttribute = new AccessObjectUriCheck("test:cheapAttributeUri", "test:objectUri");
-        cheapAttribute.setType(CheckType.EQUALS);
-        Check affordableAttribute = new AccessObjectUriCheck("test:affordableAttributeUri", "test:objectUri");
-        cheapAttribute.setType(CheckType.ONE_OF);
-        Check expensiveAttribute = new AccessObjectUriCheck("test:expensiveAttributeUri", "test:objectUri");
-        cheapAttribute.setType(CheckType.SPARQL_SELECT_QUERY_CONTAINS);
+        Check cheapAttribute = uriCheck("test:cheapAttributeUri", value("test:objectUri"));
+        cheapAttribute.setType(EQUALS);
+        Check affordableAttribute = uriCheck("test:affordableAttributeUri", value("test:objectUri"));
+        cheapAttribute.setType(ONE_OF);
+        Check expensiveAttribute = uriCheck("test:expensiveAttributeUri", value("test:objectUri"));
+        cheapAttribute.setType(SPARQL_SELECT_QUERY_CONTAINS);
         rule.addCheck(affordableAttribute);
         rule.addCheck(expensiveAttribute);
         rule.addCheck(cheapAttribute);
@@ -28,4 +32,12 @@ public void testAttributeOrderByComputationalCost() {
         assertEquals(affordableAttribute.getUri(), list.get(1).getUri());
         assertEquals(expensiveAttribute.getUri(), list.get(2).getUri());
     }
+
+    private AttributeValueContainer value(String value) {
+        return new AttributeValueContainerImpl(value);
+    }
+
+    private Check uriCheck(String uri, AttributeValueContainer avc) {
+        return new AccessObjectUriCheck(uri, avc);
+    }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/i18n/TranslationConverterTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/i18n/TranslationConverterTest.java
index 47eb9952db..aa77b7d20f 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/i18n/TranslationConverterTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/i18n/TranslationConverterTest.java
@@ -15,12 +15,16 @@
 import org.apache.jena.rdf.model.SimpleSelector;
 import org.apache.jena.rdf.model.StmtIterator;
 import org.apache.jena.rdf.model.impl.PropertyImpl;
+import org.apache.log4j.Level;
+import org.apache.log4j.LogManager;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Before;
 import org.junit.Test;
-
 import stubs.javax.servlet.ServletContextStub;
 
-public class TranslationConverterTest {
 
+public class TranslationConverterTest {
 	private static final String WILMA = "wilma";
 	private static final String HAS_THEME = "http://vivoweb.org/ontology/vitro/ui-label/vocabulary#hasTheme";
 	private static final String VITRO = "Vitro";
@@ -32,9 +36,21 @@ public class TranslationConverterTest {
 	ServletContextStub ctx = new ServletContextStub();
 	private OntModel model;
 	
-	@Test
-	public void testConversion() throws FileNotFoundException {
-		VitroResourceBundle.addAppPrefix("customprefix");
+    @Before
+    public void init() {
+        Logger logger = LogManager.getLogger(TranslationConverter.class);
+        logger.setLevel(Level.ERROR);
+    }
+
+    @After
+    public void finish() {
+        Logger logger = LogManager.getLogger(TranslationConverter.class);
+        logger.setLevel(Level.INFO);
+    }
+
+    @Test
+    public void testConversion() throws FileNotFoundException {
+        VitroResourceBundle.addAppPrefix("customprefix");
 		VitroResourceBundle.addAppPrefix("vivo");
 		TranslationConverter converter = TranslationConverter.getInstance();
 		model = converter.memModel;
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/i18n/TranslationProviderTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/i18n/TranslationProviderTest.java
index 07aa07965d..f9a98a3f0c 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/i18n/TranslationProviderTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/i18n/TranslationProviderTest.java
@@ -11,151 +11,169 @@
 import org.apache.jena.query.DatasetFactory;
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
+import org.apache.log4j.Level;
+import org.apache.log4j.LogManager;
+import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Before;
 import org.junit.Test;
 
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
 
 public class TranslationProviderTest {
 
-	private static final String VITRO = "Vitro";
-	private static final String VIVO = "VIVO";
-	private static final String ROOT = "src/test/resources/edu/cornell/mannlib/vitro/webapp/i18n/TranslationProviderTest/";
-	private static final String TRANSLATIONS_N3_FILE = ROOT + "modelInitContent.n3";
-	private static final String WILMA = "wilma";
-	private static final String NEMO = "nemo";
-
-	private Model i18nModel;
-	private RDFServiceModel rdfService;
-	private TranslationProvider tp;
-
-	public void init(String i18nFile, String themeName, String appName) throws FileNotFoundException {
-		i18nModel = ModelFactory.createDefaultModel();
-		i18nModel.read(new FileReader(new File(i18nFile)), null, "n3");
-		Dataset ds = DatasetFactory.createTxnMem();
-		ds.addNamedModel("http://vitro.mannlib.cornell.edu/default/interface-i18n", i18nModel);
-		rdfService = new RDFServiceModel(ds);
-		tp = TranslationProvider.getInstance();
-		tp.rdfService = rdfService;
-		tp.setTheme(themeName);
-		tp.application = appName;
-		tp.clearCache();
-	}
-
-	@Test
-	public void testNotExistingKey() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, WILMA, VITRO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("en-US"), "non_existing_key", array);
-		assertEquals("ERROR: Translation not found 'non_existing_key'", translation);
-	}
-
-	@Test
-	public void testVitroWilmaEnUS() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, WILMA, VITRO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
-		assertEquals("testkey Vitro wilma en-US", translation);
-	}
-
-	@Test
-	public void testVitroWilmaDeDE() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, WILMA, VITRO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("de-DE"), "testkey", array);
-		assertEquals("testkey Vitro wilma de-DE", translation);
-	}
-
-	@Test
-	public void testVIVOWilmaEnUS() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, WILMA, VIVO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
-		assertEquals("testkey VIVO wilma en-US", translation);
-	}
-
-	@Test
-	public void testVIVOWilmaDeDE() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, WILMA, VIVO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("de-DE"), "testkey", array);
-		assertEquals("testkey VIVO wilma de-DE", translation);
-	}
-
-	@Test
-	public void testThemeFallbackVitroNemoEnUS() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, NEMO, VITRO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
-		assertEquals("testkey Vitro no theme en-US", translation);
-	}
-
-	@Test
-	public void testThemeFallbackVitroNemoDeDE() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, NEMO, VITRO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("de-DE"), "testkey", array);
-		assertEquals("testkey Vitro no theme de-DE", translation);
-	}
-
-	@Test
-	public void testThemeFallbackVIVONemoEnUS() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, NEMO, VIVO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
-		assertEquals("testkey VIVO no theme en-US", translation);
-	}
-
-	@Test
-	public void testThemeFallbackVIVONemoDeDE() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, NEMO, VIVO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("de-DE"), "testkey", array);
-		assertEquals("testkey VIVO no theme de-DE", translation);
-	}
-
-	@Test
-	public void testAppFallbackVIVONemoEnUS() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, WILMA, VIVO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey_app_fallback", array);
-		assertEquals("testkey_app_fallback Vitro wilma en-US", translation);
-	}
-
-	@Test
-	public void testAppFallbackVIVONemoDeDE() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, WILMA, VIVO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("de-DE"), "testkey_app_fallback", array);
-		assertEquals("testkey_app_fallback Vitro wilma de-DE", translation);
-	}
-
-	@Test
-	public void testAppAndThemeFallbackVIVONemoEnUS() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, NEMO, VIVO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey_app_fallback", array);
-		assertEquals("testkey_app_fallback Vitro no theme en-US", translation);
-	}
-
-	@Test
-	public void testAppAndThemeFallbackVIVONemoDeDE() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, NEMO, VIVO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("de-DE"), "testkey_app_fallback", array);
-		assertEquals("testkey_app_fallback Vitro no theme de-DE", translation);
-	}
-
-	@Test
-	public void testCache() throws FileNotFoundException {
-		init(TRANSLATIONS_N3_FILE, WILMA, VITRO);
-		Object array[] = {};
-		String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
-		assertEquals("testkey Vitro wilma en-US", translation);
-		tp.application = VIVO;
-		translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
-		assertEquals("testkey Vitro wilma en-US", translation);
-		tp.clearCache();
-		translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
-		assertEquals("testkey VIVO wilma en-US", translation);
-	}
+    private static final String VITRO = "Vitro";
+    private static final String VIVO = "VIVO";
+    private static final String ROOT =
+            "src/test/resources/edu/cornell/mannlib/vitro/webapp/i18n/TranslationProviderTest/";
+    private static final String TRANSLATIONS_N3_FILE = ROOT + "modelInitContent.n3";
+    private static final String WILMA = "wilma";
+    private static final String NEMO = "nemo";
+
+    private Model i18nModel;
+    private RDFServiceModel rdfService;
+    private TranslationProvider tp;
+
+    @Before
+    public void init() {
+        Logger logger = LogManager.getLogger(TranslationProvider.class);
+        logger.setLevel(Level.ERROR);
+    }
+
+    @After
+    public void finish() {
+        Logger logger = LogManager.getLogger(TranslationProvider.class);
+        logger.setLevel(Level.INFO);
+    }
+
+    public void init(String i18nFile, String themeName, String appName) throws FileNotFoundException {
+        i18nModel = ModelFactory.createDefaultModel();
+        i18nModel.read(new FileReader(new File(i18nFile)), null, "n3");
+        Dataset ds = DatasetFactory.createTxnMem();
+        ds.addNamedModel("http://vitro.mannlib.cornell.edu/default/interface-i18n", i18nModel);
+        rdfService = new RDFServiceModel(ds);
+        tp = TranslationProvider.getInstance();
+        tp.rdfService = rdfService;
+        tp.setTheme(themeName);
+        tp.application = appName;
+        tp.clearCache();
+    }
+
+    @Test
+    public void testNotExistingKey() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, WILMA, VITRO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("en-US"), "non_existing_key", array);
+        assertEquals("ERROR: Translation not found 'non_existing_key'", translation);
+    }
+
+    @Test
+    public void testVitroWilmaEnUS() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, WILMA, VITRO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
+        assertEquals("testkey Vitro wilma en-US", translation);
+    }
+
+    @Test
+    public void testVitroWilmaDeDE() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, WILMA, VITRO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("de-DE"), "testkey", array);
+        assertEquals("testkey Vitro wilma de-DE", translation);
+    }
+
+    @Test
+    public void testVIVOWilmaEnUS() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, WILMA, VIVO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
+        assertEquals("testkey VIVO wilma en-US", translation);
+    }
+
+    @Test
+    public void testVIVOWilmaDeDE() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, WILMA, VIVO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("de-DE"), "testkey", array);
+        assertEquals("testkey VIVO wilma de-DE", translation);
+    }
+
+    @Test
+    public void testThemeFallbackVitroNemoEnUS() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, NEMO, VITRO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
+        assertEquals("testkey Vitro no theme en-US", translation);
+    }
+
+    @Test
+    public void testThemeFallbackVitroNemoDeDE() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, NEMO, VITRO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("de-DE"), "testkey", array);
+        assertEquals("testkey Vitro no theme de-DE", translation);
+    }
+
+    @Test
+    public void testThemeFallbackVIVONemoEnUS() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, NEMO, VIVO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
+        assertEquals("testkey VIVO no theme en-US", translation);
+    }
+
+    @Test
+    public void testThemeFallbackVIVONemoDeDE() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, NEMO, VIVO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("de-DE"), "testkey", array);
+        assertEquals("testkey VIVO no theme de-DE", translation);
+    }
+
+    @Test
+    public void testAppFallbackVIVONemoEnUS() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, WILMA, VIVO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey_app_fallback", array);
+        assertEquals("testkey_app_fallback Vitro wilma en-US", translation);
+    }
+
+    @Test
+    public void testAppFallbackVIVONemoDeDE() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, WILMA, VIVO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("de-DE"), "testkey_app_fallback", array);
+        assertEquals("testkey_app_fallback Vitro wilma de-DE", translation);
+    }
+
+    @Test
+    public void testAppAndThemeFallbackVIVONemoEnUS() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, NEMO, VIVO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey_app_fallback", array);
+        assertEquals("testkey_app_fallback Vitro no theme en-US", translation);
+    }
+
+    @Test
+    public void testAppAndThemeFallbackVIVONemoDeDE() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, NEMO, VIVO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("de-DE"), "testkey_app_fallback", array);
+        assertEquals("testkey_app_fallback Vitro no theme de-DE", translation);
+    }
+
+    @Test
+    public void testCache() throws FileNotFoundException {
+        init(TRANSLATIONS_N3_FILE, WILMA, VITRO);
+        Object array[] = {};
+        String translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
+        assertEquals("testkey Vitro wilma en-US", translation);
+        tp.application = VIVO;
+        translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
+        assertEquals("testkey Vitro wilma en-US", translation);
+        tp.clearCache();
+        translation = tp.getTranslation(Collections.singletonList("en-US"), "testkey", array);
+        assertEquals("testkey VIVO wilma en-US", translation);
+    }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java
index eaf63585b3..9c8a2e6811 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigratorTest.java
@@ -21,8 +21,8 @@ public class AnnotationMigratorTest extends AuthMigratorTest {
 
     @Test
     public void testGetAnnotationConfigs() {
-        AnnotationMigrator annotationMigrator = new AnnotationMigrator(new RDFServiceModel(contentModel),
-                new RDFServiceModel(configurationDataSet));
+        AnnotationMigrator annotationMigrator =
+                new AnnotationMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet));
         Map<String, Map<OperationGroup, Set<String>>> configs = annotationMigrator.getObjectPropertyAnnotations();
         Set<String> ops = configs.keySet();
         assertEquals(1, configs.size());
@@ -39,8 +39,8 @@ public void testGetAnnotationConfigs() {
 
     @Test
     public void testConvertAnnotationConfiguration() {
-        AnnotationMigrator annotationMigrator = new AnnotationMigrator(new RDFServiceModel(contentModel),
-                new RDFServiceModel(configurationDataSet));
+        AnnotationMigrator annotationMigrator =
+                new AnnotationMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet));
         Model tmpModel = ModelFactory.createDefaultModel();
         tmpModel.add(configurationDataSet.getNamedModel(ModelNames.ACCESS_CONTROL));
         long initialSize = accessControlModel.size();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
index fc4b9d484b..2e7501cdc7 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
@@ -1,10 +1,14 @@
 package edu.cornell.mannlib.vitro.webapp.migration.auth;
 
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValuesRegistry;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
+import org.apache.log4j.Level;
+import org.apache.log4j.LogManager;
+import org.junit.After;
 import org.junit.Before;
 
 public class AuthMigratorTest extends PolicyTest {
@@ -28,6 +32,15 @@ public void initAuthMigration() {
         load(configurationModel, CONFIGURATION);
         configurationDataSet.replaceNamedModel(ModelNames.DISPLAY, configurationModel);
         load(contentModel, CONTENT);
+        AttributeValuesRegistry.getInstance().clear();
+        LogManager.getLogger(AnnotationMigrator.class).setLevel(Level.ERROR);
+        LogManager.getLogger(ArmMigrator.class).setLevel(Level.ERROR);
+    }
+
+    @After
+    public void finish() {
+        LogManager.getLogger(AnnotationMigrator.class).setLevel(Level.INFO);
+        LogManager.getLogger(ArmMigrator.class).setLevel(Level.INFO);
     }
 
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigratorTest.java
index a8bb9443fd..ebf6066309 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigratorTest.java
@@ -22,10 +22,12 @@
 import org.apache.jena.rdf.model.impl.PropertyImpl;
 import org.apache.jena.rdf.model.impl.ResourceImpl;
 import org.apache.jena.rdf.model.impl.StatementImpl;
+import org.apache.log4j.Level;
+import org.apache.log4j.LogManager;
+import org.apache.log4j.Logger;
 import org.junit.Before;
 import org.junit.Test;
 
-
 public class SimplePermissionMigratorTest extends AuthMigratorTest {
 
     private OntModel userAccountsModel;
@@ -43,6 +45,8 @@ public void initMigration() {
         configurationDataSet.addNamedModel(ModelNames.USER_ACCOUNTS, userAccountsModel);
         spm = new SimplePermissionMigrator(userAccountsModel);
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
+        Logger logger = LogManager.getLogger(SimplePermissionMigrator.class);
+        logger.setLevel(Level.ERROR);
     }
 
     private void addUserAccountsStatement(String subjUri, String pUri, String objUri) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/tboxreasoner/impl/jfact/JFactTBoxReasonerTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/tboxreasoner/impl/jfact/JFactTBoxReasonerTest.java
index 4ee666b8b0..d718119836 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/tboxreasoner/impl/jfact/JFactTBoxReasonerTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/tboxreasoner/impl/jfact/JFactTBoxReasonerTest.java
@@ -7,11 +7,17 @@
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
 import org.apache.jena.rdf.model.RDFNode;
+import org.apache.log4j.Level;
+import org.apache.log4j.LogManager;
+import org.junit.After;
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Test;
-
+import org.semanticweb.owlapi.util.SAXParsers;
 import edu.cornell.mannlib.vitro.webapp.dao.jena.JenaModelUtils;
 import edu.cornell.mannlib.vitro.webapp.dao.jena.event.EditEvent;
+import edu.cornell.mannlib.vitro.webapp.migration.auth.AnnotationMigrator;
+import edu.cornell.mannlib.vitro.webapp.migration.auth.ArmMigrator;
 import edu.cornell.mannlib.vitro.webapp.tboxreasoner.ReasonerConfiguration;
 import edu.cornell.mannlib.vitro.webapp.tboxreasoner.impl.BasicTBoxReasonerDriver;
 
@@ -48,7 +54,18 @@ public class JFactTBoxReasonerTest {
 	 * Test that axioms containing blank nodes can be removed from the reasoner
 	 *  even if the internal blank node IDs are different from when first added.
 	 */
-	@Test
+
+    @Before
+    public void init() {
+        LogManager.getLogger(SAXParsers.class).setLevel(Level.ERROR);
+    }
+
+    @After
+    public void finish() {
+        LogManager.getLogger(SAXParsers.class).setLevel(Level.INFO);
+    }
+
+    @Test
 	public void testRemoveAxiomsWithBlankNodes() {
 		OntModel tboxAssertions = ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM);
 		OntModel tboxInferences = ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM);
@@ -84,6 +101,7 @@ public void testRemoveAxiomsWithBlankNodes() {
 				"http://vivo.mydomain.edu/individual/class_b"), null, (RDFNode) null));
 		Assert.assertFalse(tboxUnion.contains(tboxUnion.getResource(
 				"http://vivo.mydomain.edu/individual/class_c"), null, (RDFNode) null));
+		
 	}
 	
 	private void waitForTBoxReasoning(BasicTBoxReasonerDriver driver) {
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index bc29f23d22..51efdbc8c9 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -76,6 +76,7 @@
 
 :PublicDataSetKey a ao:DataSetKey ;
     ao:keyComponent ai:NamedObject ;
+    ao:keyComponent ai:ExecuteOperation ;
     ao:keyComponent auth:PUBLIC .
 
 ai:PublicSimplePermissionValueContainer a ao:ValueContainer ;

From 20ff74352a4c647e0dff369bc16a9476069fedb5 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 30 Oct 2023 08:51:42 +0100
Subject: [PATCH 085/148] Clean ups, renamed ontology properties. Removed
 ontology n3 file.

---
 .../webapp/auth/policy/DynamicPolicy.java     |    2 +-
 .../auth/policy/EntityPolicyController.java   |    2 +-
 .../webapp/auth/policy/PolicyLoader.java      |  270 +-
 .../auth/policy/PolicyTemplateController.java |    4 +-
 .../webapp/migration/auth/AuthMigrator.java   |   12 +-
 .../auth/policy/EditablePagesPolicyTest.java  |    2 +-
 .../HomeMenuItemsRestrictionPolicyTest.java   |    2 +-
 .../NonModifiableStatementsPolicyTest.java    |    2 +-
 .../auth/policy/RootUserPolicyTest.java       |    2 +-
 .../policy/SimplePermissionTemplateTest.java  |   10 +-
 .../migration/auth/ArmMigratorTest.java       |    4 +-
 .../webapp/auth/rules/data_set_templates.n3   |  110 +-
 .../auth/rules/proximity_test_policy.n3       |   28 +-
 .../webapp/auth/rules/test_policy_broken1.n3  |   32 +-
 .../webapp/auth/rules/test_policy_broken2.n3  |   32 +-
 .../webapp/auth/rules/test_policy_broken3.n3  |   34 +-
 .../webapp/auth/rules/test_policy_broken4.n3  |   34 +-
 .../webapp/auth/rules/test_policy_broken5.n3  |   50 +-
 .../auth/rules/test_policy_broken_set.n3      |   70 +-
 .../webapp/auth/rules/test_policy_key.n3      |   34 +-
 .../webapp/auth/rules/test_policy_valid.n3    |   24 +-
 .../auth/rules/test_policy_valid_set.n3       |   82 +-
 .../rdf/accessControl/firsttime/attributes.n3 |   45 +-
 .../rdf/accessControl/firsttime/decisions.n3  |   17 +-
 .../accessControl/firsttime/object_types.n3   |   85 +-
 .../rdf/accessControl/firsttime/ontology.n3   |  175 -
 .../rdf/accessControl/firsttime/operations.n3 |   65 +-
 .../rdf/accessControl/firsttime/operators.n3  |   33 +-
 .../firsttime/policy_editable_pages.n3        |  116 +-
 .../firsttime/policy_menu_items_editing.n3    |  105 +-
 .../firsttime/policy_root_user.n3             |   33 +-
 .../firsttime/profile_proximity_query.n3      |   13 +-
 .../rdf/accessControl/firsttime/roles.n3      |   28 +-
 .../firsttime/simple_permissions_admin.n3     |   81 +-
 .../firsttime/simple_permissions_curator.n3   |   51 +-
 .../firsttime/simple_permissions_editor.n3    |   41 +-
 .../firsttime/simple_permissions_public.n3    |   15 +-
 .../simple_permissions_self_editor.n3         |   29 +-
 .../accessControl/firsttime/subject_types.n3  |   13 +-
 .../template_access_allowed_class.n3          |  624 ++-
 .../template_access_allowed_property.n3       | 3708 ++++++++---------
 ...emplate_access_related_allowed_property.n3 |  383 +-
 .../template_not_modifiable_statements.n3     |  218 +-
 .../firsttime/template_simple_permissions.n3  |  278 +-
 ...emplate_update_related_allowed_property.n3 |  520 ++-
 45 files changed, 3598 insertions(+), 3920 deletions(-)
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/ontology.n3

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
index 6a86c533f3..37d82e36cc 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
@@ -95,7 +95,7 @@ private PolicyDecision defaultDecision(String message) {
 
     private static String shortenUri(String uri) {
         if (uri.startsWith(VitroVocabulary.AUTH_INDIVIDUAL_PREFIX)) {
-            return "ai:" + uri.substring(VitroVocabulary.AUTH_INDIVIDUAL_PREFIX.length());
+            return "access-individual:" + uri.substring(VitroVocabulary.AUTH_INDIVIDUAL_PREFIX.length());
         }
         return uri;
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index 1594f0dbbc..d0caadc734 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -154,7 +154,7 @@ public static void getDataValueStatements(String entityUri, AccessObjectType aot
     }
 
     private static String getValueStatementString(String entityUri, String valueContainerUri) {
-        return "<" + valueContainerUri + "> <" + AUTH_VOCABULARY_PREFIX + "dataValue> <" + entityUri + "> .\n";
+        return "<" + valueContainerUri + "> <" + AUTH_VOCABULARY_PREFIX + "value> <" + entityUri + "> .\n";
     }
 
     public static void deletedEntityEvent(Property oldObj) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 118f873f8b..f58cce420e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -44,305 +44,266 @@ public class PolicyLoader {
     private static final String PRIORITY = "priority";
     public static final String POLICY = "policy";
     private static final Log log = LogFactory.getLog(PolicyLoader.class);
-    private static final String POLICY_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+    private static final String POLICY_QUERY = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?policy \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    { ?policy a ao:Policy . }\n"
+            + "    { ?policy a access:Policy . }\n"
             + "      UNION \n"
-            + "    { ?policy a ao:PolicyTemplate . }\n"
+            + "    { ?policy a access:PolicyTemplate . }\n"
             + "  }\n"
             + "}";
 
-    private static final String PRIORITY_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+    private static final String PRIORITY_QUERY = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?" + PRIORITY + " \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    OPTIONAL {?" + POLICY + " ao:priority ?set_priority" + " . }\n"
+            + "    OPTIONAL {?" + POLICY + " access:priority ?set_priority" + " . }\n"
             + "    BIND(COALESCE(?set_priority, 0 ) as ?" + PRIORITY + " ) .\n"
             + "  }\n"
             + "} ORDER BY ?" + PRIORITY;
 
 
-    private static final String DATASET_PRIORITY_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+    private static final String DATASET_PRIORITY_QUERY = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?" + PRIORITY + " \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?policy ao:priority ?set_priority .\n"
-            + "    ?policy ao:policyDataSets ?dataSets .\n"
-            + "    ?dataSets ao:policyDataSet ?dataSet .\n"
-            + "    OPTIONAL {?policy ao:priority ?policyPriority" + " . }\n"
-            + "    OPTIONAL {?dataSet ao:priority ?dataSetPriority" + " . }\n"
+            + "    ?policy access:priority ?set_priority .\n"
+            + "    ?policy access:policyDataSets ?dataSets .\n"
+            + "    ?dataSets access:policyDataSet ?dataSet .\n"
+            + "    OPTIONAL {?policy access:priority ?policyPriority" + " . }\n"
+            + "    OPTIONAL {?dataSet access:priority ?dataSetPriority" + " . }\n"
             + "    BIND(COALESCE(?dataSetPriority, ?policyPriority, 0 ) as ?" + PRIORITY + " ) .\n"
             + "  }\n"
             + "} ORDER BY ?" + PRIORITY;
 
-    private static final String DATASET_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+    private static final String DATASET_QUERY = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?dataSet \n" + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "       ?policy a ao:PolicyTemplate .\n"
-            + "       ?policy ao:policyDataSets ?dataSets .\n"
-            + "       ?dataSets ao:policyDataSet ?dataSet .\n"
+            + "       ?policy a access:PolicyTemplate .\n"
+            + "       ?policy access:policyDataSets ?dataSets .\n"
+            + "       ?dataSets access:policyDataSet ?dataSet .\n"
             + "  }\n"
             + "} ORDER BY ?dataSet";
 
-    private static final String NO_DATASET_RULES_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+    private static final String NO_DATASET_RULES_QUERY = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?policyUri ?rules ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "?policy rdf:type ao:Policy .\n"
-            + "?policy ao:rules ?rules . \n"
-            + "?rules ao:rule ?rule . \n"
-            + "?rule ao:check ?check .\n"
+            + "?policy a access:Policy .\n"
+            + "?policy access:rules ?rules . \n"
+            + "?rules access:rule ?rule . \n"
+            + "?rule access:check ?check .\n"
             + "OPTIONAL {\n"
-            + "  ?check ao:operator ?checkTest .\n"
+            + "  ?check access:operator ?checkTest .\n"
             + "  OPTIONAL {\n"
-            + "    ?checkTest ao:id ?testId . \n"
+            + "    ?checkTest access:id ?testId . \n"
             + "  }\n"
             + "}"
             + "OPTIONAL {\n"
-            + "  ?check ao:attribute ?checkType . \n"
+            + "  ?check access:attribute ?checkType . \n"
             + "  OPTIONAL {\n"
-            + "    ?checkType ao:id ?typeId . \n"
+            + "    ?checkType access:id ?typeId . \n"
             + "  }\n"
             + "}\n"
             + "OPTIONAL {\n"
-            + "   ?rule ao:decision ?decision . \n"
-            + "   ?decision ao:id ?decision_id . \n"
+            + "   ?rule access:decision ?decision . \n"
+            + "   ?decision access:id ?decision_id . \n"
             + "}\n"
-            + "?check ao:value ?value . \n"
-            + "OPTIONAL {?value ao:id ?lit_value . }\n"
+            + "?check access:singleValue ?value . \n"
+            + "OPTIONAL {?value access:id ?lit_value . }\n"
             + "  }\n"
             + "BIND(?policy as ?policyUri)\n"
             + "} ORDER BY ?rule ?check";
 
-    private static final String DATASET_RULES_QUERY = "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+    private static final String DATASET_RULES_QUERY = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?policyUri ?rules ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id "
             + " ?dataSetUri ?attributeValue ?containerType \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?policy a ao:PolicyTemplate .\n"
-            + "    ?policy ao:rules ?rules .\n"
-            + "    ?policy ao:policyDataSets ?policyDataSets .\n"
-            + "    ?policyDataSets ao:policyDataSet ?dataSet .\n"
-            + "    ?rules rdf:type ao:Rules .\n"
-            + "    ?rules ao:rule ?rule .\n"
-            + "    ?rule ao:check ?check .\n"
-            + "    ?check rdf:type ao:Check .\n"
+            + "    ?policy a access:PolicyTemplate .\n"
+            + "    ?policy access:rules ?rules .\n"
+            + "    ?policy access:policyDataSets ?policyDataSets .\n"
+            + "    ?policyDataSets access:policyDataSet ?dataSet .\n"
+            + "    ?rules a access:Rules .\n"
+            + "    ?rules access:rule ?rule .\n"
+            + "    ?rule access:check ?check .\n"
+            + "    ?check a access:Check .\n"
             + "    OPTIONAL {\n"
-            + "      ?check ao:operator ?checkTest .\n"
+            + "      ?check access:operator ?checkTest .\n"
             + "      OPTIONAL {\n"
-            + "        ?checkTest ao:id ?testId .\n"
+            + "        ?checkTest access:id ?testId .\n"
             + "      }\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?check ao:attribute ?checkType .\n"
+            + "      ?check access:attribute ?checkType .\n"
             + "      OPTIONAL {\n"
-            + "        ?checkType ao:id ?typeId .\n"
+            + "        ?checkType access:id ?typeId .\n"
             + "      }\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?rule ao:decision ?decision .\n"
-            + "      ?decision ao:id ?decision_id .\n"
+            + "      ?rule access:decision ?decision .\n"
+            + "      ?decision access:id ?decision_id .\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?check ao:templateValue ?attributeValueSet .\n"
-            + "      ?attributeValueSet a ao:AttributeValueSet .\n"
-            + "      ?attributeValueSet ao:attributeValue ?attributeValue .\n"
-            + "      ?attributeValue ao:dataValue ?value .\n"
-            + "      ?dataSet ao:dataSetValues ?attributeValue .\n"
+            + "      ?check access:values ?attributeValueSet .\n"
+            + "      ?attributeValueSet a access:AttributeValueSet .\n"
+            + "      ?attributeValueSet access:attributeValue ?attributeValue .\n"
+            + "      ?attributeValue access:value ?value .\n"
+            + "      ?dataSet access:dataSetValues ?attributeValue .\n"
             + "      OPTIONAL {\n"
-            + "        ?attributeValue ao:containerType ?containerTypeUri .\n"
-            + "        ?containerTypeUri ao:id ?containerType ."
+            + "        ?attributeValue access:containerType ?containerTypeUri .\n"
+            + "        ?containerTypeUri access:id ?containerType ."
             + "      }\n"
-            + "      OPTIONAL {?value ao:id ?lit_value . }\n"
+            + "      OPTIONAL {?value access:id ?lit_value . }\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?check ao:value ?value .\n"
-            + "      OPTIONAL {?value ao:id ?lit_value . }\n"
+            + "      ?check access:singleValue ?value .\n"
+            + "      OPTIONAL {?value access:id ?lit_value . }\n"
             + "    }\n"
             + "    BIND(?dataSet as ?dataSetUri)\n"
             + "    BIND(?policy as ?policyUri)\n"
             + "  }\n"
             + "} ORDER BY ?rule ?check";
 
-    private static final String policyKeyTemplatePrefix =
-              "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+    private static final String policyKeyTemplatePrefix = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?"
             + POLICY + " ?dataSet ?testData ?value ?valueId ?valueContainer ( COUNT(?key) AS ?keySize ) \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "  ?" + POLICY + " ao:policyDataSets ?policyDataSets .\n"
-            + "  ?policyDataSets ao:policyDataSet ?dataSet .\n"
-            + "  ?dataSet ao:dataSetKey ?dataSetKeyUri .\n"
-            + "  ?dataSet ao:dataSetValues ?valueContainer .\n"
-            + "  ?valueContainer ao:containerType ?containerType .\n"
-            + "  ?containerType ao:id ?containerId .\n"
-            + "  OPTIONAL { ?valueContainer ao:dataValue ?value .\n"
-            + "    OPTIONAL { ?value ao:id ?valueId . }\n"
+            + "  ?" + POLICY + " access:policyDataSets ?policyDataSets .\n"
+            + "  ?policyDataSets access:policyDataSet ?dataSet .\n"
+            + "  ?dataSet access:dataSetKey ?dataSetKeyUri .\n"
+            + "  ?dataSet access:dataSetValues ?valueContainer .\n"
+            + "  ?valueContainer access:containerType ?containerType .\n"
+            + "  ?containerType access:id ?containerId .\n"
+            + "  OPTIONAL { ?valueContainer access:value ?value .\n"
+            + "    OPTIONAL { ?value access:id ?valueId . }\n"
             + "  }\n"
-            + "  ?dataSetKeyUri ao:keyComponent ?key .\n";
+            + "  ?dataSetKeyUri access:keyComponent ?key .\n";
 
     private static final String policyKeyTemplateSuffix =
             "}} GROUP BY ?" + POLICY + " ?dataSet ?value ?valueId ?testData ?valueContainer";
 
-    private static final String policyStatementByKeyTemplatePrefix =
-              "prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"
-            + "prefix owl: <http://www.w3.org/2002/07/owl#>\n"
-            + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-            + "prefix xsd: <http://www.w3.org/2001/XMLSchema#>\n"
+    private static final String policyStatementByKeyTemplatePrefix = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "CONSTRUCT { \n"
-            + "  ?valueContainer ao:dataValue <%s> .\n"
+            + "  ?valueContainer access:value <%s> .\n"
             + "}\n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "  ?dataSet ao:dataSetKey ?dataSetKeyUri .\n"
-            + "  ?" + POLICY + " ao:policyDataSets ?policyDataSets .\n"
-            + "  ?policyDataSets ao:policyDataSet ?dataSet . \n"
-            + "  ?dataSet ao:dataSetValues ?valueContainer . \n"
-            + "  ?valueContainer ao:containerType ?containerTypeUri . \n"
-            + "  ?containerTypeUri ao:id ?containerType . \n";
+            + "  ?dataSet access:dataSetKey ?dataSetKeyUri .\n"
+            + "  ?" + POLICY + " access:policyDataSets ?policyDataSets .\n"
+            + "  ?policyDataSets access:policyDataSet ?dataSet . \n"
+            + "  ?dataSet access:dataSetValues ?valueContainer . \n"
+            + "  ?valueContainer access:containerType ?containerTypeUri . \n"
+            + "  ?containerTypeUri access:id ?containerType . \n";
 
     private static final String policyStatementByKeyTemplateSuffix = "}}";
 
     public static final String DATA_SET_TEMPLATES_QUERY = ""
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
             + "SELECT ?dataSetTemplate ?dataSets ( COUNT(?key) AS ?keySize )\n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSets ao:policyDataSetTemplate ?dataSetTemplate .\n"
-            + "    ?dataSetTemplate ao:dataSetTemplateKey ?dataSetTemplateKey .\n"
-            + "    ?dataSetTemplateKey ao:templateKey ai:SubjectRole .\n"
-            + "    ?dataSetTemplateKey ao:templateKey ?key .\n"
+            + "    ?dataSets access:policyDataSetTemplate ?dataSetTemplate .\n"
+            + "    ?dataSetTemplate access:dataSetTemplateKey ?dataSetTemplateKey .\n"
+            + "    ?dataSetTemplateKey access:templateKey access-individual:SubjectRole .\n"
+            + "    ?dataSetTemplateKey access:templateKey ?key .\n"
             + "  }\n"
             + "}\n"
             + "GROUP BY ?dataSetTemplate ?dataSets";
 
     public static final String DATA_SET_KEY_TEMPLATE_QUERY = ""
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT ?keyComponent \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSetTemplate ao:dataSetKeyTemplate ?dataSetKeyTemplate .\n"
-            + "    ?dataSetKeyTemplate ao:keyComponent ?keyComponent .\n"
+            + "    ?dataSetTemplate access:dataSetKeyTemplate ?dataSetKeyTemplate .\n"
+            + "    ?dataSetKeyTemplate access:keyComponent ?keyComponent .\n"
             + "  }\n"
             + "}\n";
 
     public static final String DATA_SET_KEY_QUERY = ""
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT ?keyComponent ?id ?type \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSet ao:dataSetKey ?dataSetKey ."
-            + "    ?dataSetKey ao:keyComponent ?keyComponent .\n"
+            + "    ?dataSet access:dataSetKey ?dataSetKey ."
+            + "    ?dataSetKey access:keyComponent ?keyComponent .\n"
             + "    OPTIONAL {\n"
-            + "      ?keyComponent ao:id ?id .\n"
+            + "      ?keyComponent access:id ?id .\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?keyComponent a ao:ObjectType .\n"
+            + "      ?keyComponent a access:ObjectType .\n"
             + "      BIND('ACCESS_OBJECT_TYPE' as ?type)\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?keyComponent a ao:Operation .\n"
+            + "      ?keyComponent a access:Operation .\n"
             + "      BIND('OPERATION' as ?type)\n"
             + "    }\n"
             + "  }\n"
             + "}\n";
 
     public static final String DATA_SET_KEY_TEMPLATES_TEMPLATE_QUERY = ""
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT ?keyComponentTemplate \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSetTemplate ao:dataSetKeyTemplate ?dataSetKeyTemplate .\n"
-            + "    ?dataSetKeyTemplate ao:keyComponentTemplate ?keyComponentTemplate .\n"
+            + "    ?dataSetTemplate access:dataSetKeyTemplate ?dataSetKeyTemplate .\n"
+            + "    ?dataSetKeyTemplate access:keyComponentTemplate ?keyComponentTemplate .\n"
             + "  }\n"
             + "}\n";
 
     public static final String DATA_SET_VALUE_TEMPLATE_QUERY = ""
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT ?valueContainer \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSetTemplate ao:dataSetValues ?valueContainer .\n"
+            + "    ?dataSetTemplate access:dataSetValues ?valueContainer .\n"
             + "  }\n"
             + "}\n";
 
     public static final String DATA_SET_VALUE_CONTAINER_TEMPLATES_TEMPLATE_QUERY = ""
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT ?valueContainerTemplate \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSetTemplate ao:dataSetValueTemplate ?valueContainerTemplate .\n"
+            + "    ?dataSetTemplate access:dataSetValueTemplate ?valueContainerTemplate .\n"
             + "  }\n"
             + "}\n";
 
     public static final String CONSTRUCT_VALUE_CONTAINER_QUERY = ""
-            + "prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "CONSTRUCT {\n"
-            + "  ?relatedAttributeValueSet ao:attributeValue ?valueContainer .\n"
-            + "  ?valueContainer a ao:ValueContainer .\n"
-            + "  ?valueContainer ao:containerType ?containerType .\n"
-            + "  ?valueContainer ao:dataValue ?newRoleUri .\n"
-            + "  ?valueContainer ao:dataValue ?dataValue ."
+            + "  ?relatedAttributeValueSet access:attributeValue ?valueContainer .\n"
+            + "  ?valueContainer a access:ValueContainer .\n"
+            + "  ?valueContainer access:containerType ?containerType .\n"
+            + "  ?valueContainer access:value ?newRoleUri .\n"
+            + "  ?valueContainer access:value ?dataValue ."
             + "}\n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?valueContainerTemplateUri ao:relatedValueSet ?relatedAttributeValueSet .\n"
-            + "    ?valueContainerTemplateUri ao:containerTypeTemplate ?containerType .\n"
+            + "    ?valueContainerTemplateUri access:relatedValueSet ?relatedAttributeValueSet .\n"
+            + "    ?valueContainerTemplateUri access:containerTypeTemplate ?containerType .\n"
             + "    OPTIONAL {\n"
-            + "      ?valueContainerTemplateUri ao:defaultValue ?dataValue .\n"
+            + "      ?valueContainerTemplateUri access:defaultValue ?dataValue .\n"
             + "    }\n"
             + "    OPTIONAL {\n"
             + "      FILTER ( str(?containerType) = 'https://vivoweb.org/ontology/vitro-application/auth/individual/SubjectRole' )\n"
@@ -602,11 +563,12 @@ private static String getPolicyDataSetValueStatementByKeyQuery(String entityUri,
         StringBuilder query = new StringBuilder();
         query.append(String.format(policyStatementByKeyTemplatePrefix, entityUri));
         for (String uri : uris) {
-            query.append(String.format("  ?dataSetKeyUri ao:keyComponent <%s> . \n", uri));
+            query.append(String.format("  ?dataSetKeyUri access:keyComponent <%s> . \n", uri));
         }
         int i = 0;
         for (String id : ids) {
-            query.append(String.format("  ?dataSetKeyUri ao:keyComponent ?uri%d . ?uri%d ao:id \"%s\" . \n", i, i, id));
+            query.append(String.format("  ?dataSetKeyUri access:keyComponent ?uri%d . ?uri%d access:id \"%s\" . \n", i,
+                    i, id));
             i++;
         }
         query.append(policyStatementByKeyTemplateSuffix);
@@ -616,12 +578,12 @@ private static String getPolicyDataSetValueStatementByKeyQuery(String entityUri,
     private static String getDataSetByKeyQuery(String[] uris, String[] ids) {
         StringBuilder query = new StringBuilder(policyKeyTemplatePrefix);
         for (String uri : uris) {
-            query.append(String.format("  ?dataSetKeyUri ao:keyComponent <%s> . \n", uri));
+            query.append(String.format("  ?dataSetKeyUri access:keyComponent <%s> . \n", uri));
         }
         int i = 0;
         for (String id : ids) {
-            query.append(
-                    String.format("  ?dataSetKeyUri ao:keyComponent ?uri%d .\n  ?uri%d ao:id \"%s\" . \n", i, i, id));
+            query.append(String.format("  ?dataSetKeyUri access:keyComponent ?uri%d .\n  ?uri%d access:id \"%s\" . \n",
+                    i, i, id));
             i++;
         }
         query.append(policyKeyTemplateSuffix);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
index 738a048666..2a3277d789 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -16,13 +16,11 @@ public class PolicyTemplateController {
 
     public static void createRoleDataSets(String roleUri) {
 
-        // Execute sparql query to get all data set templates that have ao:templateKey ai:SubjectRole .
+        // Execute sparql query to get all data set templates that have ao:templateKey access-individual:SubjectRole .
         Map<String, String> templates = PolicyLoader.getInstance().getRoleDataSetTemplates();
         for (String templateUri : templates.keySet()) {
             createRoleDataSet(templateUri, roleUri, templates.get(templateUri));
         }
-        // For each data set template:
-        // SPARQL construct Query to get ?dataSetsUri, value container templates
     }
 
     private static void createRoleDataSet(String dataSetTemplateUri, String roleUri, String dataSetsUri) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index d785bcb2e4..0469441199 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -37,10 +37,10 @@ public class AuthMigrator implements ServletContextListener {
 
     private static final String SET_VERSION_TEMPLATE = ""
             + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
-            + "@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .\n"
+            + "@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .\n"
             + "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
-            + "rdf:type ao:Configuration ;\n"
-            + "ao:version ?version .";
+            + "rdf:type access:Configuration ;\n"
+            + "access:version ?version .";
 
     private static final String REMOVE_VERSION_TEMPLATE = ""
             + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
@@ -49,12 +49,12 @@ public class AuthMigrator implements ServletContextListener {
 
     private static String VERSION_QUERY = ""
             + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
-            + "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT ?version \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "       ?configuration rdf:type ao:Configuration .\n"
-            + "       ?configuration ao:version ?version .\n"
+            + "       ?configuration rdf:type access:Configuration .\n"
+            + "       ?configuration access:version ?version .\n"
             + "  }\n"
             + "}";
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
index 1fa6dec276..0b4894ab3e 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
@@ -18,7 +18,7 @@ public class EditablePagesPolicyTest extends PolicyTest {
     @Test
     public void testLoadEditablePagesPolicy() {
         load(EDITABLE_PAGES_POLICY_PATH);
-        String policyUri = VitroVocabulary.AUTH_INDIVIDUAL_PREFIX + "policy/edit-individual-pages/Policy";
+        String policyUri = VitroVocabulary.AUTH_INDIVIDUAL_PREFIX + "edit-individual-pages/Policy";
         Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
         assertEquals(1, policies.size());
         DynamicPolicy policy = policies.iterator().next();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
index a03670b921..e785ac67d7 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/HomeMenuItemsRestrictionPolicyTest.java
@@ -23,7 +23,7 @@ public class HomeMenuItemsRestrictionPolicyTest extends PolicyTest {
     @Test
     public void testHomeMenuItemsRestrictionPolicy() {
         load(MENU_ITEMS_POLICY_PATH);
-        String policyUri = VitroVocabulary.AUTH_INDIVIDUAL_PREFIX + "policy/restrict-home-menu-items-editing/Policy";
+        String policyUri = VitroVocabulary.AUTH_INDIVIDUAL_PREFIX + "restrict-home-menu-items-editing/Policy";
         Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
         assertEquals(1, policies.size());
         DynamicPolicy policy = policies.iterator().next();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
index 38e99ceb54..9c8cab2c5e 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/NonModifiableStatementsPolicyTest.java
@@ -28,7 +28,7 @@ public class NonModifiableStatementsPolicyTest extends PolicyTest {
     public void testNonModifiableStatementsPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + NOT_MODIFIABLE_STATEMENTS_POLICY_PATH + EXT);
 
-        String policyUri = VitroVocabulary.AUTH_INDIVIDUAL_PREFIX + "template/non-modifiable-statements/PolicyTemplate";
+        String policyUri = VitroVocabulary.AUTH_INDIVIDUAL_PREFIX + "non-modifiable-statements/PolicyTemplate";
         Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
         assertEquals(1, policies.size());
         DynamicPolicy policy = policies.iterator().next();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
index 018cc11fe2..e687f6f256 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicyTest.java
@@ -15,7 +15,7 @@ public class RootUserPolicyTest extends PolicyTest {
     @Test
     public void testLoadRootUserPolicy() {
         load(ROOT_POLICY_PATH);
-        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/policy/root-user/Policy";
+        String policyUri = "https://vivoweb.org/ontology/vitro-application/auth/individual/root-user/Policy";
         Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
         assertEquals(1, policies.size());
         DynamicPolicy policy = policies.iterator().next();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
index c042e0098a..4bcec479e9 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
@@ -27,7 +27,7 @@ public void testAdminSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + ADMIN_SIMPLE_PERMISSIONS_PATH + EXT);
         String dataSetUri =
-                "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/AdminDataSet";
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/AdminDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
@@ -48,7 +48,7 @@ public void testCuratorSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + CURATOR_SIMPLE_PERMISSIONS_PATH + EXT);
         String dataSetUri =
-                "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/CuratorDataSet";
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/CuratorDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
@@ -69,7 +69,7 @@ public void testEditorSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + EDITOR_SIMPLE_PERMISSIONS_PATH + EXT);
         String dataSetUri =
-                "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/EditorDataSet";
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/EditorDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
@@ -90,7 +90,7 @@ public void testSelfEditorSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + SELF_EDITOR_SIMPLE_PERMISSIONS_PATH + EXT);
         String dataSetUri =
-                "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/SelfEditorDataSet";
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/SelfEditorDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
@@ -111,7 +111,7 @@ public void testPublicSimplePermissionPolicy() {
         load(PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + TEMPLATE_PATH + EXT);
         load(USER_ACCOUNTS_HOME_FIRSTTIME + PUBLIC_SIMPLE_PERMISSIONS_PATH + EXT);
         String dataSetUri =
-                "https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/PublicDataSet";
+                "https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/PublicDataSet";
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
         assertTrue(policy != null);
         assertEquals(1000, policy.getPriority());
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index de586f9412..34e7ab2a75 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -36,7 +36,7 @@ public class ArmMigratorTest extends AuthMigratorTest {
     private OntModel userAccountsModel;
     private ArmMigrator armMigrator;
     private String propertyUri = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity";
-    private String dataValue = "https://vivoweb.org/ontology/vitro-application/auth/vocabulary/dataValue";
+    private String value = "https://vivoweb.org/ontology/vitro-application/auth/vocabulary/value";
 
     @Before
     public void initArmMigration() {
@@ -119,7 +119,7 @@ public void migrateConfigurationTest() {
         String stringResult = additions.toString();
         assertFalse(stringResult.isEmpty());
         assertEquals(33, getCount("\n", stringResult));
-        assertEquals(33, getCount(dataValue, stringResult));
+        assertEquals(33, getCount(value, stringResult));
         assertEquals(6, getCount(OBJECT_PROPERTY_URI, stringResult));
         assertEquals(3, getCount(CLASS_URI, stringResult));
         assertEquals(5, getCount(DATA_PROPERTY_URI, stringResult));
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index 51efdbc8c9..f99e7f36a5 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -5,79 +5,79 @@
 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/test-data-set-templates/> .
 
-:PolicyTemplate a ao:PolicyTemplate ;
-    ao:policyDataSets :DataSets ;
-    ao:rules :RuleSet .
+:PolicyTemplate a access:PolicyTemplate ;
+    access:policyDataSets :DataSets ;
+    access:rules :RuleSet .
 
-:DataSets a ao:PolicyDataSets ;
-    ao:policyDataSetTemplate :RoleDataSetTemplate1 ;
-    ao:policyDataSetTemplate :RoleDataSetTemplate2 ;
-    ao:policyDataSet :PublicDataSet .
+:DataSets a access:PolicyDataSets ;
+    access:policyDataSetTemplate :RoleDataSetTemplate1 ;
+    access:policyDataSetTemplate :RoleDataSetTemplate2 ;
+    access:policyDataSet :PublicDataSet .
 
 #Role data set templates
 
 
-:RoleDataSetTemplate1 a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleDataSetTemplateKey1 ;
-    ao:dataSetKeyTemplate :RoleDataSetKeyTemplate1 ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValueTemplate :RoleValueContainerTemplate1 ;
-    ao:dataSetValueTemplate :RolePermissionValueContainerTemplate1 .  
+:RoleDataSetTemplate1 a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleDataSetTemplateKey1 ;
+    access:dataSetKeyTemplate :RoleDataSetKeyTemplate1 ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValueTemplate :RoleValueContainerTemplate1 ;
+    access:dataSetValueTemplate :RolePermissionValueContainerTemplate1 .  
 
-:RoleDataSetTemplateKey1 a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleDataSetTemplateKey1 a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleDataSetKeyTemplate1 a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent ai:ExecuteOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleDataSetKeyTemplate1 a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:NamedObject ;
+    access:keyComponent access-individual:ExecuteOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleValueContainerTemplate1 a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleValueContainerTemplate1 a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePermissionValueContainerTemplate1 a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :TypeValueSet;
-    ao:defaultValue simplePermission:PageViewablePublic;
-    ao:defaultValue simplePermission:QueryFullModel ;
-    ao:containerTypeTemplate ai:NamedObject .
+:RolePermissionValueContainerTemplate1 a access:ValueContainerTemplate ;
+    access:relatedValueSet :TypeValueSet;
+    access:defaultValue simplePermission:PageViewablePublic;
+    access:defaultValue simplePermission:QueryFullModel ;
+    access:containerTypeTemplate access-individual:NamedObject .
 
 
-:RoleDataSetTemplate2 a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleDataSetTemplateKey2 ;
-    ao:dataSetKeyTemplate :RoleDataSetKeyTemplate2 ;
-    ao:dataSetValueTemplate :RoleValueContainerTemplate2 ;
-    ao:dataSetValueTemplate :RolePermissionValueContainerTemplate2 .  
+:RoleDataSetTemplate2 a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleDataSetTemplateKey2 ;
+    access:dataSetKeyTemplate :RoleDataSetKeyTemplate2 ;
+    access:dataSetValueTemplate :RoleValueContainerTemplate2 ;
+    access:dataSetValueTemplate :RolePermissionValueContainerTemplate2 .  
 
-:RoleDataSetTemplateKey2 a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleDataSetTemplateKey2 a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleDataSetKeyTemplate2 a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:ObjectPropertyAccesObject ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleDataSetKeyTemplate2 a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:ObjectPropertyAccesObject ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleValueContainerTemplate2 a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleValueContainerTemplate2 a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePermissionValueContainerTemplate2 a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :TypeValueSet;
-    ao:containerTypeTemplate ai:NamedObject .
+:RolePermissionValueContainerTemplate2 a access:ValueContainerTemplate ;
+    access:relatedValueSet :TypeValueSet;
+    access:containerTypeTemplate access-individual:NamedObject .
 
-:PublicDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:PublicSimplePermissionValueContainer .
+:PublicDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:PublicSimplePermissionValueContainer .
 
-:PublicDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent ai:ExecuteOperation ;
-    ao:keyComponent auth:PUBLIC .
+:PublicDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:NamedObject ;
+    access:keyComponent access-individual:ExecuteOperation ;
+    access:keyComponent auth:PUBLIC .
 
-ai:PublicSimplePermissionValueContainer a ao:ValueContainer ;
-    ao:containerType ai:NamedObject .
+access-individual:PublicSimplePermissionValueContainer a access:ValueContainer ;
+    access:containerType access-individual:NamedObject .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
index a754a7f240..6a06235f39 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
@@ -5,25 +5,25 @@
 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:ProximityTestPolicy rdf:type ao:Policy ;
-          ao:rules ai:ProximityRuleSet .
+access-individual:ProximityTestPolicy rdf:type access:Policy ;
+          access:rules access-individual:ProximityRuleSet .
 
-ai:ProximityRuleSet rdf:type ao:Rules ;
-          ao:rule ai:AllowPersonEditOwnPublication .
+access-individual:ProximityRuleSet rdf:type access:Rules ;
+          access:rule access-individual:AllowPersonEditOwnPublication .
           
-ai:AllowPersonEditOwnPublication rdf:type ao:Rule ;
-          ao:check ai:PublicationInProximityAttribute .
+access-individual:AllowPersonEditOwnPublication rdf:type access:Rule ;
+          access:check access-individual:PublicationInProximityAttribute .
           
-ai:PublicationInProximityAttribute rdf:type ao:Check ;
-         ao:operator ai:SparqlSelectQueryContains ;
-         ao:attribute ai:StatementSubjectUri ;
-         ao:value ai:PublicationProximityToPerson .
+access-individual:PublicationInProximityAttribute rdf:type access:Check ;
+         access:operator access-individual:SparqlSelectQueryContains ;
+         access:attribute access-individual:StatementSubjectUri ;
+         access:singleValue access-individual:PublicationProximityToPerson .
 
-ai:PublicationProximityToPerson rdf:type ao:ValueContainer ;
-        ao:id """
+access-individual:PublicationProximityToPerson rdf:type access:ValueContainer ;
+        access:id """
         SELECT ?resourceUri WHERE {
                   ?personUri <test:has_publication> ?resourceUri .
         }
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
index c960b09939..bceb8328ae 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
@@ -5,25 +5,25 @@
 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:BrokenPolicyBrokenTestType rdf:type ao:Policy ;
-          ao:rules ai:BrokenTestPolicyRuleSet .
+access-individual:BrokenPolicyBrokenTestType rdf:type access:Policy ;
+          access:rules access-individual:BrokenTestPolicyRuleSet .
 
-ai:BrokenTestPolicyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:BrokenTestRule .
+access-individual:BrokenTestPolicyRuleSet rdf:type access:Rules ;
+          access:rule access-individual:BrokenTestRule .
           
-ai:BrokenTestRule rdf:type ao:Rule ;
-          ao:check ai:ValidTestAttribute ;
-          ao:check ai:BrokenTestAttribute .
+access-individual:BrokenTestRule rdf:type access:Rule ;
+          access:check access-individual:ValidTestAttribute ;
+          access:check access-individual:BrokenTestAttribute .
           
-ai:BrokenTestAttribute rdf:type ao:Check ;
-         ao:attribute ai:Operation ;
-         ao:value ai:PublishOperation .
+access-individual:BrokenTestAttribute rdf:type access:Check ;
+         access:attribute access-individual:Operation ;
+         access:singleValue access-individual:PublishOperation .
          
-ai:ValidTestAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:attribute ai:Operation ;
-         ao:value ai:PublishOperation .
+access-individual:ValidTestAttribute rdf:type access:Check ;
+         access:operator access-individual:Equals ;
+         access:attribute access-individual:Operation ;
+         access:singleValue access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
index 63e1004002..7e5b37195a 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
@@ -5,25 +5,25 @@
 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:BrokenPolicyType rdf:type ao:Policy ;
-          ao:rules ai:BrokenTestPolicyRuleSet .
+access-individual:BrokenPolicyType rdf:type access:Policy ;
+          access:rules access-individual:BrokenTestPolicyRuleSet .
 
-ai:BrokenTestPolicyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:BrokenTestRule .
+access-individual:BrokenTestPolicyRuleSet rdf:type access:Rules ;
+          access:rule access-individual:BrokenTestRule .
           
-ai:BrokenTestRule rdf:type ao:Rule ;
-          ao:check ai:ValidTestAttribute ;
-          ao:check ai:BrokenTestAttribute .
+access-individual:BrokenTestRule rdf:type access:Rule ;
+          access:check access-individual:ValidTestAttribute ;
+          access:check access-individual:BrokenTestAttribute .
           
-ai:BrokenTestAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:value ai:PublishOperation .
+access-individual:BrokenTestAttribute rdf:type access:Check ;
+         access:operator access-individual:Equals ;
+         access:singleValue access-individual:PublishOperation .
          
-ai:ValidTestAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:attribute ai:Operation ;
-         ao:value ai:PublishOperation .
+access-individual:ValidTestAttribute rdf:type access:Check ;
+         access:operator access-individual:Equals ;
+         access:attribute access-individual:Operation ;
+         access:singleValue access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
index 3bd31a52c9..2c734b916a 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
@@ -5,26 +5,26 @@
 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:BrokenPolicyBrokenTestTypeId rdf:type ao:Policy ;
-          ao:rules ai:BrokenTestPolicyRuleSet .
+access-individual:BrokenPolicyBrokenTestTypeId rdf:type access:Policy ;
+          access:rules access-individual:BrokenTestPolicyRuleSet .
 
-ai:BrokenTestPolicyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:BrokenTestRule .
+access-individual:BrokenTestPolicyRuleSet rdf:type access:Rules ;
+          access:rule access-individual:BrokenTestRule .
           
-ai:BrokenTestRule rdf:type ao:Rule ;
-          ao:check ai:ValidTestAttribute ;
-          ao:check ai:BrokenTestAttribute .
+access-individual:BrokenTestRule rdf:type access:Rule ;
+          access:check access-individual:ValidTestAttribute ;
+          access:check access-individual:BrokenTestAttribute .
           
-ai:BrokenTestAttribute rdf:type ao:Check ;
-         ao:operator ai:UnknownTest ;
-         ao:attribute ai:Operation ;
-         ao:value ai:PublishOperation .
+access-individual:BrokenTestAttribute rdf:type access:Check ;
+         access:operator access-individual:UnknownTest ;
+         access:attribute access-individual:Operation ;
+         access:singleValue access-individual:PublishOperation .
          
-ai:ValidTestAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:attribute ai:Operation ;
-         ao:value ai:PublishOperation .
+access-individual:ValidTestAttribute rdf:type access:Check ;
+         access:operator access-individual:Equals ;
+         access:attribute access-individual:Operation ;
+         access:singleValue access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
index 097314b97b..f268d2bd82 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
@@ -5,26 +5,26 @@
 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:BrokenPolicyTypeId rdf:type ao:Policy ;
-          ao:rules ai:BrokenTestPolicyRuleSet .
+access-individual:BrokenPolicyTypeId rdf:type access:Policy ;
+          access:rules access-individual:BrokenTestPolicyRuleSet .
 
-ai:BrokenTestPolicyRuleSet rdf:type ao:Rules ;
-          ao:rule ai:BrokenTestRule .
+access-individual:BrokenTestPolicyRuleSet rdf:type access:Rules ;
+          access:rule access-individual:BrokenTestRule .
           
-ai:BrokenTestRule rdf:type ao:Rule ;
-          ao:check ai:ValidTestAttribute ;
-          ao:check ai:BrokenTestAttribute .
+access-individual:BrokenTestRule rdf:type access:Rule ;
+          access:check access-individual:ValidTestAttribute ;
+          access:check access-individual:BrokenTestAttribute .
           
-ai:BrokenTestAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:attribute ai:UnknownType ;
-         ao:value ai:PublishOperation .
+access-individual:BrokenTestAttribute rdf:type access:Check ;
+         access:operator access-individual:Equals ;
+         access:attribute access-individual:UnknownType ;
+         access:singleValue access-individual:PublishOperation .
          
-ai:ValidTestAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:attribute ai:Operation ;
-         ao:value ai:PublishOperation .
+access-individual:ValidTestAttribute rdf:type access:Check ;
+         access:operator access-individual:Equals ;
+         access:attribute access-individual:Operation ;
+         access:singleValue access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index 15486130b0..547376e67e 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -5,38 +5,38 @@
 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:BrokenTestSetPolicy rdf:type ao:Policy ;
-          ao:policyDataSets ai:testDataSets ;
-          ao:rules ai:BrokenRuleSet .
+access-individual:BrokenTestSetPolicy rdf:type access:Policy ;
+          access:policyDataSets access-individual:testDataSets ;
+          access:rules access-individual:BrokenRuleSet .
 
-ai:BrokenRuleSet rdf:type ao:Rules ;
-          ao:rule ai:BrokenRule .
+access-individual:BrokenRuleSet rdf:type access:Rules ;
+          access:rule access-individual:BrokenRule .
           
-ai:BrokenRule rdf:type ao:Rule ;
-          ao:check ai:BrokenAttribute1 ;
-          ao:check ai:BrokenAttribute2 .
+access-individual:BrokenRule rdf:type access:Rule ;
+          access:check access-individual:BrokenAttribute1 ;
+          access:check access-individual:BrokenAttribute2 .
           
-ai:BrokenAttribute1 rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:attribute ai:ObjectUri ;
-         ao:setValue ai:valueSet1 .
+access-individual:BrokenAttribute1 rdf:type access:Check ;
+         access:operator access-individual:Equals ;
+         access:attribute access-individual:ObjectUri ;
+         access:setValue access-individual:valueSet1 .
          
-ai:BrokenAttribute2 rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:attribute ai:ObjectUri ;
-         ao:setValue ai:valueSet2 .
+access-individual:BrokenAttribute2 rdf:type access:Check ;
+         access:operator access-individual:Equals ;
+         access:attribute access-individual:ObjectUri ;
+         access:setValue access-individual:valueSet2 .
 
-ai:testDataSets rdf:type ao:PolicyDataSets ;
-          ao:policyDataSet ai:testDataSet1 .
+access-individual:testDataSets rdf:type access:PolicyDataSets ;
+          access:policyDataSet access-individual:testDataSet1 .
 
-ai:testDataSet1 rdf:type ao:PolicyDataSet ;
-          ao:dataSetValues ai:valueSet1 .
+access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
+          access:dataSetValues access-individual:valueSet1 .
 
-ai:valueSet1 rdf:type ao:ValueContainer ;
-        ao:dataValue <test:value1> ;
-        ao:dataValue <test:value2> ;
+access-individual:valueSet1 rdf:type access:ValueContainer ;
+        access:value <test:value1> ;
+        access:value <test:value2> ;
         .        
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index ea4506012b..b4f9d1d2bf 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -5,56 +5,56 @@
 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:BrokenTestSetPolicy rdf:type ao:Policy ;
-    ao:policyDataSets ai:testDataSets ;
-    ao:rules ai:BrokenRuleSet .
+access-individual:BrokenTestSetPolicy rdf:type access:Policy ;
+    access:policyDataSets access-individual:testDataSets ;
+    access:rules access-individual:BrokenRuleSet .
 
-ai:BrokenRuleSet rdf:type ao:Rules ;
-    ao:rule ai:BrokenRule .
+access-individual:BrokenRuleSet rdf:type access:Rules ;
+    access:rule access-individual:BrokenRule .
     
-ai:BrokenRule rdf:type ao:Rule ;
-    ao:check ai:BrokenSetAttribute1 ;
-    ao:check ai:BrokenSetAttribute2 .
+access-individual:BrokenRule rdf:type access:Rule ;
+    access:check access-individual:BrokenSetAttribute1 ;
+    access:check access-individual:BrokenSetAttribute2 .
     
-ai:BrokenSetAttribute1 rdf:type ao:Check ;
-    ao:operator ai:NotOneOf ;
-    ao:attribute ai:ObjectUri ;
-    ao:templateValue ai:AttributeValueSet1 ;
+access-individual:BrokenSetAttribute1 rdf:type access:Check ;
+    access:operator access-individual:NotOneOf ;
+    access:attribute access-individual:ObjectUri ;
+    access:values access-individual:AttributeValueSet1 ;
     .
     
-ai:BrokenSetAttribute2 rdf:type ao:Check ;
-    ao:operator ai:NotOneOf ;
-    ao:attribute ai:ObjectUri ;
-    ao:templateValue ai:AttributeValueSet2 .
+access-individual:BrokenSetAttribute2 rdf:type access:Check ;
+    access:operator access-individual:NotOneOf ;
+    access:attribute access-individual:ObjectUri ;
+    access:values access-individual:AttributeValueSet2 .
 
-ai:testDataSets rdf:type ao:PolicyDataSets ;
-    ao:policyDataSet ai:testDataSet1 ;
-    ao:policyDataSet ai:testDataSet2 .
+access-individual:testDataSets rdf:type access:PolicyDataSets ;
+    access:policyDataSet access-individual:testDataSet1 ;
+    access:policyDataSet access-individual:testDataSet2 .
 
-ai:testDataSet1 rdf:type ao:PolicyDataSet ;
-    ao:dataSetValues ai:valueSet1 .
+access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
+    access:dataSetValues access-individual:valueSet1 .
 
-ai:testDataSet2 rdf:type ao:PolicyDataSet ;
-    ao:dataSetValues ai:valueSet2 .
+access-individual:testDataSet2 rdf:type access:PolicyDataSet ;
+    access:dataSetValues access-individual:valueSet2 .
 
-ai:AttributeValueSet1 a ao:AttributeValueSet  ;
-    ao:attributeValue ai:valueSet1 ;
+access-individual:AttributeValueSet1 a access:AttributeValueSet  ;
+    access:attributeValue access-individual:valueSet1 ;
     .
 
-ai:AttributeValueSet2 a ao:AttributeValueSet  ;
-    ao:attributeValue ai:valueSet2 ;
+access-individual:AttributeValueSet2 a access:AttributeValueSet  ;
+    access:attributeValue access-individual:valueSet2 ;
     .
 
-ai:valueSet1 rdf:type ao:ValueContainer ;
-    ao:dataValue <test:value1> ;
-    ao:dataValue <test:value2> ;
+access-individual:valueSet1 rdf:type access:ValueContainer ;
+    access:value <test:value1> ;
+    access:value <test:value2> ;
     .
     
-ai:valueSet2 rdf:type ao:ValueContainer ;
-    ao:dataValue <test:value3> ;
-    ao:dataValue <test:value4> ;
+access-individual:valueSet2 rdf:type access:ValueContainer ;
+    access:value <test:value3> ;
+    access:value <test:value4> ;
     .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
index a2dbb4fd34..44f8d02032 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -5,25 +5,25 @@
 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:KeyTestPolicy rdf:type ao:Policy ;
-          ao:policyKey ai:PolicyKeyTest ;
-          ao:rules ai:KeyTestRuleSet .
+access-individual:KeyTestPolicy rdf:type access:Policy ;
+          access:policyKey access-individual:PolicyKeyTest ;
+          access:rules access-individual:KeyTestRuleSet .
 
-ai:KeyTestRuleSet rdf:type ao:Rules ;
-          ao:rule ai:KeyTestRule .
+access-individual:KeyTestRuleSet rdf:type access:Rules ;
+          access:rule access-individual:KeyTestRule .
           
-ai:KeyTestRule rdf:type ao:Rule ;
-          ao:check ai:KeyTestAttribute .
+access-individual:KeyTestRule rdf:type access:Rule ;
+          access:check access-individual:KeyTestAttribute .
           
-ai:KeyTestAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:attribute ai:Operation ;
-         ao:value ai:PublishOperation .
+access-individual:KeyTestAttribute rdf:type access:Check ;
+         access:operator access-individual:Equals ;
+         access:attribute access-individual:Operation ;
+         access:singleValue access-individual:PublishOperation .
 
-ai:PolicyKeyTest rdf:type ao:PolicyKey ;
-          ao:keyComponent ai:ObjectPropertyAccesObject ;
-          ao:keyComponent auth:ADMIN ;
-          ao:keyComponent ai:DisplayOperation .
+access-individual:PolicyKeyTest rdf:type access:PolicyKey ;
+          access:keyComponent access-individual:ObjectPropertyAccesObject ;
+          access:keyComponent auth:ADMIN ;
+          access:keyComponent access-individual:DisplayOperation .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
index 94a007fb14..1839d8098e 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
@@ -5,20 +5,20 @@
 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:ValidTestPolicy rdf:type ao:Policy ;
-          ao:rules ai:ValidRuleSet .
+access-individual:ValidTestPolicy rdf:type access:Policy ;
+          access:rules access-individual:ValidRuleSet .
 
-ai:ValidRuleSet rdf:type ao:Rules ;
-          ao:rule ai:ValidRule .
+access-individual:ValidRuleSet rdf:type access:Rules ;
+          access:rule access-individual:ValidRule .
           
-ai:ValidRule rdf:type ao:Rule ;
-          ao:check ai:ValidAttribute .
+access-individual:ValidRule rdf:type access:Rule ;
+          access:check access-individual:ValidAttribute .
           
-ai:ValidAttribute rdf:type ao:Check ;
-         ao:operator ai:Equals ;
-         ao:attribute ai:Operation ;
-         ao:value ai:PublishOperation .
+access-individual:ValidAttribute rdf:type access:Check ;
+         access:operator access-individual:Equals ;
+         access:attribute access-individual:Operation ;
+         access:singleValue access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index 8079c92aa1..ffd6cde29b 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -5,66 +5,66 @@
 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:ValidTestSetPolicy rdf:type ao:PolicyTemplate ;
-      ao:policyDataSets ai:testDataSets1 ;
-      ao:rules ai:ValidRuleSet .
+access-individual:ValidTestSetPolicy rdf:type access:PolicyTemplate ;
+      access:policyDataSets access-individual:testDataSets1 ;
+      access:rules access-individual:ValidRuleSet .
 
-ai:ValidRuleSet rdf:type ao:Rules ;
-      ao:rule ai:ValidRule .
+access-individual:ValidRuleSet rdf:type access:Rules ;
+      access:rule access-individual:ValidRule .
       
-ai:ValidRule rdf:type ao:Rule ;
-      ao:check ai:ValidAttribute1 ;
-      ao:check ai:ValidAttribute2 .
+access-individual:ValidRule rdf:type access:Rule ;
+      access:check access-individual:ValidAttribute1 ;
+      access:check access-individual:ValidAttribute2 .
       
-ai:ValidAttribute1 rdf:type ao:Check ;
-     ao:operator ai:Equals ;
-     ao:attribute ai:AccessObjectUri ;
-     ao:templateValue ai:AttributeValueSet1 ;
+access-individual:ValidAttribute1 rdf:type access:Check ;
+     access:operator access-individual:Equals ;
+     access:attribute access-individual:AccessObjectUri ;
+     access:values access-individual:AttributeValueSet1 ;
      .
 
-ai:AttributeValueSet1 a ao:AttributeValueSet  ;
-     ao:attributeValue ai:valueSet1 ;
-     ao:attributeValue ai:valueSet3 ;
+access-individual:AttributeValueSet1 a access:AttributeValueSet  ;
+     access:attributeValue access-individual:valueSet1 ;
+     access:attributeValue access-individual:valueSet3 ;
      .
      
-ai:ValidAttribute2 rdf:type ao:Check ;
-     ao:operator ai:Equals ;
-     ao:attribute ai:AccessObjectUri ;
-     ao:templateValue ai:AttributeValueSet2 ;
+access-individual:ValidAttribute2 rdf:type access:Check ;
+     access:operator access-individual:Equals ;
+     access:attribute access-individual:AccessObjectUri ;
+     access:values access-individual:AttributeValueSet2 ;
      .
 
-ai:AttributeValueSet2 a ao:AttributeValueSet  ;
-     ao:attributeValue ai:valueSet4 ;
-     ao:attributeValue ai:valueSet2 ;
+access-individual:AttributeValueSet2 a access:AttributeValueSet  ;
+     access:attributeValue access-individual:valueSet4 ;
+     access:attributeValue access-individual:valueSet2 ;
      .
 
-ai:testDataSets1 rdf:type ao:PolicyDataSets ;
-     ao:policyDataSet ai:testDataSet2 ;
-     ao:policyDataSet ai:testDataSet1 .
+access-individual:testDataSets1 rdf:type access:PolicyDataSets ;
+     access:policyDataSet access-individual:testDataSet2 ;
+     access:policyDataSet access-individual:testDataSet1 .
 
-ai:testDataSet1 rdf:type ao:PolicyDataSet ;
-     ao:dataSetValues ai:valueSet2 ;
-     ao:dataSetValues ai:valueSet1 .
+access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
+     access:dataSetValues access-individual:valueSet2 ;
+     access:dataSetValues access-individual:valueSet1 .
      
-ai:testDataSet2 rdf:type ao:PolicyDataSet ;
-     ao:dataSetValues ai:valueSet3 ;
-     ao:dataSetValues ai:valueSet4 .
+access-individual:testDataSet2 rdf:type access:PolicyDataSet ;
+     access:dataSetValues access-individual:valueSet3 ;
+     access:dataSetValues access-individual:valueSet4 .
 
-ai:valueSet1 rdf:type ao:ValueContainer ;
-     ao:dataValue <test:value1> ;
+access-individual:valueSet1 rdf:type access:ValueContainer ;
+     access:value <test:value1> ;
      .
     
-ai:valueSet2 rdf:type ao:ValueContainer ;
-     ao:dataValue <test:value2> ;
+access-individual:valueSet2 rdf:type access:ValueContainer ;
+     access:value <test:value2> ;
      .
      
-ai:valueSet3 rdf:type ao:ValueContainer ;
-     ao:dataValue <test:value3> ;
+access-individual:valueSet3 rdf:type access:ValueContainer ;
+     access:value <test:value3> ;
      .
     
-ai:valueSet4 rdf:type ao:ValueContainer ;
-     ao:dataValue <test:value4> ;
+access-individual:valueSet4 rdf:type access:ValueContainer ;
+     access:value <test:value4> ;
      .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3 b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
index 67a54d6cb7..200b11499f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
@@ -1,36 +1,31 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:Subject a ao:Attribute ;
-    ao:id "SUBJECT" .
+access-individual:Subject a access:Attribute ;
+    access:id "SUBJECT" .
 
-ai:SubjectRole a ao:Attribute ;
-    ao:id "SUBJECT_ROLE_URI" .
+access-individual:SubjectRole a access:Attribute ;
+    access:id "SUBJECT_ROLE_URI" .
 
-ai:SubjectType a ao:Attribute ;
-    ao:id "SUBJECT_TYPE" .
+access-individual:SubjectType a access:Attribute ;
+    access:id "SUBJECT_TYPE" .
 
-ai:AccessObjectUri a ao:Attribute ;
-    ao:id "ACCESS_OBJECT_URI" .
+access-individual:AccessObjectUri a access:Attribute ;
+    access:id "ACCESS_OBJECT_URI" .
 
-ai:AccessObjectType a ao:Attribute ;
-    ao:id "ACCESS_OBJECT_TYPE" .
+access-individual:AccessObjectType a access:Attribute ;
+    access:id "ACCESS_OBJECT_TYPE" .
 
-ai:Operation a ao:Attribute ;
-    ao:id "OPERATION" .
+access-individual:Operation a access:Attribute ;
+    access:id "OPERATION" .
 
-ai:StatementPredicateUri a ao:Attribute ;
-    ao:id "STATEMENT_PREDICATE_URI" .
+access-individual:StatementPredicateUri a access:Attribute ;
+    access:id "STATEMENT_PREDICATE_URI" .
 
-ai:StatementSubjectUri a ao:Attribute ;
-    ao:id "STATEMENT_SUBJECT_URI" .
+access-individual:StatementSubjectUri a access:Attribute ;
+    access:id "STATEMENT_SUBJECT_URI" .
 
-ai:StatementObjectUri a ao:Attribute ;
-    ao:id "STATEMENT_OBJECT_URI" .
+access-individual:StatementObjectUri a access:Attribute ;
+    access:id "STATEMENT_OBJECT_URI" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
index deea2c2aee..43d3c8d779 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/decisions.n3
@@ -1,15 +1,10 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:Deny a ao:Decision;
-    ao:id "DENY" .
+access-individual:Deny a access:Decision;
+    access:id "DENY" .
 
-ai:Allow a ao:Decision;
-    ao:id "ALLOW" .
+access-individual:Allow a access:Decision;
+    access:id "ALLOW" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
index 0315be2027..be53dcc3ec 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
@@ -1,68 +1,63 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:ObjectProperty a ao:ObjectType ;
-    ao:id "OBJECT_PROPERTY" .
+access-individual:ObjectProperty a access:ObjectType ;
+    access:id "OBJECT_PROPERTY" .
 
-ai:DataProperty a ao:ObjectType ;
-    ao:id "DATA_PROPERTY" .
+access-individual:DataProperty a access:ObjectType ;
+    access:id "DATA_PROPERTY" .
 
-ai:FauxDataProperty a ao:ObjectType ;
-    ao:id "FAUX_DATA_PROPERTY" .
+access-individual:FauxDataProperty a access:ObjectType ;
+    access:id "FAUX_DATA_PROPERTY" .
 
-ai:FauxObjectProperty a ao:ObjectType ;
-    ao:id "FAUX_OBJECT_PROPERTY" .
+access-individual:FauxObjectProperty a access:ObjectType ;
+    access:id "FAUX_OBJECT_PROPERTY" .
 
-ai:ObjectPropertyStatement a ao:ObjectType ;
-    ao:id "OBJECT_PROPERTY_STATEMENT" .
+access-individual:ObjectPropertyStatement a access:ObjectType ;
+    access:id "OBJECT_PROPERTY_STATEMENT" .
 
-ai:DataPropertyStatement a ao:ObjectType ;
-    ao:id "DATA_PROPERTY_STATEMENT" .
+access-individual:DataPropertyStatement a access:ObjectType ;
+    access:id "DATA_PROPERTY_STATEMENT" .
 
-ai:FauxObjectPropertyStatement a ao:ObjectType ;
-    ao:id "FAUX_OBJECT_PROPERTY_STATEMENT" .
+access-individual:FauxObjectPropertyStatement a access:ObjectType ;
+    access:id "FAUX_OBJECT_PROPERTY_STATEMENT" .
 
-ai:FauxDataPropertyStatement a ao:ObjectType ;
-    ao:id "FAUX_DATA_PROPERTY_STATEMENT" .
+access-individual:FauxDataPropertyStatement a access:ObjectType ;
+    access:id "FAUX_DATA_PROPERTY_STATEMENT" .
 
-ai:Class a ao:ObjectType ;
-    ao:id "CLASS" .
+access-individual:Class a access:ObjectType ;
+    access:id "CLASS" .
 
-ai:NamedObject a ao:ObjectType ;
-    ao:id "NAMED_OBJECT" .
+access-individual:NamedObject a access:ObjectType ;
+    access:id "NAMED_OBJECT" .
 
 #Object type value containers
 
-ai:ObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:ObjectProperty .
+access-individual:ObjectPropertyValueContainer a access:ValueContainer ;
+    access:value access-individual:ObjectProperty .
 
-ai:DataPropertyValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:DataProperty .
+access-individual:DataPropertyValueContainer a access:ValueContainer ;
+    access:value access-individual:DataProperty .
 
-ai:FauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:FauxObjectProperty .
+access-individual:FauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:value access-individual:FauxObjectProperty .
 
-ai:FauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:FauxDataProperty .
+access-individual:FauxDataPropertyValueContainer a access:ValueContainer ;
+    access:value access-individual:FauxDataProperty .
 
-ai:ObjectPropertyStatementValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:ObjectPropertyStatement .
+access-individual:ObjectPropertyStatementValueContainer a access:ValueContainer ;
+    access:value access-individual:ObjectPropertyStatement .
 
-ai:DataPropertyStatementValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:DataPropertyStatement .
+access-individual:DataPropertyStatementValueContainer a access:ValueContainer ;
+    access:value access-individual:DataPropertyStatement .
 
-ai:FauxObjectPropertyStatementValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:FauxObjectPropertyStatement .
+access-individual:FauxObjectPropertyStatementValueContainer a access:ValueContainer ;
+    access:value access-individual:FauxObjectPropertyStatement .
 
-ai:FauxDataPropertyStatementValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:FauxDataPropertyStatement .
+access-individual:FauxDataPropertyStatementValueContainer a access:ValueContainer ;
+    access:value access-individual:FauxDataPropertyStatement .
 
-ai:ClassValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:Class .
+access-individual:ClassValueContainer a access:ValueContainer ;
+    access:value access-individual:Class .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3 b/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
deleted file mode 100644
index 40bff200db..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/ontology.n3
+++ /dev/null
@@ -1,175 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-##### Ontology
-<https://vivoweb.org/ontology/vitro-application/auth/vocabulary> a owl:Ontology .
-
-#### Classes
-
-ao:PolicyTemplate a owl:Class ;
-    rdfs:label "Access rule policy template"@en-US .
-
-ao:Policy a owl:Class ;
-    rdfs:label "Access rule policy"@en-US .
-
-ao:PolicyDataSet a owl:Class ;
-    rdfs:label "Test datasets"@en-US .
-
-ao:ValueContainer a owl:Class ;
-    rdfs:label "Test data"@en-US .
-
-ao:TestValue a owl:Class ;
-    rdfs:label "Test value"@en-US .
-
-ao:Rule a owl:Class ;
-    rdfs:label "Access rule"@en-US .
-
-ao:Rules a owl:Class ;
-    rdfs:label "Access rule set"@en-US .
-
-ao:PolicyKey a owl:Class ;
-    rdfs:label "Policy key"@en-US .
-
-ao:Check a owl:Class ;
-    rdfs:label "Access rule check"@en-US .
-
-ao:Operator a owl:Class ;
-    rdfs:label "Operator"@en-US .
-
-ao:Operation a owl:Class ;
-    rdfs:label "Operation"@en-US .
-
-ao:OperationGroup a owl:Class ;
-    rdfs:label "Operation group"@en-US .
-
-ao:ObjectType a owl:Class ;
-    rdfs:label "Object type"@en-US .
-
-ao:SubjectType a owl:Class ;
-    rdfs:label "Subject type"@en-US .
-
-ao:AccesObject a owl:Class ;
-    rdfs:label "Access object"@en-US .
-
-ao:Attribute a owl:Class ;
-    rdfs:label "Attribute"@en-US .
-
-ao:Decision a owl:Class ;
-    rdfs:label "Decision"@en-US .
-
-ao:DataSetTemplate a owl:Class ;
-    rdfs:label "Data set template"@en-US .
-
-ao:DataSetTemplateKey a owl:Class ;
-    rdfs:label "Data set template key"@en-US .
-
-ao:DataSetKeyTemplate a owl:Class ;
-    rdfs:label "Data set key template"@en-US .
-
-ao:ValueContainerTemplate a owl:Class ;
-    rdfs:label "Value container template"@en-US .
-
-#### Data properties
-
-ao:attributeName a owl:DatatypeProperty ,
-    owl:FunctionalProperty ;
-    rdfs:domain ao:Check ;
-    rdfs:range xsd:string ;
-    rdfs:label "Attribute name"@en-US .
-
-ao:id a owl:DatatypeProperty ,
-    owl:FunctionalProperty ;
-    rdfs:domain ao:Attribute ;
-    rdfs:range xsd:string ;
-    rdfs:label "id"@en-US .
-
-ao:stringValue a owl:DatatypeProperty ,
-    owl:FunctionalProperty ;
-    rdfs:range xsd:string ;
-    rdfs:label "id"@en-US .    
-
-ao:priority a owl:DatatypeProperty ,
-    owl:FunctionalProperty ;
-    rdfs:range xsd:integer ;
-    rdfs:label "priority"@en-US . 
-
-#### Object properties
-
-ao:dataSetValues a owl:ObjectProperty .
-
-ao:defaultValue a owl:ObjectProperty ;
-    rdfs:domain ao:ValueContainerTemplate .
-
-ao:containerTypeTemplate a owl:ObjectProperty ;
-    rdfs:domain ao:ValueContainerTemplate .
-
-ao:relatedValueSet a owl:ObjectProperty ;
-    rdfs:domain ao:ValueContainerTemplate ;
-    rdfs:range ao:AttributeValueSet .
-
-ao:dataSetTemplateKey a owl:ObjectProperty ;
-    rdfs:domain ao:DataSetTemplate ;
-    rdfs:range ao:DataSetTemplateKey .
-
-ao:dataSetValueTemplate a owl:ObjectProperty ;
-    rdfs:domain ao:DataSetTemplate ;
-    rdfs:range ao:ValueContainerTemplate .
-
-ao:templateKey a owl:ObjectProperty ;
-    rdfs:domain ao:DataSetTemplateKey .
-
-ao:check a owl:ObjectProperty ;
-    rdfs:domain ao:Rule ;
-    rdfs:range ao:Check .
-
-ao:decision a owl:ObjectProperty ;
-    rdfs:domain ao:Rule ;
-    rdfs:range ao:Decision .    
-
-ao:rules a owl:ObjectProperty ;
-    rdfs:domain ao:Policy ;
-    rdfs:range ao:Rules .
-
-ao:policyDataSets a owl:ObjectProperty ;
-    rdfs:domain ao:Policy ;
-    rdfs:range ao:PolicyDataSet .
-
-ao:testData a owl:ObjectProperty ;
-    rdfs:domain ao:PolicyDataSet ;
-    rdfs:range ao:ValueContainer .
-
-ao:containerType a owl:ObjectProperty ;
-    rdfs:domain ao:ValueContainer .
-
-ao:uri a owl:ObjectProperty .
-
-ao:value a owl:ObjectProperty ;
-    rdfs:domain ao:Check .
-
-ao:setValue a owl:ObjectProperty ;
-    rdfs:domain ao:Check .    
-
-ao:operation a owl:ObjectProperty ;
-    rdfs:domain ao:Rule ;
-    rdfs:range ao:Operation .
-
-ao:rule a owl:ObjectProperty ;
-    rdfs:domain ao:Policy ;
-    rdfs:range ao:Rule .
-
-ao:test a owl:ObjectProperty ;
-    rdfs:domain ao:Check ;
-    rdfs:range ao:Operator .
-
-ao:keyComponent a owl:ObjectProperty .
-
-ao:policyKey a owl:ObjectProperty ;
-    rdfs:domain ao:Policy ;
-    rdfs:range ao:PolicyKey .    
-
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/operations.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
index 1cda7e21aa..714cc06259 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
@@ -1,51 +1,46 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:DisplayOperation a ao:Operation ;
-    ao:id "DISPLAY" .
+access-individual:DisplayOperation a access:Operation ;
+    access:id "DISPLAY" .
 
-ai:UpdateOperation a ao:Operation ;
-    ao:id "UPDATE" .
+access-individual:UpdateOperation a access:Operation ;
+    access:id "UPDATE" .
 
-ai:PublishOperation a ao:Operation ;
-    ao:id "PUBLISH" .    
+access-individual:PublishOperation a access:Operation ;
+    access:id "PUBLISH" .    
 
-ai:AddOperation a ao:Operation ;
-    ao:id "ADD" .
+access-individual:AddOperation a access:Operation ;
+    access:id "ADD" .
 
-ai:DropOperation a ao:Operation ;
-    ao:id "DROP" .
+access-individual:DropOperation a access:Operation ;
+    access:id "DROP" .
 
-ai:EditOperation a ao:Operation ;
-    ao:id "EDIT" .
+access-individual:EditOperation a access:Operation ;
+    access:id "EDIT" .
 
-ai:ExecuteOperation a ao:Operation ;
-    ao:id "EXECUTE" .
+access-individual:ExecuteOperation a access:Operation ;
+    access:id "EXECUTE" .
 
-ai:DisplayOperationValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:DisplayOperation .
+access-individual:DisplayOperationValueContainer a access:ValueContainer ;
+    access:value access-individual:DisplayOperation .
 
-ai:UpdateOperationValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:UpdateOperation .
+access-individual:UpdateOperationValueContainer a access:ValueContainer ;
+    access:value access-individual:UpdateOperation .
 
-ai:PublishOperationValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:PublishOperation .
+access-individual:PublishOperationValueContainer a access:ValueContainer ;
+    access:value access-individual:PublishOperation .
 
-ai:AddOperationValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:AddOperation .
+access-individual:AddOperationValueContainer a access:ValueContainer ;
+    access:value access-individual:AddOperation .
 
-ai:DropOperationValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:DropOperation .
+access-individual:DropOperationValueContainer a access:ValueContainer ;
+    access:value access-individual:DropOperation .
 
-ai:EditOperationValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:EditOperation .
+access-individual:EditOperationValueContainer a access:ValueContainer ;
+    access:value access-individual:EditOperation .
 
-ai:ExecuteOperationValueContainer a ao:ValueContainer ;
-    ao:dataValue ai:ExecuteOperation .
+access-individual:ExecuteOperationValueContainer a access:ValueContainer ;
+    access:value access-individual:ExecuteOperation .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/operators.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operators.n3
index 30bcb3685b..9684ed967c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/operators.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/operators.n3
@@ -1,27 +1,22 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:Equals a ao:Operator;
-    ao:id "EQUALS" .
+access-individual:Equals a access:Operator;
+    access:id "EQUALS" .
 
-ai:NotEquals a ao:Operator;
-    ao:id "NOT_EQUALS" .
+access-individual:NotEquals a access:Operator;
+    access:id "NOT_EQUALS" .
 
-ai:OneOf a ao:Operator;
-    ao:id "ONE_OF" .
+access-individual:OneOf a access:Operator;
+    access:id "ONE_OF" .
 
-ai:NotOneOf a ao:Operator;
-    ao:id "NOT_ONE_OF" .
+access-individual:NotOneOf a access:Operator;
+    access:id "NOT_ONE_OF" .
 
-ai:StartsWith a ao:Operator;
-    ao:id "STARTS_WITH" .
+access-individual:StartsWith a access:Operator;
+    access:id "STARTS_WITH" .
 
-ai:SparqlSelectQueryContains a ao:Operator;
-    ao:id "SPARQL_SELECT_QUERY_CONTAINS" .
+access-individual:SparqlSelectQueryContains a access:Operator;
+    access:id "SPARQL_SELECT_QUERY_CONTAINS" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index 8cc0760929..ef8259b1c1 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -1,75 +1,71 @@
 # $This file is distributed under the terms of the license in LICENSE$
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/policy/edit-individual-pages/> .
 
-:Policy a ao:Policy ;
-    ao:rules :RuleSet .
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/edit-individual-pages/> .
 
-:RuleSet a ao:Rules ;
-    ao:rule :AllowEditRelatedPagesRule ;
-    ao:rule :AllowEditIndividualPagesRule .
+:Policy a access:Policy ;
+    access:rules :RuleSet .
 
-:AllowEditIndividualPagesRule a ao:Rule;
-    ao:check :SubjectRoleOneOfEditorsCheck ;
-    ao:check :IsAddOperation ;
-    ao:check :IsObjectPropertyStatement ;
-    ao:check :ObjectUriIsSomeUri ;
-    ao:check :PredicateIsSomePredicate .
+:RuleSet a access:Rules ;
+    access:rule :AllowEditRelatedPagesRule ;
+    access:rule :AllowEditIndividualPagesRule .
 
-:SubjectRoleOneOfEditorsCheck a ao:Check ;
-    ao:operator ai:OneOf ;
-    ao:attribute ai:SubjectRole ;
-    ao:value auth:ADMIN ;
-    ao:value auth:CURATOR ;
-    ao:value auth:EDITOR .
+:AllowEditIndividualPagesRule a access:Rule;
+    access:check :SubjectRoleOneOfEditorsCheck ;
+    access:check :IsAddOperation ;
+    access:check :IsObjectPropertyStatement ;
+    access:check :ObjectUriIsSomeUri ;
+    access:check :PredicateIsSomePredicate .
 
-:SubjectRoleIsSelfEditor a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:SubjectRole ;
-    ao:value auth:SELF_EDITOR .
+:SubjectRoleOneOfEditorsCheck a access:Check ;
+    access:operator access-individual:OneOf ;
+    access:attribute access-individual:SubjectRole ;
+    access:singleValue auth:ADMIN ;
+    access:singleValue auth:CURATOR ;
+    access:singleValue auth:EDITOR .
 
-:IsAddOperation a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:Operation ;
-    ao:value ai:AddOperation .
+:SubjectRoleIsSelfEditor a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:SubjectRole ;
+    access:singleValue auth:SELF_EDITOR .
 
-:AllowEditRelatedPagesRule a ao:Rule;
-    ao:check :SubjectRoleIsSelfEditor ;
-    ao:check :SubjectUriIsProfileRelatedResource ;
-    ao:check :IsAddOperation ;
-    ao:check :IsObjectPropertyStatement ;
-    ao:check :ObjectUriIsSomeUri ;
-    ao:check :PredicateIsSomePredicate .
+:IsAddOperation a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:singleValue access-individual:AddOperation .
 
-:PredicateIsSomePredicate a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:StatementPredicateUri ;
-    ao:value :SomeUri .
+:AllowEditRelatedPagesRule a access:Rule;
+    access:check :SubjectRoleIsSelfEditor ;
+    access:check :SubjectUriIsProfileRelatedResource ;
+    access:check :IsAddOperation ;
+    access:check :IsObjectPropertyStatement ;
+    access:check :ObjectUriIsSomeUri ;
+    access:check :PredicateIsSomePredicate .
 
-:ObjectUriIsSomeUri a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:StatementObjectUri ;
-    ao:value :SomeUri .
+:PredicateIsSomePredicate a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:StatementPredicateUri ;
+    access:singleValue :SomeUri .
 
-:SubjectUriIsProfileRelatedResource a ao:Check ;
-    ao:operator ai:SparqlSelectQueryContains ;
-    ao:attribute ai:StatementSubjectUri ;
-    ao:value ai:PersonProfileProximityToResourceUri .
+:ObjectUriIsSomeUri a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:StatementObjectUri ;
+    access:singleValue :SomeUri .
 
-:IsObjectPropertyStatement a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:AccessObjectType ;
-    ao:value ai:ObjectPropertyStatement .
+:SubjectUriIsProfileRelatedResource a access:Check ;
+    access:operator access-individual:SparqlSelectQueryContains ;
+    access:attribute access-individual:StatementSubjectUri ;
+    access:singleValue access-individual:PersonProfileProximityToResourceUri .
 
+:IsObjectPropertyStatement a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:singleValue access-individual:ObjectPropertyStatement .
 
-:SomeUri a ao:ValueContainer ;
-    ao:id "?SOME_URI" .
+:SomeUri a access:AttributeValue ;
+    access:id "?SOME_URI" .
 
-:SomeLiteral a ao:ValueContainer ;
-    ao:id "?SOME_LITERAL" .
+:SomeLiteral a access:AttributeValue ;
+    access:id "?SOME_LITERAL" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
index 8e8d971f97..3620343d6e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
@@ -1,57 +1,52 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/policy/restrict-home-menu-items-editing/> .
-
-:Policy a ao:Policy ;
-    ao:priority 9000 ;
-    ao:rules :RuleSet .
-
-:RuleSet a ao:Rules ;
-    ao:rule :RestrictEdit ;
-    ao:rule :RestrictDrop .
-
-:RestrictEdit a ao:Rule ;
-    ao:decision ai:Deny ;
-    ao:check :IsEditOperationCheck ;
-    ao:check :IsObjectPropertyStatement ;
-    ao:check :PredicateUriEqualsHomeMenuItem ;
-    ao:check :ObjectUriEqualsHasElement .
-
-:RestrictDrop a ao:Rule ;
-    ao:decision ai:Deny ;
-    ao:check :IsDropOperationCheck ;
-    ao:check :IsObjectPropertyStatement ;
-    ao:check :PredicateUriEqualsHomeMenuItem ;
-    ao:check :ObjectUriEqualsHasElement .
-
-:IsEditOperationCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:Operation ;
-    ao:value ai:EditOperation .
-
-:IsDropOperationCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:Operation ;
-    ao:value ai:DropOperation .
-
-:IsObjectPropertyStatement a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:AccessObjectType ;
-    ao:value ai:ObjectPropertyStatement .
-
-:PredicateUriEqualsHomeMenuItem a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:StatementPredicateUri ;
-    ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem> .
-
-:ObjectUriEqualsHasElement a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:StatementObjectUri ;
-    ao:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/restrict-home-menu-items-editing/> .
+
+:Policy a access:Policy ;
+    access:priority 9000 ;
+    access:rules :RuleSet .
+
+:RuleSet a access:Rules ;
+    access:rule :RestrictEdit ;
+    access:rule :RestrictDrop .
+
+:RestrictEdit a access:Rule ;
+    access:decision access-individual:Deny ;
+    access:check :IsEditOperationCheck ;
+    access:check :IsObjectPropertyStatement ;
+    access:check :PredicateUriEqualsHomeMenuItem ;
+    access:check :ObjectUriEqualsHasElement .
+
+:RestrictDrop a access:Rule ;
+    access:decision access-individual:Deny ;
+    access:check :IsDropOperationCheck ;
+    access:check :IsObjectPropertyStatement ;
+    access:check :PredicateUriEqualsHomeMenuItem ;
+    access:check :ObjectUriEqualsHasElement .
+
+:IsEditOperationCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:singleValue access-individual:EditOperation .
+
+:IsDropOperationCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:singleValue access-individual:DropOperation .
+
+:IsObjectPropertyStatement a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:singleValue access-individual:ObjectPropertyStatement .
+
+:PredicateUriEqualsHomeMenuItem a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:StatementPredicateUri ;
+    access:singleValue <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem> .
+
+:ObjectUriEqualsHasElement a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:StatementObjectUri ;
+    access:singleValue <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
index ef86561a6f..4720349408 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
@@ -1,26 +1,21 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/policy/root-user/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/root-user/> .
 
-:Policy a ao:Policy ;
-    ao:priority 10000 ;
-    ao:rules :RuleSet .
+:Policy a access:Policy ;
+    access:priority 10000 ;
+    access:rules :RuleSet .
 
-:RuleSet a ao:Rules ;
-    ao:rule :AllowRootUserRule .
+:RuleSet a access:Rules ;
+    access:rule :AllowRootUserRule .
 
-:AllowRootUserRule a ao:Rule;
-    ao:check :IsRootUserCheck .
+:AllowRootUserRule a access:Rule;
+    access:check :IsRootUserCheck .
 
-:IsRootUserCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:SubjectType ;
-    ao:value ai:RootUserSubject .
+:IsRootUserCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:SubjectType ;
+    access:singleValue access-individual:RootUserSubject .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3 b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
index 1433d74e82..7bb3c3761b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
@@ -1,15 +1,10 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:PersonProfileProximityToResourceUri a ao:ValueContainer ;
-    ao:id """
+access-individual:PersonProfileProximityToResourceUri a access:ValueContainer ;
+    access:id """
     SELECT ?resourceUri WHERE {
         {
           ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/roles.n3 b/home/src/main/resources/rdf/accessControl/firsttime/roles.n3
index e55a247166..b035af5bb8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/roles.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/roles.n3
@@ -1,24 +1,20 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:PublicRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:PUBLIC .
+access-individual:PublicRoleValueContainer a access:ValueContainer ;
+    access:value auth:PUBLIC .
 
-ai:SelfEditorRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:SELF_EDITOR .
+access-individual:SelfEditorRoleValueContainer a access:ValueContainer ;
+    access:value auth:SELF_EDITOR .
 
-ai:EditorRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:EDITOR .
+access-individual:EditorRoleValueContainer a access:ValueContainer ;
+    access:value auth:EDITOR .
 
-ai:CuratorRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:CURATOR .
+access-individual:CuratorRoleValueContainer a access:ValueContainer ;
+    access:value auth:CURATOR .
 
-ai:AdminRoleValueContainer a ao:ValueContainer ;
-    ao:dataValue auth:ADMIN .
+access-individual:AdminRoleValueContainer a access:ValueContainer ;
+    access:value auth:ADMIN .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3
index f05cd6a7fc..cae7525c3c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3
@@ -1,60 +1,55 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/> .
 
-ai:AdminSimplePermissionValueContainer
-    ao:dataValue simplePermission:AccessSpecialDataModels ;
-    ao:dataValue simplePermission:EnableDeveloperPanel ;
-    ao:dataValue simplePermission:LoginDuringMaintenance ;
-    ao:dataValue simplePermission:ManageMenus ;
-    ao:dataValue simplePermission:ManageProxies ;
-    ao:dataValue simplePermission:ManageSearchIndex ;
-    ao:dataValue simplePermission:ManageUserAccounts ;
-    ao:dataValue simplePermission:RefreshVisualizationCache ;
-    ao:dataValue simplePermission:SeeConfiguration ;
-    ao:dataValue simplePermission:SeeStartupStatus ;
-    ao:dataValue simplePermission:UseAdvancedDataToolsPages ;
-    ao:dataValue simplePermission:UseMiscellaneousAdminPages ;
-    ao:dataValue simplePermission:UseSparqlQueryPage ;
-    ao:dataValue simplePermission:PageViewableAdmin ;
+:AdminSimplePermissionValueContainer
+    access:value simplePermission:AccessSpecialDataModels ;
+    access:value simplePermission:EnableDeveloperPanel ;
+    access:value simplePermission:LoginDuringMaintenance ;
+    access:value simplePermission:ManageMenus ;
+    access:value simplePermission:ManageProxies ;
+    access:value simplePermission:ManageSearchIndex ;
+    access:value simplePermission:ManageUserAccounts ;
+    access:value simplePermission:RefreshVisualizationCache ;
+    access:value simplePermission:SeeConfiguration ;
+    access:value simplePermission:SeeStartupStatus ;
+    access:value simplePermission:UseAdvancedDataToolsPages ;
+    access:value simplePermission:UseMiscellaneousAdminPages ;
+    access:value simplePermission:UseSparqlQueryPage ;
+    access:value simplePermission:PageViewableAdmin ;
 
     # Uncomment the following permission line to enable the SPARQL update API.
     # Before enabling, be sure that the URL api/sparqlUpdate is secured by HTTPS,
     # so passwords will not be sent in clear text.
-    #ao:dataValue simplePermission:UseSparqlUpdateApi ;
+    #access:value simplePermission:UseSparqlUpdateApi ;
 
     # permissions for CURATOR and above.
-    ao:dataValue simplePermission:EditOntology ;
-    ao:dataValue simplePermission:EditSiteInformation ;
-    ao:dataValue simplePermission:SeeVerbosePropertyInformation ;
-    ao:dataValue simplePermission:UseMiscellaneousCuratorPages ;
-    ao:dataValue simplePermission:PageViewableCurator ;
+    access:value simplePermission:EditOntology ;
+    access:value simplePermission:EditSiteInformation ;
+    access:value simplePermission:SeeVerbosePropertyInformation ;
+    access:value simplePermission:UseMiscellaneousCuratorPages ;
+    access:value simplePermission:PageViewableCurator ;
 
     # permissions for EDITOR and above.
-    ao:dataValue simplePermission:DoBackEndEditing ;
-    ao:dataValue simplePermission:SeeIndividualEditingPanel ;
-    ao:dataValue simplePermission:SeeRevisionInfo ;
-    ao:dataValue simplePermission:SeeSiteAdminPage ;
-    ao:dataValue simplePermission:UseIndividualControlPanel ;
-    ao:dataValue simplePermission:PageViewableEditor ;
+    access:value simplePermission:DoBackEndEditing ;
+    access:value simplePermission:SeeIndividualEditingPanel ;
+    access:value simplePermission:SeeRevisionInfo ;
+    access:value simplePermission:SeeSiteAdminPage ;
+    access:value simplePermission:UseIndividualControlPanel ;
+    access:value simplePermission:PageViewableEditor ;
 
     # permissions for ANY logged-in user.
-    ao:dataValue simplePermission:DoFrontEndEditing ;
-    ao:dataValue simplePermission:EditOwnAccount ;
-    ao:dataValue simplePermission:ManageOwnProxies ;
-    ao:dataValue simplePermission:QueryUserAccountsModel ;
-    ao:dataValue simplePermission:UseBasicAjaxControllers ;
-    ao:dataValue simplePermission:UseMiscellaneousPages ;
-    ao:dataValue simplePermission:PageViewableLoggedIn ;
+    access:value simplePermission:DoFrontEndEditing ;
+    access:value simplePermission:EditOwnAccount ;
+    access:value simplePermission:ManageOwnProxies ;
+    access:value simplePermission:QueryUserAccountsModel ;
+    access:value simplePermission:UseBasicAjaxControllers ;
+    access:value simplePermission:UseMiscellaneousPages ;
+    access:value simplePermission:PageViewableLoggedIn ;
 
     # permissions for ANY user, even if they are not logged in.
-    ao:dataValue simplePermission:QueryFullModel ;
-    ao:dataValue simplePermission:PageViewablePublic ;
+    access:value simplePermission:QueryFullModel ;
+    access:value simplePermission:PageViewablePublic ;
     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3
index 34225255ff..9d0277c8ca 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3
@@ -1,39 +1,34 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/> .
 
-ai:CuratorSimplePermissionValueContainer
-    ao:dataValue simplePermission:EditOntology ;
-    ao:dataValue simplePermission:EditSiteInformation ;
-    ao:dataValue simplePermission:SeeVerbosePropertyInformation ;
-    ao:dataValue simplePermission:UseMiscellaneousCuratorPages ;
-    ao:dataValue simplePermission:PageViewableCurator ;
+:CuratorSimplePermissionValueContainer
+    access:value simplePermission:EditOntology ;
+    access:value simplePermission:EditSiteInformation ;
+    access:value simplePermission:SeeVerbosePropertyInformation ;
+    access:value simplePermission:UseMiscellaneousCuratorPages ;
+    access:value simplePermission:PageViewableCurator ;
 
     # permissions for EDITOR and above.
-    ao:dataValue simplePermission:DoBackEndEditing ;
-    ao:dataValue simplePermission:SeeIndividualEditingPanel ;
-    ao:dataValue simplePermission:SeeRevisionInfo ;
-    ao:dataValue simplePermission:SeeSiteAdminPage ;
-    ao:dataValue simplePermission:UseIndividualControlPanel ;
-    ao:dataValue simplePermission:PageViewableEditor ;
+    access:value simplePermission:DoBackEndEditing ;
+    access:value simplePermission:SeeIndividualEditingPanel ;
+    access:value simplePermission:SeeRevisionInfo ;
+    access:value simplePermission:SeeSiteAdminPage ;
+    access:value simplePermission:UseIndividualControlPanel ;
+    access:value simplePermission:PageViewableEditor ;
 
     # permissions for ANY logged-in user.
-    ao:dataValue simplePermission:DoFrontEndEditing ;
-    ao:dataValue simplePermission:EditOwnAccount ;
-    ao:dataValue simplePermission:ManageOwnProxies ;
-    ao:dataValue simplePermission:QueryUserAccountsModel ;
-    ao:dataValue simplePermission:UseBasicAjaxControllers ;
-    ao:dataValue simplePermission:UseMiscellaneousPages ;
-    ao:dataValue simplePermission:PageViewableLoggedIn ;
+    access:value simplePermission:DoFrontEndEditing ;
+    access:value simplePermission:EditOwnAccount ;
+    access:value simplePermission:ManageOwnProxies ;
+    access:value simplePermission:QueryUserAccountsModel ;
+    access:value simplePermission:UseBasicAjaxControllers ;
+    access:value simplePermission:UseMiscellaneousPages ;
+    access:value simplePermission:PageViewableLoggedIn ;
 
     # permissions for ANY user, even if they are not logged in.
-    ao:dataValue simplePermission:QueryFullModel ;
-    ao:dataValue simplePermission:PageViewablePublic ;
+    access:value simplePermission:QueryFullModel ;
+    access:value simplePermission:PageViewablePublic ;
     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_editor.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_editor.n3
index 0cc7f2a2bc..6f8cfb19f7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_editor.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_editor.n3
@@ -1,33 +1,28 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/> .
 
-ai:EditorSimplePermissionValueContainer
+:EditorSimplePermissionValueContainer
     # permissions for EDITOR and above.
-    ao:dataValue simplePermission:DoBackEndEditing ;
-    ao:dataValue simplePermission:SeeIndividualEditingPanel ;
-    ao:dataValue simplePermission:SeeRevisionInfo ;
-    ao:dataValue simplePermission:SeeSiteAdminPage ;
-    ao:dataValue simplePermission:UseIndividualControlPanel ;
-    ao:dataValue simplePermission:PageViewableEditor ;
+    access:value simplePermission:DoBackEndEditing ;
+    access:value simplePermission:SeeIndividualEditingPanel ;
+    access:value simplePermission:SeeRevisionInfo ;
+    access:value simplePermission:SeeSiteAdminPage ;
+    access:value simplePermission:UseIndividualControlPanel ;
+    access:value simplePermission:PageViewableEditor ;
 
     # permissions for ANY logged-in user.
-    ao:dataValue simplePermission:DoFrontEndEditing ;
-    ao:dataValue simplePermission:EditOwnAccount ;
-    ao:dataValue simplePermission:ManageOwnProxies ;
-    ao:dataValue simplePermission:QueryUserAccountsModel ;
-    ao:dataValue simplePermission:UseBasicAjaxControllers ;
-    ao:dataValue simplePermission:UseMiscellaneousPages ;
-    ao:dataValue simplePermission:PageViewableLoggedIn ;
+    access:value simplePermission:DoFrontEndEditing ;
+    access:value simplePermission:EditOwnAccount ;
+    access:value simplePermission:ManageOwnProxies ;
+    access:value simplePermission:QueryUserAccountsModel ;
+    access:value simplePermission:UseBasicAjaxControllers ;
+    access:value simplePermission:UseMiscellaneousPages ;
+    access:value simplePermission:PageViewableLoggedIn ;
 
     # permissions for ANY user, even if they are not logged in.
-    ao:dataValue simplePermission:QueryFullModel ;
-    ao:dataValue simplePermission:PageViewablePublic ;
+    access:value simplePermission:QueryFullModel ;
+    access:value simplePermission:PageViewablePublic ;
     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3
index c8c1e3cea6..20459c10d4 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3
@@ -1,16 +1,11 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/> .
 
-ai:PublicSimplePermissionValueContainer  
+:PublicSimplePermissionValueContainer  
     # permissions for ANY user, even if they are not logged in.
-    ao:dataValue simplePermission:QueryFullModel ;
-    ao:dataValue simplePermission:PageViewablePublic ;
+    access:value simplePermission:QueryFullModel ;
+    access:value simplePermission:PageViewablePublic ;
     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3
index fa2f17fe4c..865fd486d3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3
@@ -1,25 +1,20 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/> .
 
-ai:SelfEditorSimplePermissionValueContainer
+:SelfEditorSimplePermissionValueContainer
     # permissions for ANY logged-in user.
-    ao:dataValue simplePermission:DoFrontEndEditing ;
-    ao:dataValue simplePermission:EditOwnAccount ;
-    ao:dataValue simplePermission:ManageOwnProxies ;
-    ao:dataValue simplePermission:QueryUserAccountsModel ;
-    ao:dataValue simplePermission:UseBasicAjaxControllers ;
-    ao:dataValue simplePermission:UseMiscellaneousPages ;
-    ao:dataValue simplePermission:PageViewableLoggedIn ;
+    access:value simplePermission:DoFrontEndEditing ;
+    access:value simplePermission:EditOwnAccount ;
+    access:value simplePermission:ManageOwnProxies ;
+    access:value simplePermission:QueryUserAccountsModel ;
+    access:value simplePermission:UseBasicAjaxControllers ;
+    access:value simplePermission:UseMiscellaneousPages ;
+    access:value simplePermission:PageViewableLoggedIn ;
 
     # permissions for ANY user, even if they are not logged in.
-    ao:dataValue simplePermission:QueryFullModel ;
-	ao:dataValue simplePermission:PageViewablePublic ;
+    access:value simplePermission:QueryFullModel ;
+	access:value simplePermission:PageViewablePublic ;
     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/subject_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/subject_types.n3
index ad00aa491c..bf808a8008 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/subject_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/subject_types.n3
@@ -1,12 +1,7 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-ai:RootUserSubject a ao:SubjectType ;
-     ao:id "ROOT_USER" .
+access-individual:RootUserSubject a access:SubjectType ;
+     access:id "ROOT_USER" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 8d537a3011..194be0c529 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -1,421 +1,417 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-class/> .
-
-:PolicyTemplate a ao:PolicyTemplate ;
-    ao:rules :RuleSet ;
-    ao:policyDataSets :DataSets .
-
-:DataSets a ao:PolicyDataSets ;
-    ao:policyDataSet :PublicDisplayClassDataSet ;
-    ao:policyDataSet :SelfEditorDisplayClassDataSet ;
-    ao:policyDataSet :EditorDisplayClassDataSet ;
-    ao:policyDataSet :CuratorDisplayClassDataSet ;
-    ao:policyDataSet :AdminDisplayClassDataSet ;
-
-    ao:policyDataSet :PublicUpdateClassDataSet ;
-    ao:policyDataSet :SelfEditorUpdateClassDataSet ;
-    ao:policyDataSet :EditorUpdateClassDataSet ;
-    ao:policyDataSet :CuratorUpdateClassDataSet ;
-    ao:policyDataSet :AdminUpdateClassDataSet ;
-
-    ao:policyDataSet :SelfEditorPublishClassDataSet ;
-    ao:policyDataSet :EditorPublishClassDataSet ;
-    ao:policyDataSet :CuratorPublishClassDataSet ;
-    ao:policyDataSet :AdminPublishClassDataSet ;
-
-    ao:policyDataSetTemplate :RoleDisplayClassDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleUpdateClassDataSetTemplate ;
-    ao:policyDataSetTemplate :RolePublishClassDataSetTemplate ;
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-class/> .
+
+:PolicyTemplate a access:PolicyTemplate ;
+    access:rules :RuleSet ;
+    access:policyDataSets :DataSets .
+
+:DataSets a access:PolicyDataSets ;
+    access:policyDataSet :PublicDisplayClassDataSet ;
+    access:policyDataSet :SelfEditorDisplayClassDataSet ;
+    access:policyDataSet :EditorDisplayClassDataSet ;
+    access:policyDataSet :CuratorDisplayClassDataSet ;
+    access:policyDataSet :AdminDisplayClassDataSet ;
+
+    access:policyDataSet :PublicUpdateClassDataSet ;
+    access:policyDataSet :SelfEditorUpdateClassDataSet ;
+    access:policyDataSet :EditorUpdateClassDataSet ;
+    access:policyDataSet :CuratorUpdateClassDataSet ;
+    access:policyDataSet :AdminUpdateClassDataSet ;
+
+    access:policyDataSet :SelfEditorPublishClassDataSet ;
+    access:policyDataSet :EditorPublishClassDataSet ;
+    access:policyDataSet :CuratorPublishClassDataSet ;
+    access:policyDataSet :AdminPublishClassDataSet ;
+
+    access:policyDataSetTemplate :RoleDisplayClassDataSetTemplate ;
+    access:policyDataSetTemplate :RoleUpdateClassDataSetTemplate ;
+    access:policyDataSetTemplate :RolePublishClassDataSetTemplate ;
     .
 
 #Role Display Class data set template
 
-:RoleDisplayClassDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleDisplayClassDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleDisplayClassDataSetKeyTemplate ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleDisplayClassRoleValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleDisplayClassValueContainerTemplate .  
+:RoleDisplayClassDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleDisplayClassDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleDisplayClassDataSetKeyTemplate ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValueTemplate :RoleDisplayClassRoleValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleDisplayClassValueContainerTemplate .  
 
-:RoleDisplayClassDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleDisplayClassDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleDisplayClassDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent ai:DisplayOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleDisplayClassDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent access-individual:DisplayOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDisplayClassRoleValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleDisplayClassRoleValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDisplayClassValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedClassValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:Class .
+:RoleDisplayClassValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedClassValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:Class .
 
 #Role Update Class data set template
 
-:RoleUpdateClassDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleUpdateClassDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleUpdateClassDataSetKeyTemplate ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:UpdateOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleUpdateClassRoleValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleUpdateClassValueContainerTemplate .  
+:RoleUpdateClassDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleUpdateClassDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleUpdateClassDataSetKeyTemplate ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:UpdateOperationValueContainer ;
+    access:dataSetValueTemplate :RoleUpdateClassRoleValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleUpdateClassValueContainerTemplate .  
 
-:RoleUpdateClassDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleUpdateClassDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleUpdateClassDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent ai:UpdateOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleUpdateClassDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent access-individual:UpdateOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleUpdateClassRoleValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleUpdateClassRoleValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleUpdateClassValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedClassValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:Class .
+:RoleUpdateClassValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedClassValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:Class .
 
 #Role Publish Class data set template
 
-:RolePublishClassDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RolePublishClassDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RolePublishClassDataSetKeyTemplate ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValueTemplate :RolePublishClassRoleValueContainerTemplate ;
-    ao:dataSetValueTemplate :RolePublishClassValueContainerTemplate .  
+:RolePublishClassDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RolePublishClassDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RolePublishClassDataSetKeyTemplate ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValueTemplate :RolePublishClassRoleValueContainerTemplate ;
+    access:dataSetValueTemplate :RolePublishClassValueContainerTemplate .  
 
-:RolePublishClassDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RolePublishClassDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RolePublishClassDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent ai:PublishOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RolePublishClassDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent access-individual:PublishOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RolePublishClassRoleValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RolePublishClassRoleValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePublishClassValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedClassValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:Class .
+:RolePublishClassValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedClassValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:Class .
 
 ### Public display class uri data sets
 
-:PublicDisplayClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDisplayClassDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:PublicDisplayClassValueContainer .
+:PublicDisplayClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicDisplayClassDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :PublicDisplayClassValueContainer .
 
-:PublicDisplayClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DisplayOperation .
+:PublicDisplayClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Self editor display class uri data sets
 
-:SelfEditorDisplayClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorDisplayClassDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorDisplayClassValueContainer .
+:SelfEditorDisplayClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorDisplayClassDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :SelfEditorDisplayClassValueContainer .
 
-:SelfEditorDisplayClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:DisplayOperation .
+:SelfEditorDisplayClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Editor display class uri data sets
 
-:EditorDisplayClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDisplayClassDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:EditorDisplayClassValueContainer .
+:EditorDisplayClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorDisplayClassDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :EditorDisplayClassValueContainer .
 
-:EditorDisplayClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DisplayOperation .
+:EditorDisplayClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Curator display class uri data sets
 
-:CuratorDisplayClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDisplayClassDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDisplayClassValueContainer .
+:CuratorDisplayClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorDisplayClassDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :CuratorDisplayClassValueContainer .
 
-:CuratorDisplayClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DisplayOperation .
+:CuratorDisplayClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Admin display class uri data sets
 
-:AdminDisplayClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDisplayClassDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:AdminDisplayClassValueContainer .
+:AdminDisplayClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminDisplayClassDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :AdminDisplayClassValueContainer .
 
-:AdminDisplayClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DisplayOperation .
+:AdminDisplayClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Public update class uri data sets
 
-:PublicUpdateClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicUpdateClassDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:UpdateOperationValueContainer ;
-    ao:dataSetValues ai:PublicUpdateClassValueContainer .
+:PublicUpdateClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicUpdateClassDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:UpdateOperationValueContainer ;
+    access:dataSetValues :PublicUpdateClassValueContainer .
 
-:PublicUpdateClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:UpdateOperation .
+:PublicUpdateClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:UpdateOperation .
 
 ### Self editor update class uri data sets
 
-:SelfEditorUpdateClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorUpdateClassDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:UpdateOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorUpdateClassValueContainer .
+:SelfEditorUpdateClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorUpdateClassDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:UpdateOperationValueContainer ;
+    access:dataSetValues :SelfEditorUpdateClassValueContainer .
 
-:SelfEditorUpdateClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:UpdateOperation .
+:SelfEditorUpdateClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:UpdateOperation .
 
 ### Editor update class uri data sets
 
-:EditorUpdateClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorUpdateClassDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:UpdateOperationValueContainer ;
-    ao:dataSetValues ai:EditorUpdateClassValueContainer .
+:EditorUpdateClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorUpdateClassDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:UpdateOperationValueContainer ;
+    access:dataSetValues :EditorUpdateClassValueContainer .
 
-:EditorUpdateClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:UpdateOperation .
+:EditorUpdateClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:UpdateOperation .
 
 ### Curator update class uri data sets
 
-:CuratorUpdateClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorUpdateClassDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:UpdateOperationValueContainer ;
-    ao:dataSetValues ai:CuratorUpdateClassValueContainer .
+:CuratorUpdateClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorUpdateClassDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:UpdateOperationValueContainer ;
+    access:dataSetValues :CuratorUpdateClassValueContainer .
 
-:CuratorUpdateClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:UpdateOperation .
+:CuratorUpdateClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:UpdateOperation .
 
 ### Admin update class uri data sets
 
-:AdminUpdateClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminUpdateClassDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:UpdateOperationValueContainer ;
-    ao:dataSetValues ai:AdminUpdateClassValueContainer .
+:AdminUpdateClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminUpdateClassDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:UpdateOperationValueContainer ;
+    access:dataSetValues :AdminUpdateClassValueContainer .
 
-:AdminUpdateClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:UpdateOperation .
+:AdminUpdateClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:UpdateOperation .
 
 ### Self editor publish class uri data sets
 
-:SelfEditorPublishClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorPublishClassDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorPublishClassValueContainer .
+:SelfEditorPublishClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorPublishClassDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :SelfEditorPublishClassValueContainer .
 
-:SelfEditorPublishClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:PublishOperation .
+:SelfEditorPublishClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:PublishOperation .
 
 ### Editor publish class uri data sets
 
-:EditorPublishClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorPublishClassDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:EditorPublishClassValueContainer .
+:EditorPublishClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorPublishClassDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :EditorPublishClassValueContainer .
 
-:EditorPublishClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:PublishOperation .
+:EditorPublishClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:PublishOperation .
 
 ### Curator publish class uri data sets
 
-:CuratorPublishClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorPublishClassDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:CuratorPublishClassValueContainer .
+:CuratorPublishClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorPublishClassDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :CuratorPublishClassValueContainer .
 
-:CuratorPublishClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:PublishOperation .
+:CuratorPublishClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:PublishOperation .
 
 ### Admin publish class uri data sets
 
-:AdminPublishClassDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminPublishClassDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ClassValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:AdminPublishClassValueContainer .
+:AdminPublishClassDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminPublishClassDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:ClassValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :AdminPublishClassValueContainer .
 
-:AdminPublishClassDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:Class ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:PublishOperation .
+:AdminPublishClassDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:Class ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:PublishOperation .
 
 ### Rules
 
-:RuleSet a ao:Rules ;
-    ao:rule :AllowMatchingClass .
+:RuleSet a access:Rules ;
+    access:rule :AllowMatchingClass .
 
-:AllowMatchingClass a ao:Rule;
-    ao:check :SubjectRoleCheck ;
-    ao:check :OperationCheck ;
-    ao:check :AccessObjectTypeCheck ;
-    ao:check :AccessObjectUriCheck .
+:AllowMatchingClass a access:Rule;
+    access:check :SubjectRoleCheck ;
+    access:check :OperationCheck ;
+    access:check :AccessObjectTypeCheck ;
+    access:check :AccessObjectUriCheck .
 
-:AccessObjectTypeCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:AccessObjectType ;
-    ao:templateValue :AccessObjectTypeValueSet .
+:AccessObjectTypeCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:values :AccessObjectTypeValueSet .
 
-:AccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ClassValueContainer ;
+:AccessObjectTypeValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:ClassValueContainer ;
     .
 
-:OperationCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:Operation ;
-    ao:templateValue :OperationValueSet .
+:OperationCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:values :OperationValueSet .
 
-:OperationValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:DisplayOperationValueContainer ;
-    ao:attributeValue ai:PublishOperationValueContainer ;
-    ao:attributeValue ai:UpdateOperationValueContainer ;
+:OperationValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:DisplayOperationValueContainer ;
+    access:attributeValue access-individual:PublishOperationValueContainer ;
+    access:attributeValue access-individual:UpdateOperationValueContainer ;
     .
 
-:SubjectRoleCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:SubjectRole ;
-    ao:templateValue :RoleValueSet .
-
-:RoleValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:PublicRoleValueContainer ;
-    ao:attributeValue ai:SelfEditorRoleValueContainer ;
-    ao:attributeValue ai:EditorRoleValueContainer ;
-    ao:attributeValue ai:CuratorRoleValueContainer ;
-    ao:attributeValue ai:AdminRoleValueContainer .
-
-:AccessObjectUriCheck a ao:Check ;
-    ao:operator ai:OneOf ;
-    ao:attribute ai:AccessObjectUri ;
-    ao:templateValue :AllowedClassValueSet .
-
-:AllowedClassValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:AdminPublishClassValueContainer ;
-    ao:attributeValue ai:AdminDisplayClassValueContainer ;
-    ao:attributeValue ai:AdminUpdateClassValueContainer ;
-    ao:attributeValue ai:CuratorPublishClassValueContainer ;
-    ao:attributeValue ai:CuratorDisplayClassValueContainer ;
-    ao:attributeValue ai:CuratorUpdateClassValueContainer ;
-    ao:attributeValue ai:EditorPublishClassValueContainer ;
-    ao:attributeValue ai:EditorDisplayClassValueContainer ;
-    ao:attributeValue ai:EditorUpdateClassValueContainer ;
-    ao:attributeValue ai:SelfEditorPublishClassValueContainer ;
-    ao:attributeValue ai:SelfEditorDisplayClassValueContainer ;
-    ao:attributeValue ai:SelfEditorUpdateClassValueContainer ;
-    ao:attributeValue ai:PublicDisplayClassValueContainer ;
-    ao:attributeValue ai:PublicUpdateClassValueContainer ;
+:SubjectRoleCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:SubjectRole ;
+    access:values :RoleValueSet .
+
+:RoleValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:PublicRoleValueContainer ;
+    access:attributeValue access-individual:SelfEditorRoleValueContainer ;
+    access:attributeValue access-individual:EditorRoleValueContainer ;
+    access:attributeValue access-individual:CuratorRoleValueContainer ;
+    access:attributeValue access-individual:AdminRoleValueContainer .
+
+:AccessObjectUriCheck a access:Check ;
+    access:operator access-individual:OneOf ;
+    access:attribute access-individual:AccessObjectUri ;
+    access:values :AllowedClassValueSet .
+
+:AllowedClassValueSet a access:AttributeValueSet ;
+    access:attributeValue :AdminPublishClassValueContainer ;
+    access:attributeValue :AdminDisplayClassValueContainer ;
+    access:attributeValue :AdminUpdateClassValueContainer ;
+    access:attributeValue :CuratorPublishClassValueContainer ;
+    access:attributeValue :CuratorDisplayClassValueContainer ;
+    access:attributeValue :CuratorUpdateClassValueContainer ;
+    access:attributeValue :EditorPublishClassValueContainer ;
+    access:attributeValue :EditorDisplayClassValueContainer ;
+    access:attributeValue :EditorUpdateClassValueContainer ;
+    access:attributeValue :SelfEditorPublishClassValueContainer ;
+    access:attributeValue :SelfEditorDisplayClassValueContainer ;
+    access:attributeValue :SelfEditorUpdateClassValueContainer ;
+    access:attributeValue :PublicDisplayClassValueContainer ;
+    access:attributeValue :PublicUpdateClassValueContainer ;
     .
 
-ai:AdminPublishClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:AdminPublishClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:AdminDisplayClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:AdminDisplayClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:AdminUpdateClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:AdminUpdateClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:CuratorPublishClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:CuratorPublishClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:CuratorDisplayClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:CuratorDisplayClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:CuratorUpdateClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:CuratorUpdateClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:EditorPublishClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:EditorPublishClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:EditorDisplayClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:EditorDisplayClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:EditorUpdateClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:EditorUpdateClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:SelfEditorPublishClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:SelfEditorPublishClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:SelfEditorDisplayClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:SelfEditorDisplayClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:SelfEditorUpdateClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:SelfEditorUpdateClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:PublicDisplayClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:PublicDisplayClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
 
-ai:PublicUpdateClassValueContainer a ao:ValueContainer ;
-    ao:containerType ai:Class .
+:PublicUpdateClassValueContainer a access:ValueContainer ;
+    access:containerType access-individual:Class .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index f84f7a6184..8eb503ad16 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -1,2079 +1,2075 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-property/> .
-
-:PolicyTemplate a ao:PolicyTemplate ;
-    ao:rules :RuleSet ;
-    ao:policyDataSets :DataSets .
-
-:DataSets a ao:PolicyDataSets ;
-    ao:policyDataSet :PublicDisplayObjectPropertyDataSet ;
-    ao:policyDataSet :EditorDisplayObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorDisplayObjectPropertyDataSet ;
-    ao:policyDataSet :AdminDisplayObjectPropertyDataSet ;
-
-    ao:policyDataSet :PublicDisplayDataPropertyDataSet ;
-    ao:policyDataSet :EditorDisplayDataPropertyDataSet ;
-    ao:policyDataSet :CuratorDisplayDataPropertyDataSet ;
-    ao:policyDataSet :AdminDisplayDataPropertyDataSet ;
-
-    ao:policyDataSet :PublicDisplayFauxObjectPropertyDataSet ;
-    ao:policyDataSet :EditorDisplayFauxObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorDisplayFauxObjectPropertyDataSet ;
-    ao:policyDataSet :AdminDisplayFauxObjectPropertyDataSet ;
-
-    ao:policyDataSet :PublicDisplayFauxDataPropertyDataSet ;
-    ao:policyDataSet :EditorDisplayFauxDataPropertyDataSet ;
-    ao:policyDataSet :CuratorDisplayFauxDataPropertyDataSet ;
-    ao:policyDataSet :AdminDisplayFauxDataPropertyDataSet ;
-
-    ao:policyDataSet :EditorPublishObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorPublishObjectPropertyDataSet ;
-    ao:policyDataSet :AdminPublishObjectPropertyDataSet ;
-
-    ao:policyDataSet :EditorPublishDataPropertyDataSet ;
-    ao:policyDataSet :CuratorPublishDataPropertyDataSet ;
-    ao:policyDataSet :AdminPublishDataPropertyDataSet ;
-
-    ao:policyDataSet :EditorPublishFauxObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorPublishFauxObjectPropertyDataSet ;
-    ao:policyDataSet :AdminPublishFauxObjectPropertyDataSet ;
-
-    ao:policyDataSet :EditorPublishFauxDataPropertyDataSet ;
-    ao:policyDataSet :CuratorPublishFauxDataPropertyDataSet ;
-    ao:policyDataSet :AdminPublishFauxDataPropertyDataSet ;
-
-    ao:policyDataSet :PublicEditObjectPropertyDataSet ;
-    ao:policyDataSet :EditorEditObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorEditObjectPropertyDataSet ;
-    ao:policyDataSet :AdminEditObjectPropertyDataSet ;
-
-    ao:policyDataSet :PublicAddObjectPropertyDataSet ;
-    ao:policyDataSet :EditorAddObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorAddObjectPropertyDataSet ;
-    ao:policyDataSet :AdminAddObjectPropertyDataSet ;
-
-    ao:policyDataSet :PublicDropObjectPropertyDataSet ;
-    ao:policyDataSet :EditorDropObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorDropObjectPropertyDataSet ;
-    ao:policyDataSet :AdminDropObjectPropertyDataSet ;
-
-    ao:policyDataSet :PublicEditDataPropertyDataSet ;
-    ao:policyDataSet :EditorEditDataPropertyDataSet ;
-    ao:policyDataSet :CuratorEditDataPropertyDataSet ;
-    ao:policyDataSet :AdminEditDataPropertyDataSet ;
-
-    ao:policyDataSet :PublicAddDataPropertyDataSet ;
-    ao:policyDataSet :EditorAddDataPropertyDataSet ;
-    ao:policyDataSet :CuratorAddDataPropertyDataSet ;
-    ao:policyDataSet :AdminAddDataPropertyDataSet ;
-
-    ao:policyDataSet :PublicDropDataPropertyDataSet ;
-    ao:policyDataSet :EditorDropDataPropertyDataSet ;
-    ao:policyDataSet :CuratorDropDataPropertyDataSet ;
-    ao:policyDataSet :AdminDropDataPropertyDataSet ;
-
-    ao:policyDataSet :PublicEditFauxObjectPropertyDataSet ;
-    ao:policyDataSet :EditorEditFauxObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorEditFauxObjectPropertyDataSet ;
-    ao:policyDataSet :AdminEditFauxObjectPropertyDataSet ;
-
-    ao:policyDataSet :PublicAddFauxObjectPropertyDataSet ;
-    ao:policyDataSet :EditorAddFauxObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorAddFauxObjectPropertyDataSet ;
-    ao:policyDataSet :AdminAddFauxObjectPropertyDataSet ;
-
-    ao:policyDataSet :PublicDropFauxObjectPropertyDataSet ;
-    ao:policyDataSet :EditorDropFauxObjectPropertyDataSet ;
-    ao:policyDataSet :CuratorDropFauxObjectPropertyDataSet ;
-    ao:policyDataSet :AdminDropFauxObjectPropertyDataSet ;
-
-    ao:policyDataSet :PublicEditFauxDataPropertyDataSet ;
-    ao:policyDataSet :EditorEditFauxDataPropertyDataSet ;
-    ao:policyDataSet :CuratorEditFauxDataPropertyDataSet ;
-    ao:policyDataSet :AdminEditFauxDataPropertyDataSet ;
-
-    ao:policyDataSet :PublicAddFauxDataPropertyDataSet ;
-    ao:policyDataSet :EditorAddFauxDataPropertyDataSet ;
-    ao:policyDataSet :CuratorAddFauxDataPropertyDataSet ;
-    ao:policyDataSet :AdminAddFauxDataPropertyDataSet ;
-
-    ao:policyDataSet :PublicDropFauxDataPropertyDataSet ;
-    ao:policyDataSet :EditorDropFauxDataPropertyDataSet ;
-    ao:policyDataSet :CuratorDropFauxDataPropertyDataSet ;
-    ao:policyDataSet :AdminDropFauxDataPropertyDataSet ;
-
-    ao:policyDataSetTemplate :RoleDisplayObjectPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RolePublishObjectPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleAddObjectPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleDropObjectPropertyDataSetTemplate ;
-
-    ao:policyDataSetTemplate :RoleEditObjectPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleDisplayDataPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RolePublishDataPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleAddDataPropertyDataSetTemplate ;
-
-    ao:policyDataSetTemplate :RoleDropDataPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleEditDataPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleDisplayFauxObjectPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RolePublishFauxObjectPropertyDataSetTemplate ;
-
-    ao:policyDataSetTemplate :RoleAddFauxObjectPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleDropFauxObjectPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleEditFauxObjectPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleDisplayFauxDataPropertyDataSetTemplate ;
-
-    ao:policyDataSetTemplate :RolePublishFauxDataPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleAddFauxDataPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleDropFauxDataPropertyDataSetTemplate ;
-    ao:policyDataSetTemplate :RoleEditFauxDataPropertyDataSetTemplate ;
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+
+:PolicyTemplate a access:PolicyTemplate ;
+    access:rules :RuleSet ;
+    access:policyDataSets :DataSets .
+
+:DataSets a access:PolicyDataSets ;
+    access:policyDataSet :PublicDisplayObjectPropertyDataSet ;
+    access:policyDataSet :EditorDisplayObjectPropertyDataSet ;
+    access:policyDataSet :CuratorDisplayObjectPropertyDataSet ;
+    access:policyDataSet :AdminDisplayObjectPropertyDataSet ;
+
+    access:policyDataSet :PublicDisplayDataPropertyDataSet ;
+    access:policyDataSet :EditorDisplayDataPropertyDataSet ;
+    access:policyDataSet :CuratorDisplayDataPropertyDataSet ;
+    access:policyDataSet :AdminDisplayDataPropertyDataSet ;
+
+    access:policyDataSet :PublicDisplayFauxObjectPropertyDataSet ;
+    access:policyDataSet :EditorDisplayFauxObjectPropertyDataSet ;
+    access:policyDataSet :CuratorDisplayFauxObjectPropertyDataSet ;
+    access:policyDataSet :AdminDisplayFauxObjectPropertyDataSet ;
+
+    access:policyDataSet :PublicDisplayFauxDataPropertyDataSet ;
+    access:policyDataSet :EditorDisplayFauxDataPropertyDataSet ;
+    access:policyDataSet :CuratorDisplayFauxDataPropertyDataSet ;
+    access:policyDataSet :AdminDisplayFauxDataPropertyDataSet ;
+
+    access:policyDataSet :EditorPublishObjectPropertyDataSet ;
+    access:policyDataSet :CuratorPublishObjectPropertyDataSet ;
+    access:policyDataSet :AdminPublishObjectPropertyDataSet ;
+
+    access:policyDataSet :EditorPublishDataPropertyDataSet ;
+    access:policyDataSet :CuratorPublishDataPropertyDataSet ;
+    access:policyDataSet :AdminPublishDataPropertyDataSet ;
+
+    access:policyDataSet :EditorPublishFauxObjectPropertyDataSet ;
+    access:policyDataSet :CuratorPublishFauxObjectPropertyDataSet ;
+    access:policyDataSet :AdminPublishFauxObjectPropertyDataSet ;
+
+    access:policyDataSet :EditorPublishFauxDataPropertyDataSet ;
+    access:policyDataSet :CuratorPublishFauxDataPropertyDataSet ;
+    access:policyDataSet :AdminPublishFauxDataPropertyDataSet ;
+
+    access:policyDataSet :PublicEditObjectPropertyDataSet ;
+    access:policyDataSet :EditorEditObjectPropertyDataSet ;
+    access:policyDataSet :CuratorEditObjectPropertyDataSet ;
+    access:policyDataSet :AdminEditObjectPropertyDataSet ;
+
+    access:policyDataSet :PublicAddObjectPropertyDataSet ;
+    access:policyDataSet :EditorAddObjectPropertyDataSet ;
+    access:policyDataSet :CuratorAddObjectPropertyDataSet ;
+    access:policyDataSet :AdminAddObjectPropertyDataSet ;
+
+    access:policyDataSet :PublicDropObjectPropertyDataSet ;
+    access:policyDataSet :EditorDropObjectPropertyDataSet ;
+    access:policyDataSet :CuratorDropObjectPropertyDataSet ;
+    access:policyDataSet :AdminDropObjectPropertyDataSet ;
+
+    access:policyDataSet :PublicEditDataPropertyDataSet ;
+    access:policyDataSet :EditorEditDataPropertyDataSet ;
+    access:policyDataSet :CuratorEditDataPropertyDataSet ;
+    access:policyDataSet :AdminEditDataPropertyDataSet ;
+
+    access:policyDataSet :PublicAddDataPropertyDataSet ;
+    access:policyDataSet :EditorAddDataPropertyDataSet ;
+    access:policyDataSet :CuratorAddDataPropertyDataSet ;
+    access:policyDataSet :AdminAddDataPropertyDataSet ;
+
+    access:policyDataSet :PublicDropDataPropertyDataSet ;
+    access:policyDataSet :EditorDropDataPropertyDataSet ;
+    access:policyDataSet :CuratorDropDataPropertyDataSet ;
+    access:policyDataSet :AdminDropDataPropertyDataSet ;
+
+    access:policyDataSet :PublicEditFauxObjectPropertyDataSet ;
+    access:policyDataSet :EditorEditFauxObjectPropertyDataSet ;
+    access:policyDataSet :CuratorEditFauxObjectPropertyDataSet ;
+    access:policyDataSet :AdminEditFauxObjectPropertyDataSet ;
+
+    access:policyDataSet :PublicAddFauxObjectPropertyDataSet ;
+    access:policyDataSet :EditorAddFauxObjectPropertyDataSet ;
+    access:policyDataSet :CuratorAddFauxObjectPropertyDataSet ;
+    access:policyDataSet :AdminAddFauxObjectPropertyDataSet ;
+
+    access:policyDataSet :PublicDropFauxObjectPropertyDataSet ;
+    access:policyDataSet :EditorDropFauxObjectPropertyDataSet ;
+    access:policyDataSet :CuratorDropFauxObjectPropertyDataSet ;
+    access:policyDataSet :AdminDropFauxObjectPropertyDataSet ;
+
+    access:policyDataSet :PublicEditFauxDataPropertyDataSet ;
+    access:policyDataSet :EditorEditFauxDataPropertyDataSet ;
+    access:policyDataSet :CuratorEditFauxDataPropertyDataSet ;
+    access:policyDataSet :AdminEditFauxDataPropertyDataSet ;
+
+    access:policyDataSet :PublicAddFauxDataPropertyDataSet ;
+    access:policyDataSet :EditorAddFauxDataPropertyDataSet ;
+    access:policyDataSet :CuratorAddFauxDataPropertyDataSet ;
+    access:policyDataSet :AdminAddFauxDataPropertyDataSet ;
+
+    access:policyDataSet :PublicDropFauxDataPropertyDataSet ;
+    access:policyDataSet :EditorDropFauxDataPropertyDataSet ;
+    access:policyDataSet :CuratorDropFauxDataPropertyDataSet ;
+    access:policyDataSet :AdminDropFauxDataPropertyDataSet ;
+
+    access:policyDataSetTemplate :RoleDisplayObjectPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RolePublishObjectPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RoleAddObjectPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RoleDropObjectPropertyDataSetTemplate ;
+
+    access:policyDataSetTemplate :RoleEditObjectPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RoleDisplayDataPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RolePublishDataPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RoleAddDataPropertyDataSetTemplate ;
+
+    access:policyDataSetTemplate :RoleDropDataPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RoleEditDataPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RoleDisplayFauxObjectPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RolePublishFauxObjectPropertyDataSetTemplate ;
+
+    access:policyDataSetTemplate :RoleAddFauxObjectPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RoleDropFauxObjectPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RoleEditFauxObjectPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RoleDisplayFauxDataPropertyDataSetTemplate ;
+
+    access:policyDataSetTemplate :RolePublishFauxDataPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RoleAddFauxDataPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RoleDropFauxDataPropertyDataSetTemplate ;
+    access:policyDataSetTemplate :RoleEditFauxDataPropertyDataSetTemplate ;
     .
 
 
 
 #Role DisplayObjectProperty data set template
 
-:RoleDisplayObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleDisplayObjectPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleDisplayObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleDisplayObjectPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleDisplayObjectPropertyEntityValueContainerTemplate .  
+:RoleDisplayObjectPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleDisplayObjectPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleDisplayObjectPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValueTemplate :RoleDisplayObjectPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleDisplayObjectPropertyEntityValueContainerTemplate .  
 
-:RoleDisplayObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleDisplayObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleDisplayObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent ai:DisplayOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleDisplayObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent access-individual:DisplayOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDisplayObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleDisplayObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDisplayObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:ObjectProperty .
+:RoleDisplayObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:ObjectProperty .
 
 #Role PublishObjectProperty data set template
 
-:RolePublishObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RolePublishObjectPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RolePublishObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValueTemplate :RolePublishObjectPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RolePublishObjectPropertyEntityValueContainerTemplate .  
+:RolePublishObjectPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RolePublishObjectPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RolePublishObjectPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValueTemplate :RolePublishObjectPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RolePublishObjectPropertyEntityValueContainerTemplate .  
 
-:RolePublishObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RolePublishObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RolePublishObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent ai:PublishOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RolePublishObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent access-individual:PublishOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RolePublishObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RolePublishObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePublishObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:ObjectProperty .
+:RolePublishObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:ObjectProperty .
 
 #Role AddObjectProperty data set template
 
-:RoleAddObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleAddObjectPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleAddObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleAddObjectPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleAddObjectPropertyEntityValueContainerTemplate .  
+:RoleAddObjectPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleAddObjectPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleAddObjectPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValueTemplate :RoleAddObjectPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleAddObjectPropertyEntityValueContainerTemplate .  
 
-:RoleAddObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleAddObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleAddObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent ai:AddOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleAddObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent access-individual:AddOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleAddObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleAddObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleAddObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:ObjectProperty .
+:RoleAddObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:ObjectProperty .
 
 #Role DropObjectProperty data set template
 
-:RoleDropObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleDropObjectPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleDropObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleDropObjectPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleDropObjectPropertyEntityValueContainerTemplate .  
+:RoleDropObjectPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleDropObjectPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleDropObjectPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValueTemplate :RoleDropObjectPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleDropObjectPropertyEntityValueContainerTemplate .  
 
-:RoleDropObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleDropObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleDropObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent ai:DropOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleDropObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent access-individual:DropOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDropObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleDropObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDropObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:ObjectProperty .
+:RoleDropObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:ObjectProperty .
 
 #Role EditObjectProperty data set template
 
-:RoleEditObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleEditObjectPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleEditObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleEditObjectPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleEditObjectPropertyEntityValueContainerTemplate .  
+:RoleEditObjectPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleEditObjectPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleEditObjectPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValueTemplate :RoleEditObjectPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleEditObjectPropertyEntityValueContainerTemplate .  
 
-:RoleEditObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleEditObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleEditObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent ai:EditOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleEditObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent access-individual:EditOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleEditObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleEditObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleEditObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:ObjectProperty .
+:RoleEditObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:ObjectProperty .
 
 #Role DisplayDataProperty data set template
 
-:RoleDisplayDataPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleDisplayDataPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleDisplayDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleDisplayDataPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleDisplayDataPropertyEntityValueContainerTemplate .  
+:RoleDisplayDataPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleDisplayDataPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleDisplayDataPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValueTemplate :RoleDisplayDataPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleDisplayDataPropertyEntityValueContainerTemplate .  
 
-:RoleDisplayDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleDisplayDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleDisplayDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent ai:DisplayOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleDisplayDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent access-individual:DisplayOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDisplayDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleDisplayDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDisplayDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:DataProperty .
+:RoleDisplayDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:DataProperty .
 
 #Role PublishDataProperty data set template
 
-:RolePublishDataPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RolePublishDataPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RolePublishDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValueTemplate :RolePublishDataPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RolePublishDataPropertyEntityValueContainerTemplate .  
+:RolePublishDataPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RolePublishDataPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RolePublishDataPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValueTemplate :RolePublishDataPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RolePublishDataPropertyEntityValueContainerTemplate .  
 
-:RolePublishDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RolePublishDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RolePublishDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent ai:PublishOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RolePublishDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent access-individual:PublishOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RolePublishDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RolePublishDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePublishDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:DataProperty .
+:RolePublishDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:DataProperty .
 
 #Role AddDataProperty data set template
 
-:RoleAddDataPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleAddDataPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleAddDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleAddDataPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleAddDataPropertyEntityValueContainerTemplate .  
+:RoleAddDataPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleAddDataPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleAddDataPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValueTemplate :RoleAddDataPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleAddDataPropertyEntityValueContainerTemplate .  
 
-:RoleAddDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleAddDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleAddDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent ai:AddOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleAddDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent access-individual:AddOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleAddDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleAddDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleAddDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:DataProperty .
+:RoleAddDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:DataProperty .
 
 #Role DropDataProperty data set template
 
-:RoleDropDataPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleDropDataPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleDropDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleDropDataPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleDropDataPropertyEntityValueContainerTemplate .  
+:RoleDropDataPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleDropDataPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleDropDataPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValueTemplate :RoleDropDataPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleDropDataPropertyEntityValueContainerTemplate .  
 
-:RoleDropDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleDropDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleDropDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent ai:DropOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleDropDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent access-individual:DropOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDropDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleDropDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDropDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:DataProperty .
+:RoleDropDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:DataProperty .
 
 #Role EditDataProperty data set template
 
-:RoleEditDataPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleEditDataPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleEditDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleEditDataPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleEditDataPropertyEntityValueContainerTemplate .  
+:RoleEditDataPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleEditDataPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleEditDataPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValueTemplate :RoleEditDataPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleEditDataPropertyEntityValueContainerTemplate .  
 
-:RoleEditDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleEditDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleEditDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent ai:EditOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleEditDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent access-individual:EditOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleEditDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleEditDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleEditDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:DataProperty .
+:RoleEditDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:DataProperty .
 
 #Role DisplayFauxObjectProperty data set template
 
-:RoleDisplayFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleDisplayFauxObjectPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleDisplayFauxObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleDisplayFauxObjectPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleDisplayFauxObjectPropertyEntityValueContainerTemplate .  
+:RoleDisplayFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleDisplayFauxObjectPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleDisplayFauxObjectPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValueTemplate :RoleDisplayFauxObjectPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleDisplayFauxObjectPropertyEntityValueContainerTemplate .  
 
-:RoleDisplayFauxObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleDisplayFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleDisplayFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent ai:DisplayOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleDisplayFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent access-individual:DisplayOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDisplayFauxObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleDisplayFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDisplayFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxObjectProperty .
+:RoleDisplayFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:FauxObjectProperty .
 
 #Role PublishFauxObjectProperty data set template
 
-:RolePublishFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RolePublishFauxObjectPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RolePublishFauxObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValueTemplate :RolePublishFauxObjectPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RolePublishFauxObjectPropertyEntityValueContainerTemplate .  
+:RolePublishFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RolePublishFauxObjectPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RolePublishFauxObjectPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValueTemplate :RolePublishFauxObjectPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RolePublishFauxObjectPropertyEntityValueContainerTemplate .  
 
-:RolePublishFauxObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RolePublishFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RolePublishFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent ai:PublishOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RolePublishFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent access-individual:PublishOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RolePublishFauxObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RolePublishFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePublishFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxObjectProperty .
+:RolePublishFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:FauxObjectProperty .
 
 #Role AddFauxObjectProperty data set template
 
-:RoleAddFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleAddFauxObjectPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleAddFauxObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleAddFauxObjectPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleAddFauxObjectPropertyEntityValueContainerTemplate .  
+:RoleAddFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleAddFauxObjectPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleAddFauxObjectPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValueTemplate :RoleAddFauxObjectPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleAddFauxObjectPropertyEntityValueContainerTemplate .  
 
-:RoleAddFauxObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleAddFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleAddFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent ai:AddOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleAddFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent access-individual:AddOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleAddFauxObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleAddFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleAddFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxObjectProperty .
+:RoleAddFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:FauxObjectProperty .
 
 #Role DropFauxObjectProperty data set template
 
-:RoleDropFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleDropFauxObjectPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleDropFauxObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleDropFauxObjectPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleDropFauxObjectPropertyEntityValueContainerTemplate .  
+:RoleDropFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleDropFauxObjectPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleDropFauxObjectPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValueTemplate :RoleDropFauxObjectPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleDropFauxObjectPropertyEntityValueContainerTemplate .  
 
-:RoleDropFauxObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleDropFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleDropFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent ai:DropOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleDropFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent access-individual:DropOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDropFauxObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleDropFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDropFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxObjectProperty .
+:RoleDropFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:FauxObjectProperty .
 
 #Role EditFauxObjectProperty data set template
 
-:RoleEditFauxObjectPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleEditFauxObjectPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleEditFauxObjectPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleEditFauxObjectPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleEditFauxObjectPropertyEntityValueContainerTemplate .  
+:RoleEditFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleEditFauxObjectPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleEditFauxObjectPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValueTemplate :RoleEditFauxObjectPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleEditFauxObjectPropertyEntityValueContainerTemplate .  
 
-:RoleEditFauxObjectPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleEditFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleEditFauxObjectPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent ai:EditOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleEditFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent access-individual:EditOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleEditFauxObjectPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleEditFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleEditFauxObjectPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxObjectProperty .
+:RoleEditFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:FauxObjectProperty .
 
 #Role DisplayFauxDataProperty data set template
 
-:RoleDisplayFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleDisplayFauxDataPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleDisplayFauxDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleDisplayFauxDataPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleDisplayFauxDataPropertyEntityValueContainerTemplate .  
+:RoleDisplayFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleDisplayFauxDataPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleDisplayFauxDataPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValueTemplate :RoleDisplayFauxDataPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleDisplayFauxDataPropertyEntityValueContainerTemplate .  
 
-:RoleDisplayFauxDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleDisplayFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleDisplayFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent ai:DisplayOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleDisplayFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent access-individual:DisplayOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDisplayFauxDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleDisplayFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDisplayFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxDataProperty .
+:RoleDisplayFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:FauxDataProperty .
 
 #Role PublishFauxDataProperty data set template
 
-:RolePublishFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RolePublishFauxDataPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RolePublishFauxDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValueTemplate :RolePublishFauxDataPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RolePublishFauxDataPropertyEntityValueContainerTemplate .  
+:RolePublishFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RolePublishFauxDataPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RolePublishFauxDataPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValueTemplate :RolePublishFauxDataPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RolePublishFauxDataPropertyEntityValueContainerTemplate .  
 
-:RolePublishFauxDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RolePublishFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RolePublishFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent ai:PublishOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RolePublishFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent access-individual:PublishOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RolePublishFauxDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RolePublishFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePublishFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxDataProperty .
+:RolePublishFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:FauxDataProperty .
 
 #Role AddFauxDataProperty data set template
 
-:RoleAddFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleAddFauxDataPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleAddFauxDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleAddFauxDataPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleAddFauxDataPropertyEntityValueContainerTemplate .  
+:RoleAddFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleAddFauxDataPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleAddFauxDataPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValueTemplate :RoleAddFauxDataPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleAddFauxDataPropertyEntityValueContainerTemplate .  
 
-:RoleAddFauxDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleAddFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleAddFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent ai:AddOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleAddFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent access-individual:AddOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleAddFauxDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleAddFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleAddFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxDataProperty .
+:RoleAddFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:FauxDataProperty .
 
 #Role DropFauxDataProperty data set template
 
-:RoleDropFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleDropFauxDataPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleDropFauxDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleDropFauxDataPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleDropFauxDataPropertyEntityValueContainerTemplate .  
+:RoleDropFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleDropFauxDataPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleDropFauxDataPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValueTemplate :RoleDropFauxDataPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleDropFauxDataPropertyEntityValueContainerTemplate .  
 
-:RoleDropFauxDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleDropFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleDropFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent ai:DropOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleDropFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent access-individual:DropOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDropFauxDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleDropFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDropFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxDataProperty .
+:RoleDropFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:FauxDataProperty .
 
 #Role EditFauxDataProperty data set template
 
-:RoleEditFauxDataPropertyDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleEditFauxDataPropertyDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleEditFauxDataPropertyDataSetKeyTemplate ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValueTemplate :RoleEditFauxDataPropertyValueContainerTemplate ;
-    ao:dataSetValueTemplate :RoleEditFauxDataPropertyEntityValueContainerTemplate .  
+:RoleEditFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleEditFauxDataPropertyDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleEditFauxDataPropertyDataSetKeyTemplate ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValueTemplate :RoleEditFauxDataPropertyValueContainerTemplate ;
+    access:dataSetValueTemplate :RoleEditFauxDataPropertyEntityValueContainerTemplate .  
 
-:RoleEditFauxDataPropertyDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleEditFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleEditFauxDataPropertyDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent ai:EditOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleEditFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent access-individual:EditOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleEditFauxDataPropertyValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
+:RoleEditFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleEditFauxDataPropertyEntityValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :AllowedPropertyUriValueSet ;
-#    ao:defaultValue ai:defaultUri ;
-    ao:containerTypeTemplate ai:FauxDataProperty .
+:RoleEditFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :AllowedPropertyUriValueSet ;
+#    access:defaultValue access-individual:defaultUri ;
+    access:containerTypeTemplate access-individual:FauxDataProperty .
 
 
 
 ### Drop faux data property data sets
 
-:PublicDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDropFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:PublicDropFauxDataPropertyValueContainer .
-
-:PublicDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DropOperation .
-
-:EditorDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDropFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:EditorDropFauxDataPropertyValueContainer .
-
-:EditorDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DropOperation .
-
-:CuratorDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDropFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDropFauxDataPropertyValueContainer .
-
-:CuratorDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DropOperation .
-
-:AdminDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDropFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:AdminDropFauxDataPropertyValueContainer .
-
-:AdminDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DropOperation .
+:PublicDropFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicDropFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :PublicDropFauxDataPropertyValueContainer .
+
+:PublicDropFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:DropOperation .
+
+:EditorDropFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorDropFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :EditorDropFauxDataPropertyValueContainer .
+
+:EditorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:DropOperation .
+
+:CuratorDropFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorDropFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :CuratorDropFauxDataPropertyValueContainer .
+
+:CuratorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:DropOperation .
+
+:AdminDropFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminDropFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :AdminDropFauxDataPropertyValueContainer .
+
+:AdminDropFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:DropOperation .
 
 ### Add faux data property data sets
 
-:PublicAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicAddFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:PublicAddFauxDataPropertyValueContainer .
-
-:PublicAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:AddOperation .
-
-:EditorAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorAddFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:EditorAddFauxDataPropertyValueContainer .
-
-:EditorAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:AddOperation .
-
-:CuratorAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorAddFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:CuratorAddFauxDataPropertyValueContainer .
-
-:CuratorAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:AddOperation .
-
-:AdminAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminAddFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:AdminAddFauxDataPropertyValueContainer .
-
-:AdminAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:AddOperation .
+:PublicAddFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicAddFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :PublicAddFauxDataPropertyValueContainer .
+
+:PublicAddFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:AddOperation .
+
+:EditorAddFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorAddFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :EditorAddFauxDataPropertyValueContainer .
+
+:EditorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:AddOperation .
+
+:CuratorAddFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorAddFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :CuratorAddFauxDataPropertyValueContainer .
+
+:CuratorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:AddOperation .
+
+:AdminAddFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminAddFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :AdminAddFauxDataPropertyValueContainer .
+
+:AdminAddFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AddOperation .
 
 ### Edit faux data property data sets
 
-:PublicEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicEditFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:PublicEditFauxDataPropertyValueContainer .
-
-:PublicEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:EditOperation .
-
-:EditorEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorEditFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:EditorEditFauxDataPropertyValueContainer .
-
-:EditorEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:EditOperation .
-
-:CuratorEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorEditFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:CuratorEditFauxDataPropertyValueContainer .
-
-:CuratorEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:EditOperation .
-
-:AdminEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminEditFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:AdminEditFauxDataPropertyValueContainer .
-
-:AdminEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:EditOperation .
+:PublicEditFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicEditFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :PublicEditFauxDataPropertyValueContainer .
+
+:PublicEditFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:EditOperation .
+
+:EditorEditFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorEditFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :EditorEditFauxDataPropertyValueContainer .
+
+:EditorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditOperation .
+
+:CuratorEditFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorEditFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :CuratorEditFauxDataPropertyValueContainer .
+
+:CuratorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:EditOperation .
+
+:AdminEditFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminEditFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :AdminEditFauxDataPropertyValueContainer .
+
+:AdminEditFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:EditOperation .
 
 ### Drop faux object property data sets
 
-:PublicDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDropFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:PublicDropFauxObjectPropertyValueContainer .
-
-:PublicDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DropOperation .
-
-:EditorDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDropFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:EditorDropFauxObjectPropertyValueContainer .
-
-:EditorDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DropOperation .
-
-:CuratorDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDropFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDropFauxObjectPropertyValueContainer .
-
-:CuratorDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DropOperation .
-
-:AdminDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDropFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:AdminDropFauxObjectPropertyValueContainer .
-
-:AdminDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DropOperation .
+:PublicDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicDropFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :PublicDropFauxObjectPropertyValueContainer .
+
+:PublicDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:DropOperation .
+
+:EditorDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorDropFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :EditorDropFauxObjectPropertyValueContainer .
+
+:EditorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:DropOperation .
+
+:CuratorDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorDropFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :CuratorDropFauxObjectPropertyValueContainer .
+
+:CuratorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:DropOperation .
+
+:AdminDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminDropFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :AdminDropFauxObjectPropertyValueContainer .
+
+:AdminDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:DropOperation .
 
 ### Add faux object property data sets
 
-:PublicAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicAddFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:PublicAddFauxObjectPropertyValueContainer .
-
-:PublicAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:AddOperation .
-
-:EditorAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorAddFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:EditorAddFauxObjectPropertyValueContainer .
-
-:EditorAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:AddOperation .
-
-:CuratorAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorAddFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:CuratorAddFauxObjectPropertyValueContainer .
-
-:CuratorAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:AddOperation .
-
-:AdminAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminAddFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:AdminAddFauxObjectPropertyValueContainer .
-
-:AdminAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:AddOperation .
+:PublicAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicAddFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :PublicAddFauxObjectPropertyValueContainer .
+
+:PublicAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:AddOperation .
+
+:EditorAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorAddFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :EditorAddFauxObjectPropertyValueContainer .
+
+:EditorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:AddOperation .
+
+:CuratorAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorAddFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :CuratorAddFauxObjectPropertyValueContainer .
+
+:CuratorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:AddOperation .
+
+:AdminAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminAddFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :AdminAddFauxObjectPropertyValueContainer .
+
+:AdminAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AddOperation .
 
 ### Edit faux object property data sets
 
-:PublicEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicEditFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:PublicEditFauxObjectPropertyValueContainer .
-
-:PublicEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:EditOperation .
-
-:EditorEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorEditFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:EditorEditFauxObjectPropertyValueContainer .
-
-:EditorEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:EditOperation .
-
-:CuratorEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorEditFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:CuratorEditFauxObjectPropertyValueContainer .
-
-:CuratorEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:EditOperation .
-
-:AdminEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminEditFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:AdminEditFauxObjectPropertyValueContainer .
-
-:AdminEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:EditOperation .
+:PublicEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicEditFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :PublicEditFauxObjectPropertyValueContainer .
+
+:PublicEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:EditOperation .
+
+:EditorEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorEditFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :EditorEditFauxObjectPropertyValueContainer .
+
+:EditorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditOperation .
+
+:CuratorEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorEditFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :CuratorEditFauxObjectPropertyValueContainer .
+
+:CuratorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:EditOperation .
+
+:AdminEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminEditFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :AdminEditFauxObjectPropertyValueContainer .
+
+:AdminEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:EditOperation .
 
 ### Drop data property data sets
 
-:PublicDropDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDropDataPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:PublicDropDataPropertyValueContainer .
-
-:PublicDropDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DropOperation .
-
-:EditorDropDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDropDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:EditorDropDataPropertyValueContainer .
-
-:EditorDropDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DropOperation .
-
-:CuratorDropDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDropDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDropDataPropertyValueContainer .
-
-:CuratorDropDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DropOperation .
-
-:AdminDropDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDropDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:AdminDropDataPropertyValueContainer .
-
-:AdminDropDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DropOperation .
+:PublicDropDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicDropDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :PublicDropDataPropertyValueContainer .
+
+:PublicDropDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:DropOperation .
+
+:EditorDropDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorDropDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :EditorDropDataPropertyValueContainer .
+
+:EditorDropDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:DropOperation .
+
+:CuratorDropDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorDropDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :CuratorDropDataPropertyValueContainer .
+
+:CuratorDropDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:DropOperation .
+
+:AdminDropDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminDropDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :AdminDropDataPropertyValueContainer .
+
+:AdminDropDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:DropOperation .
 
 ### Add data property data sets
 
-:PublicAddDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicAddDataPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:PublicAddDataPropertyValueContainer .
-
-:PublicAddDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:AddOperation .
-
-:EditorAddDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorAddDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:EditorAddDataPropertyValueContainer .
-
-:EditorAddDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:AddOperation .
-
-:CuratorAddDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorAddDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:CuratorAddDataPropertyValueContainer .
-
-:CuratorAddDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:AddOperation .
-
-:AdminAddDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminAddDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:AdminAddDataPropertyValueContainer .
-
-:AdminAddDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:AddOperation .
+:PublicAddDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicAddDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :PublicAddDataPropertyValueContainer .
+
+:PublicAddDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:AddOperation .
+
+:EditorAddDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorAddDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :EditorAddDataPropertyValueContainer .
+
+:EditorAddDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:AddOperation .
+
+:CuratorAddDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorAddDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :CuratorAddDataPropertyValueContainer .
+
+:CuratorAddDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:AddOperation .
+
+:AdminAddDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminAddDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :AdminAddDataPropertyValueContainer .
+
+:AdminAddDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AddOperation .
 
 ### Edit data property data sets
 
-:PublicEditDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicEditDataPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:PublicEditDataPropertyValueContainer .
-
-:PublicEditDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:EditOperation .
-
-:EditorEditDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorEditDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:EditorEditDataPropertyValueContainer .
-
-:EditorEditDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:EditOperation .
-
-:CuratorEditDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorEditDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:CuratorEditDataPropertyValueContainer .
-
-:CuratorEditDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:EditOperation .
-
-:AdminEditDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminEditDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:AdminEditDataPropertyValueContainer .
-
-:AdminEditDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:EditOperation .
+:PublicEditDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicEditDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :PublicEditDataPropertyValueContainer .
+
+:PublicEditDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:EditOperation .
+
+:EditorEditDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorEditDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :EditorEditDataPropertyValueContainer .
+
+:EditorEditDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditOperation .
+
+:CuratorEditDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorEditDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :CuratorEditDataPropertyValueContainer .
+
+:CuratorEditDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:EditOperation .
+
+:AdminEditDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminEditDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :AdminEditDataPropertyValueContainer .
+
+:AdminEditDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:EditOperation .
 
 ### Drop object property data sets
 
-:PublicDropObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDropObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:PublicDropObjectPropertyValueContainer .
-
-:PublicDropObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DropOperation .
-
-:EditorDropObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDropObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:EditorDropObjectPropertyValueContainer .
-
-:EditorDropObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DropOperation .
-
-:CuratorDropObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDropObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDropObjectPropertyValueContainer .
-
-:CuratorDropObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DropOperation .
-
-:AdminDropObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDropObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:AdminDropObjectPropertyValueContainer .
-
-:AdminDropObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DropOperation .
+:PublicDropObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicDropObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :PublicDropObjectPropertyValueContainer .
+
+:PublicDropObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:DropOperation .
+
+:EditorDropObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorDropObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :EditorDropObjectPropertyValueContainer .
+
+:EditorDropObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:DropOperation .
+
+:CuratorDropObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorDropObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :CuratorDropObjectPropertyValueContainer .
+
+:CuratorDropObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:DropOperation .
+
+:AdminDropObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminDropObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :AdminDropObjectPropertyValueContainer .
+
+:AdminDropObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:DropOperation .
 
 ### Add object property data sets
 
-:PublicAddObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicAddObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:PublicAddObjectPropertyValueContainer .
-
-:PublicAddObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:AddOperation .
-
-:EditorAddObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorAddObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:EditorAddObjectPropertyValueContainer .
-
-:EditorAddObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:AddOperation .
-
-:CuratorAddObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorAddObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:CuratorAddObjectPropertyValueContainer .
-
-:CuratorAddObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:AddOperation .
-
-:AdminAddObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminAddObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:AdminAddObjectPropertyValueContainer .
-
-:AdminAddObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:AddOperation .
+:PublicAddObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicAddObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :PublicAddObjectPropertyValueContainer .
+
+:PublicAddObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:AddOperation .
+
+:EditorAddObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorAddObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :EditorAddObjectPropertyValueContainer .
+
+:EditorAddObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:AddOperation .
+
+:CuratorAddObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorAddObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :CuratorAddObjectPropertyValueContainer .
+
+:CuratorAddObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:AddOperation .
+
+:AdminAddObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminAddObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :AdminAddObjectPropertyValueContainer .
+
+:AdminAddObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AddOperation .
 
 ### Edit object property data sets
 
-:PublicEditObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicEditObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:PublicEditObjectPropertyValueContainer .
-
-:PublicEditObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:EditOperation .
-
-:EditorEditObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorEditObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:EditorEditObjectPropertyValueContainer .
-
-:EditorEditObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:EditOperation .
-
-:CuratorEditObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorEditObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:CuratorEditObjectPropertyValueContainer .
-
-:CuratorEditObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:EditOperation .
-
-:AdminEditObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminEditObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:AdminEditObjectPropertyValueContainer .
-
-:AdminEditObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:EditOperation .
+:PublicEditObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicEditObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :PublicEditObjectPropertyValueContainer .
+
+:PublicEditObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:EditOperation .
+
+:EditorEditObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorEditObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :EditorEditObjectPropertyValueContainer .
+
+:EditorEditObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditOperation .
+
+:CuratorEditObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorEditObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :CuratorEditObjectPropertyValueContainer .
+
+:CuratorEditObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:EditOperation .
+
+:AdminEditObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminEditObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :AdminEditObjectPropertyValueContainer .
+
+:AdminEditObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:EditOperation .
 
 
 ### Display object property data sets
 
-:PublicDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDisplayObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:PublicDisplayObjectPropertyValueContainer .
-
-:PublicDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DisplayOperation .
-
-:EditorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDisplayObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:EditorDisplayObjectPropertyValueContainer .
-
-:EditorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DisplayOperation .
-
-:CuratorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDisplayObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDisplayObjectPropertyValueContainer .
-
-:CuratorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DisplayOperation .
-
-:AdminDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDisplayObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:AdminDisplayObjectPropertyValueContainer .
-
-:AdminDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DisplayOperation .
+:PublicDisplayObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicDisplayObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :PublicDisplayObjectPropertyValueContainer .
+
+:PublicDisplayObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:DisplayOperation .
+
+:EditorDisplayObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorDisplayObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :EditorDisplayObjectPropertyValueContainer .
+
+:EditorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:DisplayOperation .
+
+:CuratorDisplayObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorDisplayObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :CuratorDisplayObjectPropertyValueContainer .
+
+:CuratorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:DisplayOperation .
+
+:AdminDisplayObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminDisplayObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :AdminDisplayObjectPropertyValueContainer .
+
+:AdminDisplayObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Display data property data sets
 
-:PublicDisplayDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDisplayDataPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:PublicDisplayDataPropertyValueContainer .
-
-:PublicDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DisplayOperation .
-
-:EditorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDisplayDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:EditorDisplayDataPropertyValueContainer .
-
-:EditorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DisplayOperation .
-
-:CuratorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDisplayDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDisplayDataPropertyValueContainer .
-
-:CuratorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DisplayOperation .
-
-:AdminDisplayDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDisplayDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:AdminDisplayDataPropertyValueContainer .
-
-:AdminDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DisplayOperation .
+:PublicDisplayDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicDisplayDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :PublicDisplayDataPropertyValueContainer .
+
+:PublicDisplayDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:DisplayOperation .
+
+:EditorDisplayDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorDisplayDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :EditorDisplayDataPropertyValueContainer .
+
+:EditorDisplayDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:DisplayOperation .
+
+:CuratorDisplayDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorDisplayDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :CuratorDisplayDataPropertyValueContainer .
+
+:CuratorDisplayDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:DisplayOperation .
+
+:AdminDisplayDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminDisplayDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :AdminDisplayDataPropertyValueContainer .
+
+:AdminDisplayDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Display faux object property data sets
 
-:PublicDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDisplayFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:PublicDisplayFauxObjectPropertyValueContainer .
-
-:PublicDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DisplayOperation .
-
-:EditorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDisplayFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:EditorDisplayFauxObjectPropertyValueContainer .
-
-:EditorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DisplayOperation .
-
-:CuratorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDisplayFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDisplayFauxObjectPropertyValueContainer .
-
-:CuratorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DisplayOperation .
-
-:AdminDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDisplayFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:AdminDisplayFauxObjectPropertyValueContainer .
-
-:AdminDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DisplayOperation .
+:PublicDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicDisplayFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :PublicDisplayFauxObjectPropertyValueContainer .
+
+:PublicDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:DisplayOperation .
+
+:EditorDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorDisplayFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :EditorDisplayFauxObjectPropertyValueContainer .
+
+:EditorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:DisplayOperation .
+
+:CuratorDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorDisplayFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :CuratorDisplayFauxObjectPropertyValueContainer .
+
+:CuratorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:DisplayOperation .
+
+:AdminDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminDisplayFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :AdminDisplayFauxObjectPropertyValueContainer .
+
+:AdminDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Display faux data property data sets
 
-:PublicDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDisplayFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:PublicDisplayFauxDataPropertyValueContainer .
-
-:PublicDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:PUBLIC ;
-    ao:keyComponent ai:DisplayOperation .
-
-:EditorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDisplayFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:EditorDisplayFauxDataPropertyValueContainer .
-
-:EditorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:DisplayOperation .
-
-:CuratorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDisplayFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:CuratorDisplayFauxDataPropertyValueContainer .
-
-:CuratorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:DisplayOperation .
-
-:AdminDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDisplayFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:AdminDisplayFauxDataPropertyValueContainer .
-
-:AdminDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:DisplayOperation .
+:PublicDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicDisplayFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :PublicDisplayFauxDataPropertyValueContainer .
+
+:PublicDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:DisplayOperation .
+
+:EditorDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorDisplayFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :EditorDisplayFauxDataPropertyValueContainer .
+
+:EditorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:DisplayOperation .
+
+:CuratorDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorDisplayFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :CuratorDisplayFauxDataPropertyValueContainer .
+
+:CuratorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:DisplayOperation .
+
+:AdminDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminDisplayFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :AdminDisplayFauxDataPropertyValueContainer .
+
+:AdminDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Publish object property data sets
 
-:EditorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorPublishObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:EditorPublishObjectPropertyValueContainer .
-
-:EditorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:PublishOperation .
-
-:CuratorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorPublishObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:CuratorPublishObjectPropertyValueContainer .
-
-:CuratorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:PublishOperation .
-
-:AdminPublishObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminPublishObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:AdminPublishObjectPropertyValueContainer .
-
-:AdminPublishObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:PublishOperation .
+:EditorPublishObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorPublishObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :EditorPublishObjectPropertyValueContainer .
+
+:EditorPublishObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:PublishOperation .
+
+:CuratorPublishObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorPublishObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :CuratorPublishObjectPropertyValueContainer .
+
+:CuratorPublishObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:PublishOperation .
+
+:AdminPublishObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminPublishObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :AdminPublishObjectPropertyValueContainer .
+
+:AdminPublishObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:PublishOperation .
 
 ### Publish data property data sets
 
-:EditorPublishDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorPublishDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:EditorPublishDataPropertyValueContainer .
-
-:EditorPublishDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:PublishOperation .
-
-:CuratorPublishDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorPublishDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:CuratorPublishDataPropertyValueContainer .
-
-:CuratorPublishDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:PublishOperation .
-
-:AdminPublishDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminPublishDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:AdminPublishDataPropertyValueContainer .
-
-:AdminPublishDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:PublishOperation .
+:EditorPublishDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorPublishDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :EditorPublishDataPropertyValueContainer .
+
+:EditorPublishDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:PublishOperation .
+
+:CuratorPublishDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorPublishDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :CuratorPublishDataPropertyValueContainer .
+
+:CuratorPublishDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:PublishOperation .
+
+:AdminPublishDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminPublishDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :AdminPublishDataPropertyValueContainer .
+
+:AdminPublishDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:PublishOperation .
 
 ### Publish faux object property data sets
 
-:EditorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorPublishFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:EditorPublishFauxObjectPropertyValueContainer .
-
-:EditorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:PublishOperation .
-
-:CuratorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorPublishFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:CuratorPublishFauxObjectPropertyValueContainer .
-
-:CuratorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:PublishOperation .
-
-:AdminPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminPublishFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:AdminPublishFauxObjectPropertyValueContainer .
-
-:AdminPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:PublishOperation .
+:EditorPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorPublishFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :EditorPublishFauxObjectPropertyValueContainer .
+
+:EditorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:PublishOperation .
+
+:CuratorPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorPublishFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :CuratorPublishFauxObjectPropertyValueContainer .
+
+:CuratorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:PublishOperation .
+
+:AdminPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminPublishFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :AdminPublishFauxObjectPropertyValueContainer .
+
+:AdminPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:PublishOperation .
 
 ### Publish faux data property data sets
 
-:EditorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorPublishFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:EditorPublishFauxDataPropertyValueContainer .
-
-:EditorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:EDITOR ;
-    ao:keyComponent ai:PublishOperation .
-
-:CuratorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorPublishFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:CuratorPublishFauxDataPropertyValueContainer .
-
-:CuratorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:CURATOR ;
-    ao:keyComponent ai:PublishOperation .
-
-:AdminPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminPublishFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:AdminPublishFauxDataPropertyValueContainer .
-
-:AdminPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:ADMIN ;
-    ao:keyComponent ai:PublishOperation .
+:EditorPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorPublishFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :EditorPublishFauxDataPropertyValueContainer .
+
+:EditorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:PublishOperation .
+
+:CuratorPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorPublishFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :CuratorPublishFauxDataPropertyValueContainer .
+
+:CuratorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:PublishOperation .
+
+:AdminPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminPublishFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :AdminPublishFauxDataPropertyValueContainer .
+
+:AdminPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:PublishOperation .
 
 ### Rules
 
-:RuleSet a ao:Rules ;
-    ao:rule :AllowMatchingPropertyStatement ;
-    ao:rule :AllowMatchingProperty .
-
-:AllowMatchingProperty a ao:Rule;
-    ao:check :SubjectRoleEqualsDataSetRoleAttribute ;
-    ao:check :OperationEqualsDataSetOperation ;
-    ao:check :AccessObjectTypeEqualsDataSetValue ;
-    ao:check :AccessObjectUriContainsInDataSet .
-
-:AccessObjectTypeEqualsDataSetValue a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:AccessObjectType ;
-    ao:templateValue :AccessObjectTypeValueSet .
-
-:AccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyValueContainer ;
-    ao:attributeValue ai:DataPropertyValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyValueContainer ;
+:RuleSet a access:Rules ;
+    access:rule :AllowMatchingPropertyStatement ;
+    access:rule :AllowMatchingProperty .
+
+:AllowMatchingProperty a access:Rule;
+    access:check :SubjectRoleEqualsDataSetRoleAttribute ;
+    access:check :OperationEqualsDataSetOperation ;
+    access:check :AccessObjectTypeEqualsDataSetValue ;
+    access:check :AccessObjectUriContainsInDataSet .
+
+:AccessObjectTypeEqualsDataSetValue a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:values :AccessObjectTypeValueSet .
+
+:AccessObjectTypeValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:ObjectPropertyValueContainer ;
+    access:attributeValue access-individual:DataPropertyValueContainer ;
+    access:attributeValue access-individual:FauxObjectPropertyValueContainer ;
+    access:attributeValue access-individual:FauxDataPropertyValueContainer ;
     .
 
-:AllowMatchingPropertyStatement a ao:Rule;
-    ao:check :SubjectRoleEqualsDataSetRoleAttribute ;
-    ao:check :OperationEqualsDataSetOperation ;
-    ao:check :AccessObjectTypeStatementEquals ;
-    ao:check :StatementPredicateEquals ;
+:AllowMatchingPropertyStatement a access:Rule;
+    access:check :SubjectRoleEqualsDataSetRoleAttribute ;
+    access:check :OperationEqualsDataSetOperation ;
+    access:check :AccessObjectTypeStatementEquals ;
+    access:check :StatementPredicateEquals ;
     .
 
-:AccessObjectTypeStatementEquals a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:AccessObjectType ;
-    ao:templateValue :StatementAccessObjectTypeValueSet .
+:AccessObjectTypeStatementEquals a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:values :StatementAccessObjectTypeValueSet .
 
-:StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyStatementValueContainer ;
-    ao:attributeValue ai:DataPropertyStatementValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyStatementValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyStatementValueContainer ;
+:StatementAccessObjectTypeValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:ObjectPropertyStatementValueContainer ;
+    access:attributeValue access-individual:DataPropertyStatementValueContainer ;
+    access:attributeValue access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:attributeValue access-individual:FauxDataPropertyStatementValueContainer ;
     .
 
-:OperationEqualsDataSetOperation a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:Operation ;
-    ao:templateValue :OperationValueSet .
-
-:OperationValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:DisplayOperationValueContainer ;
-    ao:attributeValue ai:PublishOperationValueContainer ;
-    ao:attributeValue ai:EditOperationValueContainer ;
-    ao:attributeValue ai:AddOperationValueContainer ;
-    ao:attributeValue ai:DropOperationValueContainer ;
+:OperationEqualsDataSetOperation a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:values :OperationValueSet .
+
+:OperationValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:DisplayOperationValueContainer ;
+    access:attributeValue access-individual:PublishOperationValueContainer ;
+    access:attributeValue access-individual:EditOperationValueContainer ;
+    access:attributeValue access-individual:AddOperationValueContainer ;
+    access:attributeValue access-individual:DropOperationValueContainer ;
     .
 
-:SubjectRoleEqualsDataSetRoleAttribute a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:SubjectRole ;
-    ao:templateValue :RoleValueSet .
-
-:RoleValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:PublicRoleValueContainer ;
-    ao:attributeValue ai:EditorRoleValueContainer ;
-    ao:attributeValue ai:CuratorRoleValueContainer ;
-    ao:attributeValue ai:AdminRoleValueContainer .
-
-:StatementPredicateEquals a ao:Check ;
-    ao:operator ai:OneOf ;
-    ao:attribute ai:StatementPredicateUri ;
-    ao:templateValue :AllowedPropertyUriValueSet .
-
-:AccessObjectUriContainsInDataSet a ao:Check ;
-    ao:operator ai:OneOf ;
-    ao:attribute ai:AccessObjectUri ;
-    ao:templateValue :AllowedPropertyUriValueSet .
-
-:AllowedPropertyUriValueSet a ao:AttributeValueSet ;
-
-    ao:attributeValue ai:PublicDisplayObjectPropertyValueContainer ;
-    ao:attributeValue ai:EditorDisplayObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorDisplayObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminDisplayObjectPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicDisplayDataPropertyValueContainer ;
-    ao:attributeValue ai:EditorDisplayDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorDisplayDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminDisplayDataPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicDisplayFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:EditorDisplayFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorDisplayFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminDisplayFauxObjectPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicDisplayFauxDataPropertyValueContainer ;   
-    ao:attributeValue ai:EditorDisplayFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorDisplayFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminDisplayFauxDataPropertyValueContainer ;
-
-    ao:attributeValue ai:EditorPublishObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorPublishObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminPublishObjectPropertyValueContainer ;
-
-    ao:attributeValue ai:EditorPublishDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorPublishDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminPublishDataPropertyValueContainer ;
-
-    ao:attributeValue ai:EditorPublishFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorPublishFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminPublishFauxObjectPropertyValueContainer ;
-
-    ao:attributeValue ai:EditorPublishFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorPublishFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminPublishFauxDataPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicEditObjectPropertyValueContainer ;
-    ao:attributeValue ai:EditorEditObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorEditObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminEditObjectPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicAddObjectPropertyValueContainer ;
-    ao:attributeValue ai:EditorAddObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorAddObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminAddObjectPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicDropObjectPropertyValueContainer ;
-    ao:attributeValue ai:EditorDropObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorDropObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminDropObjectPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicEditDataPropertyValueContainer ;
-    ao:attributeValue ai:EditorEditDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorEditDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminEditDataPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicAddDataPropertyValueContainer ;
-    ao:attributeValue ai:EditorAddDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorAddDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminAddDataPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicDropDataPropertyValueContainer ;
-    ao:attributeValue ai:EditorDropDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorDropDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminDropDataPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicEditFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:EditorEditFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorEditFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminEditFauxObjectPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicAddFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:EditorAddFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorAddFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminAddFauxObjectPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicDropFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:EditorDropFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:CuratorDropFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:AdminDropFauxObjectPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicEditFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:EditorEditFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorEditFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminEditFauxDataPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicAddFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:EditorAddFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorAddFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminAddFauxDataPropertyValueContainer ;
-
-    ao:attributeValue ai:PublicDropFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:EditorDropFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:CuratorDropFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:AdminDropFauxDataPropertyValueContainer ;
+:SubjectRoleEqualsDataSetRoleAttribute a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:SubjectRole ;
+    access:values :RoleValueSet .
+
+:RoleValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:PublicRoleValueContainer ;
+    access:attributeValue access-individual:EditorRoleValueContainer ;
+    access:attributeValue access-individual:CuratorRoleValueContainer ;
+    access:attributeValue access-individual:AdminRoleValueContainer .
+
+:StatementPredicateEquals a access:Check ;
+    access:operator access-individual:OneOf ;
+    access:attribute access-individual:StatementPredicateUri ;
+    access:values :AllowedPropertyUriValueSet .
+
+:AccessObjectUriContainsInDataSet a access:Check ;
+    access:operator access-individual:OneOf ;
+    access:attribute access-individual:AccessObjectUri ;
+    access:values :AllowedPropertyUriValueSet .
+
+:AllowedPropertyUriValueSet a access:AttributeValueSet ;
+
+    access:attributeValue :PublicDisplayObjectPropertyValueContainer ;
+    access:attributeValue :EditorDisplayObjectPropertyValueContainer ;
+    access:attributeValue :CuratorDisplayObjectPropertyValueContainer ;
+    access:attributeValue :AdminDisplayObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicDisplayDataPropertyValueContainer ;
+    access:attributeValue :EditorDisplayDataPropertyValueContainer ;
+    access:attributeValue :CuratorDisplayDataPropertyValueContainer ;
+    access:attributeValue :AdminDisplayDataPropertyValueContainer ;
+
+    access:attributeValue :PublicDisplayFauxObjectPropertyValueContainer ;
+    access:attributeValue :EditorDisplayFauxObjectPropertyValueContainer ;
+    access:attributeValue :CuratorDisplayFauxObjectPropertyValueContainer ;
+    access:attributeValue :AdminDisplayFauxObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicDisplayFauxDataPropertyValueContainer ;   
+    access:attributeValue :EditorDisplayFauxDataPropertyValueContainer ;
+    access:attributeValue :CuratorDisplayFauxDataPropertyValueContainer ;
+    access:attributeValue :AdminDisplayFauxDataPropertyValueContainer ;
+
+    access:attributeValue :EditorPublishObjectPropertyValueContainer ;
+    access:attributeValue :CuratorPublishObjectPropertyValueContainer ;
+    access:attributeValue :AdminPublishObjectPropertyValueContainer ;
+
+    access:attributeValue :EditorPublishDataPropertyValueContainer ;
+    access:attributeValue :CuratorPublishDataPropertyValueContainer ;
+    access:attributeValue :AdminPublishDataPropertyValueContainer ;
+
+    access:attributeValue :EditorPublishFauxObjectPropertyValueContainer ;
+    access:attributeValue :CuratorPublishFauxObjectPropertyValueContainer ;
+    access:attributeValue :AdminPublishFauxObjectPropertyValueContainer ;
+
+    access:attributeValue :EditorPublishFauxDataPropertyValueContainer ;
+    access:attributeValue :CuratorPublishFauxDataPropertyValueContainer ;
+    access:attributeValue :AdminPublishFauxDataPropertyValueContainer ;
+
+    access:attributeValue :PublicEditObjectPropertyValueContainer ;
+    access:attributeValue :EditorEditObjectPropertyValueContainer ;
+    access:attributeValue :CuratorEditObjectPropertyValueContainer ;
+    access:attributeValue :AdminEditObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicAddObjectPropertyValueContainer ;
+    access:attributeValue :EditorAddObjectPropertyValueContainer ;
+    access:attributeValue :CuratorAddObjectPropertyValueContainer ;
+    access:attributeValue :AdminAddObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicDropObjectPropertyValueContainer ;
+    access:attributeValue :EditorDropObjectPropertyValueContainer ;
+    access:attributeValue :CuratorDropObjectPropertyValueContainer ;
+    access:attributeValue :AdminDropObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicEditDataPropertyValueContainer ;
+    access:attributeValue :EditorEditDataPropertyValueContainer ;
+    access:attributeValue :CuratorEditDataPropertyValueContainer ;
+    access:attributeValue :AdminEditDataPropertyValueContainer ;
+
+    access:attributeValue :PublicAddDataPropertyValueContainer ;
+    access:attributeValue :EditorAddDataPropertyValueContainer ;
+    access:attributeValue :CuratorAddDataPropertyValueContainer ;
+    access:attributeValue :AdminAddDataPropertyValueContainer ;
+
+    access:attributeValue :PublicDropDataPropertyValueContainer ;
+    access:attributeValue :EditorDropDataPropertyValueContainer ;
+    access:attributeValue :CuratorDropDataPropertyValueContainer ;
+    access:attributeValue :AdminDropDataPropertyValueContainer ;
+
+    access:attributeValue :PublicEditFauxObjectPropertyValueContainer ;
+    access:attributeValue :EditorEditFauxObjectPropertyValueContainer ;
+    access:attributeValue :CuratorEditFauxObjectPropertyValueContainer ;
+    access:attributeValue :AdminEditFauxObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicAddFauxObjectPropertyValueContainer ;
+    access:attributeValue :EditorAddFauxObjectPropertyValueContainer ;
+    access:attributeValue :CuratorAddFauxObjectPropertyValueContainer ;
+    access:attributeValue :AdminAddFauxObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicDropFauxObjectPropertyValueContainer ;
+    access:attributeValue :EditorDropFauxObjectPropertyValueContainer ;
+    access:attributeValue :CuratorDropFauxObjectPropertyValueContainer ;
+    access:attributeValue :AdminDropFauxObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicEditFauxDataPropertyValueContainer ;
+    access:attributeValue :EditorEditFauxDataPropertyValueContainer ;
+    access:attributeValue :CuratorEditFauxDataPropertyValueContainer ;
+    access:attributeValue :AdminEditFauxDataPropertyValueContainer ;
+
+    access:attributeValue :PublicAddFauxDataPropertyValueContainer ;
+    access:attributeValue :EditorAddFauxDataPropertyValueContainer ;
+    access:attributeValue :CuratorAddFauxDataPropertyValueContainer ;
+    access:attributeValue :AdminAddFauxDataPropertyValueContainer ;
+
+    access:attributeValue :PublicDropFauxDataPropertyValueContainer ;
+    access:attributeValue :EditorDropFauxDataPropertyValueContainer ;
+    access:attributeValue :CuratorDropFauxDataPropertyValueContainer ;
+    access:attributeValue :AdminDropFauxDataPropertyValueContainer ;
     .
 
-ai:PublicDropFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:EditorDropFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:CuratorDropFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:AdminDropFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-
-ai:PublicAddFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:EditorAddFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:CuratorAddFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:AdminAddFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-
-ai:PublicEditFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:EditorEditFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:CuratorEditFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:AdminEditFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-
-ai:PublicDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:EditorDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:CuratorDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:AdminDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-
-ai:PublicAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:EditorAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:CuratorAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:AdminAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-
-ai:PublicEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:EditorEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:CuratorEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:AdminEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-
-
-ai:PublicDropDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:EditorDropDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:CuratorDropDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:AdminDropDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-
-ai:PublicAddDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:EditorAddDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:CuratorAddDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:AdminAddDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-
-ai:PublicEditDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:EditorEditDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:CuratorEditDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:AdminEditDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-
-ai:PublicDropObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:EditorDropObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:CuratorDropObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:AdminDropObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-
-ai:PublicAddObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:EditorAddObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:CuratorAddObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:AdminAddObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-
-ai:PublicEditObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:EditorEditObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:CuratorEditObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:AdminEditObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-
-ai:PublicDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:EditorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:CuratorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:AdminDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-
-ai:PublicDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:EditorDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:CuratorDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:AdminDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-
-ai:PublicDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:EditorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:CuratorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:AdminDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-
-ai:PublicDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:EditorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:CuratorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:AdminDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-
-ai:EditorPublishObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:CuratorPublishObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:AdminPublishObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-
-ai:EditorPublishDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:CuratorPublishDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:AdminPublishDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-
-ai:EditorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:CuratorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:AdminPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-
-ai:EditorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:CuratorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-ai:AdminPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
+:PublicDropFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:EditorDropFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:CuratorDropFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:AdminDropFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+
+:PublicAddFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:EditorAddFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:CuratorAddFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:AdminAddFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+
+:PublicEditFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:EditorEditFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:CuratorEditFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:AdminEditFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+
+:PublicDropFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:EditorDropFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:CuratorDropFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:AdminDropFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+
+:PublicAddFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:EditorAddFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:CuratorAddFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:AdminAddFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+
+:PublicEditFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:EditorEditFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:CuratorEditFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:AdminEditFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+
+
+:PublicDropDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:EditorDropDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:CuratorDropDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:AdminDropDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+
+:PublicAddDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:EditorAddDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:CuratorAddDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:AdminAddDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+
+:PublicEditDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:EditorEditDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:CuratorEditDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:AdminEditDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+
+:PublicDropObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:EditorDropObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:CuratorDropObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:AdminDropObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+
+:PublicAddObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:EditorAddObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:CuratorAddObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:AdminAddObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+
+:PublicEditObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:EditorEditObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:CuratorEditObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:AdminEditObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+
+:PublicDisplayObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:EditorDisplayObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:CuratorDisplayObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:AdminDisplayObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+
+:PublicDisplayDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:EditorDisplayDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:CuratorDisplayDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:AdminDisplayDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+
+:PublicDisplayFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:EditorDisplayFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:CuratorDisplayFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:AdminDisplayFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+
+:PublicDisplayFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:EditorDisplayFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:CuratorDisplayFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:AdminDisplayFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+
+:EditorPublishObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:CuratorPublishObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:AdminPublishObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+
+:EditorPublishDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:CuratorPublishDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:AdminPublishDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+
+:EditorPublishFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:CuratorPublishFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:AdminPublishFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+
+:EditorPublishFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:CuratorPublishFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:AdminPublishFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 0a8b684ea3..706b8e8371 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -1,245 +1,240 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/related-allowed-property/> .
-
-:PolicyTemplate a ao:PolicyTemplate ;
-    ao:rules :RuleSet ;
-    ao:policyDataSets :DataSets .
-
-:DataSets a ao:PolicyDataSets ;
-    ao:policyDataSet :SelfEditorDisplayObjectPropertyDataSet ;
-    ao:policyDataSet :SelfEditorDisplayDataPropertyDataSet ;
-    ao:policyDataSet :SelfEditorDisplayFauxObjectPropertyDataSet ;
-    ao:policyDataSet :SelfEditorDisplayFauxDataPropertyDataSet ;
-    ao:policyDataSet :SelfEditorPublishObjectPropertyDataSet ;
-    ao:policyDataSet :SelfEditorPublishDataPropertyDataSet ;
-    ao:policyDataSet :SelfEditorPublishFauxObjectPropertyDataSet ;
-    ao:policyDataSet :SelfEditorPublishFauxDataPropertyDataSet ;
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/related-allowed-property/> .
+
+:PolicyTemplate a access:PolicyTemplate ;
+    access:rules :RuleSet ;
+    access:policyDataSets :DataSets .
+
+:DataSets a access:PolicyDataSets ;
+    access:policyDataSet :SelfEditorDisplayObjectPropertyDataSet ;
+    access:policyDataSet :SelfEditorDisplayDataPropertyDataSet ;
+    access:policyDataSet :SelfEditorDisplayFauxObjectPropertyDataSet ;
+    access:policyDataSet :SelfEditorDisplayFauxDataPropertyDataSet ;
+    access:policyDataSet :SelfEditorPublishObjectPropertyDataSet ;
+    access:policyDataSet :SelfEditorPublishDataPropertyDataSet ;
+    access:policyDataSet :SelfEditorPublishFauxObjectPropertyDataSet ;
+    access:policyDataSet :SelfEditorPublishFauxDataPropertyDataSet ;
     .
 
 ### Display object property data sets
 
-:SelfEditorDisplayObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorDisplayObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorDisplayObjectPropertyValueContainer .
+:SelfEditorDisplayObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorDisplayObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :SelfEditorDisplayObjectPropertyValueContainer .
 
-:SelfEditorDisplayObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:DisplayOperation .
+:SelfEditorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Display data property data sets
 
-:SelfEditorDisplayDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorDisplayDataPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorDisplayDataPropertyValueContainer .
+:SelfEditorDisplayDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorDisplayDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :SelfEditorDisplayDataPropertyValueContainer .
 
-:SelfEditorDisplayDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:DisplayOperation .
+:SelfEditorDisplayDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Display faux object property data sets
 
-:SelfEditorDisplayFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorDisplayFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorDisplayFauxObjectPropertyValueContainer .
+:SelfEditorDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorDisplayFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :SelfEditorDisplayFauxObjectPropertyValueContainer .
 
-:SelfEditorDisplayFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:DisplayOperation .
+:SelfEditorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Display faux data property data sets
 
-:SelfEditorDisplayFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorDisplayFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DisplayOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorDisplayFauxDataPropertyValueContainer .
+:SelfEditorDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorDisplayFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DisplayOperationValueContainer ;
+    access:dataSetValues :SelfEditorDisplayFauxDataPropertyValueContainer .
 
-:SelfEditorDisplayFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:DisplayOperation .
+:SelfEditorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:DisplayOperation .
 
 ### Publish object property data sets
 
-:SelfEditorPublishObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorPublishObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorPublishObjectPropertyValueContainer .
+:SelfEditorPublishObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorPublishObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :SelfEditorPublishObjectPropertyValueContainer .
 
-:SelfEditorPublishObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:PublishOperation .
+:SelfEditorPublishObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:PublishOperation .
 
 ### Publish data property data sets
 
-:SelfEditorPublishDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorPublishDataPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorPublishDataPropertyValueContainer .
+:SelfEditorPublishDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorPublishDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :SelfEditorPublishDataPropertyValueContainer .
 
-:SelfEditorPublishDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:PublishOperation .
+:SelfEditorPublishDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:PublishOperation .
 
 ### Publish faux object property data sets
 
-:SelfEditorPublishFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorPublishFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorPublishFauxObjectPropertyValueContainer .
+:SelfEditorPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorPublishFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :SelfEditorPublishFauxObjectPropertyValueContainer .
 
-:SelfEditorPublishFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:PublishOperation .
+:SelfEditorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:PublishOperation .
 
 ### Publish faux data property data sets
 
-:SelfEditorPublishFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorPublishFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:PublishOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorPublishFauxDataPropertyValueContainer .
+:SelfEditorPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorPublishFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:PublishOperationValueContainer ;
+    access:dataSetValues :SelfEditorPublishFauxDataPropertyValueContainer .
 
-:SelfEditorPublishFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:PublishOperation .
+:SelfEditorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:PublishOperation .
 
 ### Rules
 
-:RuleSet a ao:Rules ;
-    ao:rule :AllowMatchingPropertyStatement ;
-    ao:rule :AllowMatchingProperty .
-
-:AllowMatchingProperty a ao:Rule;
-    ao:check :SubjectRoleCheck ;
-    ao:check :OperationCheck ;
-    ao:check :AccessObjectTypeCheck ;
-    ao:check :AccessObjectUriCheck .
-
-:AccessObjectTypeCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:AccessObjectType ;
-    ao:templateValue :AccessObjectTypeValueSet .
-
-:AccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyValueContainer ;
-    ao:attributeValue ai:DataPropertyValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyValueContainer ;
+:RuleSet a access:Rules ;
+    access:rule :AllowMatchingPropertyStatement ;
+    access:rule :AllowMatchingProperty .
+
+:AllowMatchingProperty a access:Rule;
+    access:check :SubjectRoleCheck ;
+    access:check :OperationCheck ;
+    access:check :AccessObjectTypeCheck ;
+    access:check :AccessObjectUriCheck .
+
+:AccessObjectTypeCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:values :AccessObjectTypeValueSet .
+
+:AccessObjectTypeValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:ObjectPropertyValueContainer ;
+    access:attributeValue access-individual:DataPropertyValueContainer ;
+    access:attributeValue access-individual:FauxObjectPropertyValueContainer ;
+    access:attributeValue access-individual:FauxDataPropertyValueContainer ;
     .
 
-:AllowMatchingPropertyStatement a ao:Rule;
-    ao:check :SubjectRoleCheck ;
-    ao:check :OperationCheck ;
-    ao:check :AccessObjectStatementTypeCheck ;
-    ao:check :StatementPredicateCheck ;
+:AllowMatchingPropertyStatement a access:Rule;
+    access:check :SubjectRoleCheck ;
+    access:check :OperationCheck ;
+    access:check :AccessObjectStatementTypeCheck ;
+    access:check :StatementPredicateCheck ;
     .
 
-:AccessObjectStatementTypeCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:AccessObjectType ;
-    ao:templateValue :StatementAccessObjectTypeValueSet .
+:AccessObjectStatementTypeCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:values :StatementAccessObjectTypeValueSet .
 
-:StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyStatementValueContainer ;
-    ao:attributeValue ai:DataPropertyStatementValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyStatementValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyStatementValueContainer ;
+:StatementAccessObjectTypeValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:ObjectPropertyStatementValueContainer ;
+    access:attributeValue access-individual:DataPropertyStatementValueContainer ;
+    access:attributeValue access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:attributeValue access-individual:FauxDataPropertyStatementValueContainer ;
     .
 
-:OperationCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:Operation ;
-    ao:templateValue :OperationValueSet .
+:OperationCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:values :OperationValueSet .
 
-:OperationValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:DisplayOperationValueContainer ;
-    ao:attributeValue ai:PublishOperationValueContainer ;
+:OperationValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:DisplayOperationValueContainer ;
+    access:attributeValue access-individual:PublishOperationValueContainer ;
     .
 
-:SubjectRoleCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:SubjectRole ;
-    ao:templateValue :RoleValueSet .
-
-:RoleValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:SelfEditorRoleValueContainer .
-
-:StatementPredicateCheck a ao:Check ;
-    ao:operator ai:OneOf ;
-    ao:attribute ai:StatementPredicateUri ;
-    ao:templateValue :AllowedPropertyUriValueSet .
-
-:AccessObjectUriCheck a ao:Check ;
-    ao:operator ai:OneOf ;
-    ao:attribute ai:AccessObjectUri ;
-    ao:templateValue :AllowedPropertyUriValueSet .
-
-:AllowedPropertyUriValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:SelfEditorDisplayObjectPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorDisplayDataPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorDisplayFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorDisplayFauxDataPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorPublishObjectPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorPublishDataPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorPublishFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorPublishFauxDataPropertyValueContainer ;
+:SubjectRoleCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:SubjectRole ;
+    access:values :RoleValueSet .
+
+:RoleValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:SelfEditorRoleValueContainer .
+
+:StatementPredicateCheck a access:Check ;
+    access:operator access-individual:OneOf ;
+    access:attribute access-individual:StatementPredicateUri ;
+    access:values :AllowedPropertyUriValueSet .
+
+:AccessObjectUriCheck a access:Check ;
+    access:operator access-individual:OneOf ;
+    access:attribute access-individual:AccessObjectUri ;
+    access:values :AllowedPropertyUriValueSet .
+
+:AllowedPropertyUriValueSet a access:AttributeValueSet ;
+    access:attributeValue :SelfEditorDisplayObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorDisplayDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorDisplayFauxObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorDisplayFauxDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorPublishObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorPublishDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorPublishFauxObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorPublishFauxDataPropertyValueContainer ;
     .
 
-ai:SelfEditorDisplayObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:SelfEditorDisplayDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:SelfEditorDisplayFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:SelfEditorDisplayFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-
-ai:SelfEditorPublishObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:SelfEditorPublishDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:SelfEditorPublishFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:SelfEditorPublishFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
+:SelfEditorDisplayObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:SelfEditorDisplayDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:SelfEditorDisplayFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:SelfEditorDisplayFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+:SelfEditorPublishObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:SelfEditorPublishDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:SelfEditorPublishFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:SelfEditorPublishFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index 5af333d4f9..4d3f9d45e8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -1,135 +1,129 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/non-modifiable-statements/> .
-
-:PolicyTemplate a ao:PolicyTemplate ;
-    ao:priority 8000 ;
-    ao:policyDataSets :DataSets ;
-    ao:rules :RuleSet .
-
-:RuleSet a ao:Rules ;
-    ao:rule :RestrictObjectPropertyStatementsWithNotModifiablePredicate ;
-    ao:rule :RestrictObjectPropertyStatementsWithNotModifiableSubject ;
-    ao:rule :RestrictObjectPropertyStatementsWithNotModifiableObject ;
-    ao:rule :RestrictDataPropertyStatementsWithNotModifiableSubject ;
-    ao:rule :RestrictDataPropertyStatementsWithNotModifiablePredicate ;
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/non-modifiable-statements/> .
+
+:PolicyTemplate a access:PolicyTemplate ;
+    access:priority 8000 ;
+    access:policyDataSets :DataSets ;
+    access:rules :RuleSet .
+
+:RuleSet a access:Rules ;
+    access:rule :RestrictObjectPropertyStatementsWithNotModifiablePredicate ;
+    access:rule :RestrictObjectPropertyStatementsWithNotModifiableSubject ;
+    access:rule :RestrictObjectPropertyStatementsWithNotModifiableObject ;
+    access:rule :RestrictDataPropertyStatementsWithNotModifiableSubject ;
+    access:rule :RestrictDataPropertyStatementsWithNotModifiablePredicate ;
     .
 
-:RestrictObjectPropertyStatementsWithNotModifiableSubject a ao:Rule ;
-    ao:decision ai:Deny ;
-    ao:check :IsObjectPropertyStatement ;
-    ao:check :SubjectUriStartWithProhibitedNamespace ;
-    ao:check :StatementSubjectNotOneOfProhibitedExceptions .
-
-:RestrictObjectPropertyStatementsWithNotModifiablePredicate a ao:Rule ;
-    ao:decision ai:Deny ;
-    ao:check :IsObjectPropertyStatement ;
-    ao:check :PredicateUriStartWithProhibitedNamespace ;
-    ao:check :PredicateNotANamespaceException .
-
-:RestrictObjectPropertyStatementsWithNotModifiableObject a ao:Rule ;
-    ao:decision ai:Deny ;
-    ao:check :IsObjectPropertyStatement ;
-    ao:check :StatementObjectUriStartsWithProhibitedNameSpace ;
-    ao:check :ObjectUriNotOneOfProhibitedExceptions .
-
-:RestrictDataPropertyStatementsWithNotModifiableSubject a ao:Rule ;
-    ao:decision ai:Deny ;
-    ao:check :IsDataPropertyStatement ;
-    ao:check :SubjectUriStartWithProhibitedNamespace ;
-    ao:check :StatementSubjectNotOneOfProhibitedExceptions .
-
-:RestrictDataPropertyStatementsWithNotModifiablePredicate a ao:Rule ;
-    ao:decision ai:Deny ;
-    ao:check :IsDataPropertyStatement ;
-    ao:check :PredicateUriStartWithProhibitedNamespace ;
-    ao:check :PredicateNotANamespaceException .
-
-:IsObjectPropertyStatement a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:AccessObjectType ;
-    ao:value ai:ObjectPropertyStatement .
-
-:IsDataPropertyStatement a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:AccessObjectType ;
-    ao:value ai:DataPropertyStatement .
+:RestrictObjectPropertyStatementsWithNotModifiableSubject a access:Rule ;
+    access:decision access-individual:Deny ;
+    access:check :IsObjectPropertyStatement ;
+    access:check :SubjectUriStartWithProhibitedNamespace ;
+    access:check :StatementSubjectNotOneOfProhibitedExceptions .
+
+:RestrictObjectPropertyStatementsWithNotModifiablePredicate a access:Rule ;
+    access:decision access-individual:Deny ;
+    access:check :IsObjectPropertyStatement ;
+    access:check :PredicateUriStartWithProhibitedNamespace ;
+    access:check :PredicateNotANamespaceException .
+
+:RestrictObjectPropertyStatementsWithNotModifiableObject a access:Rule ;
+    access:decision access-individual:Deny ;
+    access:check :IsObjectPropertyStatement ;
+    access:check :StatementObjectUriStartsWithProhibitedNameSpace ;
+    access:check :ObjectUriNotOneOfProhibitedExceptions .
+
+:RestrictDataPropertyStatementsWithNotModifiableSubject a access:Rule ;
+    access:decision access-individual:Deny ;
+    access:check :IsDataPropertyStatement ;
+    access:check :SubjectUriStartWithProhibitedNamespace ;
+    access:check :StatementSubjectNotOneOfProhibitedExceptions .
+
+:RestrictDataPropertyStatementsWithNotModifiablePredicate a access:Rule ;
+    access:decision access-individual:Deny ;
+    access:check :IsDataPropertyStatement ;
+    access:check :PredicateUriStartWithProhibitedNamespace ;
+    access:check :PredicateNotANamespaceException .
+
+:IsObjectPropertyStatement a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:singleValue access-individual:ObjectPropertyStatement .
+
+:IsDataPropertyStatement a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:singleValue access-individual:DataPropertyStatement .
 
 ### Not modifiable property statement attributes
-:PredicateUriStartWithProhibitedNamespace a ao:Check ;
-    ao:operator ai:StartsWith ;
-    ao:attribute ai:StatementPredicateUri ;
-    ao:templateValue :ProhibitedNamespaceValueSet .
-
-:PredicateNotANamespaceException a ao:Check ;
-    ao:operator ai:NotOneOf ;
-    ao:attribute ai:StatementPredicateUri ;
-    ao:templateValue :ProhibitedNamespaceExceptionsValueSet .
-
-:SubjectUriStartWithProhibitedNamespace a ao:Check ;
-    ao:operator ai:StartsWith ;
-    ao:attribute ai:StatementSubjectUri ;
-    ao:templateValue :ProhibitedNamespaceValueSet .
-
-:StatementSubjectNotOneOfProhibitedExceptions a ao:Check ;
-    ao:operator ai:NotOneOf ;
-    ao:attribute ai:StatementSubjectUri ;
-    ao:templateValue :ProhibitedNamespaceExceptionsValueSet .    
-
-:StatementObjectUriStartsWithProhibitedNameSpace a ao:Check ;
-    ao:operator ai:StartsWith ;
-    ao:attribute ai:StatementObjectUri ;
-    ao:templateValue :ProhibitedNamespaceValueSet .
-
-:ObjectUriNotOneOfProhibitedExceptions a ao:Check ;
-    ao:operator ai:NotOneOf ;
-    ao:attribute ai:StatementObjectUri ;
-    ao:templateValue :ProhibitedNamespaceExceptionsValueSet .  
-
-### Not modifiable data property statement attributes    
+:PredicateUriStartWithProhibitedNamespace a access:Check ;
+    access:operator access-individual:StartsWith ;
+    access:attribute access-individual:StatementPredicateUri ;
+    access:values :ProhibitedNamespaceValueSet .
+
+:PredicateNotANamespaceException a access:Check ;
+    access:operator access-individual:NotOneOf ;
+    access:attribute access-individual:StatementPredicateUri ;
+    access:values :ProhibitedNamespaceExceptionsValueSet .
+
+:SubjectUriStartWithProhibitedNamespace a access:Check ;
+    access:operator access-individual:StartsWith ;
+    access:attribute access-individual:StatementSubjectUri ;
+    access:values :ProhibitedNamespaceValueSet .
+
+:StatementSubjectNotOneOfProhibitedExceptions a access:Check ;
+    access:operator access-individual:NotOneOf ;
+    access:attribute access-individual:StatementSubjectUri ;
+    access:values :ProhibitedNamespaceExceptionsValueSet .    
+
+:StatementObjectUriStartsWithProhibitedNameSpace a access:Check ;
+    access:operator access-individual:StartsWith ;
+    access:attribute access-individual:StatementObjectUri ;
+    access:values :ProhibitedNamespaceValueSet .
+
+:ObjectUriNotOneOfProhibitedExceptions a access:Check ;
+    access:operator access-individual:NotOneOf ;
+    access:attribute access-individual:StatementObjectUri ;
+    access:values :ProhibitedNamespaceExceptionsValueSet .  
 
 ###DataSets
-:DataSets a ao:PolicyDataSets ;
-    ao:policyDataSet :NotModifiableStatementsPolicyDataSet .
 
-:NotModifiableStatementsPolicyDataSet a ao:PolicyDataSet ;
-    ao:dataSetValues :ProhibitedNamespaceExceptionsValueContainer ;
-    ao:dataSetValues :ProhibitedNamespaceValueContainer .
+:DataSets a access:PolicyDataSets ;
+    access:policyDataSet :NotModifiableStatementsPolicyDataSet .
 
-:ProhibitedNamespaceValueSet a ao:AttributeValueSet ;
-    ao:attributeValue :ProhibitedNamespaceValueContainer .
+:NotModifiableStatementsPolicyDataSet a access:PolicyDataSet ;
+    access:dataSetValues :ProhibitedNamespaceExceptionsValueContainer ;
+    access:dataSetValues :ProhibitedNamespaceValueContainer .
 
-:ProhibitedNamespaceExceptionsValueSet a ao:AttributeValueSet ;
-    ao:attributeValue :ProhibitedNamespaceExceptionsValueContainer .
+:ProhibitedNamespaceValueSet a access:AttributeValueSet ;
+    access:attributeValue :ProhibitedNamespaceValueContainer .
 
-:ProhibitedNamespaceExceptionsValueContainer a ao:ValueContainer ;
+:ProhibitedNamespaceExceptionsValueSet a access:AttributeValueSet ;
+    access:attributeValue :ProhibitedNamespaceExceptionsValueContainer .
+
+:ProhibitedNamespaceExceptionsValueContainer a access:ValueContainer ;
     .
 
-:ProhibitedNamespaceValueContainer a ao:ValueContainer ;
+:ProhibitedNamespaceValueContainer a access:ValueContainer ;
     .
 
 :ProhibitedNamespaceExceptionsValueContainer
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#moniker> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/public#mainImage> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Link> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#primaryLink> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#additionalLink> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkAnchor> ;
-    ao:dataValue <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkURL> ;
+    access:value <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#moniker> ;
+    access:value <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime> ;
+    access:value <http://vitro.mannlib.cornell.edu/ns/vitro/public#mainImage> ;
+    access:value <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#Link> ;
+    access:value <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#primaryLink> ;
+    access:value <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#additionalLink> ;
+    access:value <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkAnchor> ;
+    access:value <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkURL> ;
     .
 
 :ProhibitedNamespaceValueContainer
-    ao:dataValue  :prohibitedNamespacePrefix ; 
+    access:value  :prohibitedNamespacePrefix ; 
     .
 
-:prohibitedNamespacePrefix a ao:TestValue ;
-    ao:id "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#" ;
+:prohibitedNamespacePrefix a access:AttributeValue ;
+    access:id "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#" ;
     
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 7c8cdde7cb..9d8773a4a7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -1,159 +1,153 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/simple-permissions/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/> .
 
-:PolicyTemplate a ao:PolicyTemplate ;
-    ao:priority 1000 ;
-    ao:policyDataSets :DataSets ;
-    ao:rules :RuleSet .
+:PolicyTemplate a access:PolicyTemplate ;
+    access:priority 1000 ;
+    access:policyDataSets :DataSets ;
+    access:rules :RuleSet .
 
-:DataSets a ao:PolicyDataSets ;
-    ao:policyDataSetTemplate :RoleDataSetTemplate ;
-    ao:policyDataSet :PublicDataSet ;
-    ao:policyDataSet :SelfEditorDataSet ;
-    ao:policyDataSet :EditorDataSet ;
-    ao:policyDataSet :CuratorDataSet ;
-    ao:policyDataSet :AdminDataSet .
+:DataSets a access:PolicyDataSets ;
+    access:policyDataSetTemplate :RoleDataSetTemplate ;
+    access:policyDataSet :PublicDataSet ;
+    access:policyDataSet :SelfEditorDataSet ;
+    access:policyDataSet :EditorDataSet ;
+    access:policyDataSet :CuratorDataSet ;
+    access:policyDataSet :AdminDataSet .
 
 #Role data set template
 
-:RoleDataSetTemplate a ao:DataSetTemplate ;
-    ao:dataSetTemplateKey :RoleDataSetTemplateKey ;
-    ao:dataSetKeyTemplate :RoleDataSetKeyTemplate ;
-    ao:dataSetValueTemplate :RoleValueContainerTemplate ;
-    ao:dataSetValueTemplate :RolePermissionValueContainerTemplate .  
+:RoleDataSetTemplate a access:DataSetTemplate ;
+    access:dataSetTemplateKey :RoleDataSetTemplateKey ;
+    access:dataSetKeyTemplate :RoleDataSetKeyTemplate ;
+    access:dataSetValueTemplate :RoleValueContainerTemplate ;
+    access:dataSetValueTemplate :RolePermissionValueContainerTemplate .  
 
-:RoleDataSetTemplateKey a ao:DataSetTemplateKey ;
-    ao:templateKey ai:SubjectRole .
+:RoleDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:templateKey access-individual:SubjectRole .
 
-:RoleDataSetKeyTemplate a ao:DataSetKeyTemplate ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent ai:ExecuteOperation ;
-    ao:keyComponentTemplate ai:SubjectRole .
+:RoleDataSetKeyTemplate a access:DataSetKeyTemplate ;
+    access:keyComponent access-individual:NamedObject ;
+    access:keyComponent access-individual:ExecuteOperation ;
+    access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :RoleValueSet;
-    ao:containerTypeTemplate ai:SubjectRole .
-
-:RolePermissionValueContainerTemplate a ao:ValueContainerTemplate ;
-    ao:relatedValueSet :TypeValueSet;
-    ao:defaultValue simplePermission:PageViewablePublic;
-    ao:defaultValue simplePermission:QueryFullModel ;
-    ao:containerTypeTemplate ai:NamedObject .
+:RoleValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :RoleValueSet;
+    access:containerTypeTemplate access-individual:SubjectRole .
 
+:RolePermissionValueContainerTemplate a access:ValueContainerTemplate ;
+    access:relatedValueSet :TypeValueSet;
+    access:defaultValue simplePermission:PageViewablePublic;
+    access:defaultValue simplePermission:QueryFullModel ;
+    access:containerTypeTemplate access-individual:NamedObject .
 
 #Data sets
 
-:PublicDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :PublicDataSetKey ;
-    ao:dataSetValues ai:PublicRoleValueContainer ;
-    ao:dataSetValues ai:PublicSimplePermissionValueContainer .
-
-:PublicDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent ai:ExecuteOperation ;
-    ao:keyComponent auth:PUBLIC .
-
-:SelfEditorDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:SelfEditorSimplePermissionValueContainer .
-
-:SelfEditorDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent ai:ExecuteOperation ;
-    ao:keyComponent auth:SELF_EDITOR .
-
-:EditorDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :EditorDataSetKey ;
-    ao:dataSetValues ai:EditorRoleValueContainer ;
-    ao:dataSetValues ai:EditorSimplePermissionValueContainer .
-
-:EditorDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent ai:ExecuteOperation ;
-    ao:keyComponent auth:EDITOR .
-
-:CuratorDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :CuratorDataSetKey ;
-    ao:dataSetValues ai:CuratorRoleValueContainer ;
-    ao:dataSetValues ai:CuratorSimplePermissionValueContainer .
-
-:CuratorDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent ai:ExecuteOperation ;
-    ao:keyComponent auth:CURATOR .
-
-:AdminDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :AdminDataSetKey  ;
-    ao:dataSetValues ai:AdminRoleValueContainer ;
-    ao:dataSetValues ai:AdminSimplePermissionValueContainer .
-
-:AdminDataSetKey  a ao:DataSetKey ;
-    ao:keyComponent ai:NamedObject ;
-    ao:keyComponent ai:ExecuteOperation ;
-    ao:keyComponent auth:ADMIN .
-
-:RuleSet a ao:Rules ;
-    ao:rule :AllowSimplePermission .
-
-:AllowSimplePermission a ao:Rule;
-    ao:check :IsSimplePermission ;
-    ao:check :IsExecuteOperation ;
-    ao:check :PermissionNameAllowed ;
-    ao:check :SubjectRoleEqualsDataSetRole .
-
-:IsExecuteOperation a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:Operation ;
-    ao:value ai:ExecuteOperation .
-
-:PermissionNameAllowed a ao:Check ;
-    ao:operator ai:OneOf ;
-    ao:attribute ai:AccessObjectUri ;
-    ao:templateValue :TypeValueSet .
-
-:IsSimplePermission a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:AccessObjectType ;
-    ao:value ai:NamedObject .
-
-:TypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:PublicSimplePermissionValueContainer ;
-    ao:attributeValue ai:SelfEditorSimplePermissionValueContainer ;
-    ao:attributeValue ai:EditorSimplePermissionValueContainer ;
-    ao:attributeValue ai:CuratorSimplePermissionValueContainer ;
-    ao:attributeValue ai:AdminSimplePermissionValueContainer .
-
-ai:PublicSimplePermissionValueContainer a ao:ValueContainer ;
-    ao:containerType ai:NamedObject .
-ai:SelfEditorSimplePermissionValueContainer a ao:ValueContainer ;
-    ao:containerType ai:NamedObject .
-ai:EditorSimplePermissionValueContainer a ao:ValueContainer ;
-    ao:containerType ai:NamedObject .
-ai:CuratorSimplePermissionValueContainer a ao:ValueContainer ;
-    ao:containerType ai:NamedObject .
-ai:AdminSimplePermissionValueContainer a ao:ValueContainer ;
-    ao:containerType ai:NamedObject .
-
-:SubjectRoleEqualsDataSetRole a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:SubjectRole ;
-    ao:templateValue :RoleValueSet .
-
-:RoleValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:PublicRoleValueContainer ;
-    ao:attributeValue ai:SelfEditorRoleValueContainer ;
-    ao:attributeValue ai:EditorRoleValueContainer ;
-    ao:attributeValue ai:CuratorRoleValueContainer ;
-    ao:attributeValue ai:AdminRoleValueContainer .
-
+:PublicDataSet a access:PolicyDataSet ;
+    access:dataSetKey :PublicDataSetKey ;
+    access:dataSetValues access-individual:PublicRoleValueContainer ;
+    access:dataSetValues :PublicSimplePermissionValueContainer .
+
+:PublicDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:NamedObject ;
+    access:keyComponent access-individual:ExecuteOperation ;
+    access:keyComponent auth:PUBLIC .
+
+:SelfEditorDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues :SelfEditorSimplePermissionValueContainer .
+
+:SelfEditorDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:NamedObject ;
+    access:keyComponent access-individual:ExecuteOperation ;
+    access:keyComponent auth:SELF_EDITOR .
+
+:EditorDataSet a access:PolicyDataSet ;
+    access:dataSetKey :EditorDataSetKey ;
+    access:dataSetValues access-individual:EditorRoleValueContainer ;
+    access:dataSetValues :EditorSimplePermissionValueContainer .
+
+:EditorDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:NamedObject ;
+    access:keyComponent access-individual:ExecuteOperation ;
+    access:keyComponent auth:EDITOR .
+
+:CuratorDataSet a access:PolicyDataSet ;
+    access:dataSetKey :CuratorDataSetKey ;
+    access:dataSetValues access-individual:CuratorRoleValueContainer ;
+    access:dataSetValues :CuratorSimplePermissionValueContainer .
+
+:CuratorDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:NamedObject ;
+    access:keyComponent access-individual:ExecuteOperation ;
+    access:keyComponent auth:CURATOR .
+
+:AdminDataSet a access:PolicyDataSet ;
+    access:dataSetKey :AdminDataSetKey  ;
+    access:dataSetValues access-individual:AdminRoleValueContainer ;
+    access:dataSetValues :AdminSimplePermissionValueContainer .
+
+:AdminDataSetKey  a access:DataSetKey ;
+    access:keyComponent access-individual:NamedObject ;
+    access:keyComponent access-individual:ExecuteOperation ;
+    access:keyComponent auth:ADMIN .
+
+:RuleSet a access:Rules ;
+    access:rule :AllowSimplePermission .
+
+:AllowSimplePermission a access:Rule;
+    access:check :IsSimplePermission ;
+    access:check :IsExecuteOperation ;
+    access:check :PermissionNameAllowed ;
+    access:check :SubjectRoleEqualsDataSetRole .
+
+:IsExecuteOperation a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:singleValue access-individual:ExecuteOperation .
+
+:PermissionNameAllowed a access:Check ;
+    access:operator access-individual:OneOf ;
+    access:attribute access-individual:AccessObjectUri ;
+    access:values :TypeValueSet .
+
+:IsSimplePermission a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:singleValue access-individual:NamedObject .
+
+:TypeValueSet a access:AttributeValueSet ;
+    access:attributeValue :PublicSimplePermissionValueContainer ;
+    access:attributeValue :SelfEditorSimplePermissionValueContainer ;
+    access:attributeValue :EditorSimplePermissionValueContainer ;
+    access:attributeValue :CuratorSimplePermissionValueContainer ;
+    access:attributeValue :AdminSimplePermissionValueContainer .
+
+:PublicSimplePermissionValueContainer a access:ValueContainer ;
+    access:containerType access-individual:NamedObject .
+:SelfEditorSimplePermissionValueContainer a access:ValueContainer ;
+    access:containerType access-individual:NamedObject .
+:EditorSimplePermissionValueContainer a access:ValueContainer ;
+    access:containerType access-individual:NamedObject .
+:CuratorSimplePermissionValueContainer a access:ValueContainer ;
+    access:containerType access-individual:NamedObject .
+:AdminSimplePermissionValueContainer a access:ValueContainer ;
+    access:containerType access-individual:NamedObject .
+
+:SubjectRoleEqualsDataSetRole a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:SubjectRole ;
+    access:values :RoleValueSet .
+
+:RoleValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:PublicRoleValueContainer ;
+    access:attributeValue access-individual:SelfEditorRoleValueContainer ;
+    access:attributeValue access-individual:EditorRoleValueContainer ;
+    access:attributeValue access-individual:CuratorRoleValueContainer ;
+    access:attributeValue access-individual:AdminRoleValueContainer .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index c704812fee..8af4a433c0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -1,335 +1,331 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix owl: <http://www.w3.org/2002/07/owl#> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
-@prefix ai: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
-@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/update-related-allowed-property/> .
-
-:PolicyTemplate a ao:PolicyTemplate ;
-    ao:rules :RuleSet ;
-    ao:policyDataSets :DataSets .
-
-:DataSets a ao:PolicyDataSets ;
-
-    ao:policyDataSet :SelfEditorAddObjectPropertyDataSet ;
-    ao:policyDataSet :SelfEditorAddDataPropertyDataSet ;
-    ao:policyDataSet :SelfEditorAddFauxObjectPropertyDataSet ;
-    ao:policyDataSet :SelfEditorAddFauxDataPropertyDataSet ;
-
-    ao:policyDataSet :SelfEditorEditObjectPropertyDataSet ;
-    ao:policyDataSet :SelfEditorEditDataPropertyDataSet ;
-    ao:policyDataSet :SelfEditorEditFauxObjectPropertyDataSet ;
-    ao:policyDataSet :SelfEditorEditFauxDataPropertyDataSet ;
-
-    ao:policyDataSet :SelfEditorDropObjectPropertyDataSet ;
-    ao:policyDataSet :SelfEditorDropDataPropertyDataSet ;
-    ao:policyDataSet :SelfEditorDropFauxObjectPropertyDataSet ;
-    ao:policyDataSet :SelfEditorDropFauxDataPropertyDataSet ;
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/update-related-allowed-property/> .
+
+:PolicyTemplate a access:PolicyTemplate ;
+    access:rules :RuleSet ;
+    access:policyDataSets :DataSets .
+
+:DataSets a access:PolicyDataSets ;
+
+    access:policyDataSet :SelfEditorAddObjectPropertyDataSet ;
+    access:policyDataSet :SelfEditorAddDataPropertyDataSet ;
+    access:policyDataSet :SelfEditorAddFauxObjectPropertyDataSet ;
+    access:policyDataSet :SelfEditorAddFauxDataPropertyDataSet ;
+
+    access:policyDataSet :SelfEditorEditObjectPropertyDataSet ;
+    access:policyDataSet :SelfEditorEditDataPropertyDataSet ;
+    access:policyDataSet :SelfEditorEditFauxObjectPropertyDataSet ;
+    access:policyDataSet :SelfEditorEditFauxDataPropertyDataSet ;
+
+    access:policyDataSet :SelfEditorDropObjectPropertyDataSet ;
+    access:policyDataSet :SelfEditorDropDataPropertyDataSet ;
+    access:policyDataSet :SelfEditorDropFauxObjectPropertyDataSet ;
+    access:policyDataSet :SelfEditorDropFauxDataPropertyDataSet ;
     .
 
 ### Add object property data sets
 
-:SelfEditorAddObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorAddObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorAddObjectPropertyValueContainer .
+:SelfEditorAddObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorAddObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :SelfEditorAddObjectPropertyValueContainer .
 
-:SelfEditorAddObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:AddOperation .
+:SelfEditorAddObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:AddOperation .
 
 ### Add data property data sets
 
-:SelfEditorAddDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorAddDataPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorAddDataPropertyValueContainer .
+:SelfEditorAddDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorAddDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :SelfEditorAddDataPropertyValueContainer .
 
-:SelfEditorAddDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:AddOperation .
+:SelfEditorAddDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:AddOperation .
 
 ### Add faux object property data sets
 
-:SelfEditorAddFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorAddFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorAddFauxObjectPropertyValueContainer .
+:SelfEditorAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorAddFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :SelfEditorAddFauxObjectPropertyValueContainer .
 
-:SelfEditorAddFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:AddOperation .
+:SelfEditorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:AddOperation .
 
 ### Add faux data property data sets
 
-:SelfEditorAddFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorAddFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:AddOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorAddFauxDataPropertyValueContainer .
+:SelfEditorAddFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorAddFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:AddOperationValueContainer ;
+    access:dataSetValues :SelfEditorAddFauxDataPropertyValueContainer .
 
-:SelfEditorAddFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:AddOperation .
+:SelfEditorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:AddOperation .
 
 ### Drop object property data sets
 
-:SelfEditorDropObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorDropObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorDropObjectPropertyValueContainer .
+:SelfEditorDropObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorDropObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :SelfEditorDropObjectPropertyValueContainer .
 
-:SelfEditorDropObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:DropOperation .
+:SelfEditorDropObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:DropOperation .
 
 ### Drop data property data sets
 
-:SelfEditorDropDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorDropDataPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorDropDataPropertyValueContainer .
+:SelfEditorDropDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorDropDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :SelfEditorDropDataPropertyValueContainer .
 
-:SelfEditorDropDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:DropOperation .
+:SelfEditorDropDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:DropOperation .
 
 ### Drop faux object property data sets
 
-:SelfEditorDropFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorDropFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorDropFauxObjectPropertyValueContainer .
+:SelfEditorDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorDropFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :SelfEditorDropFauxObjectPropertyValueContainer .
 
-:SelfEditorDropFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:DropOperation .
+:SelfEditorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:DropOperation .
 
 ### Drop faux data property data sets
 
-:SelfEditorDropFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorDropFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:DropOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorDropFauxDataPropertyValueContainer .
+:SelfEditorDropFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorDropFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:DropOperationValueContainer ;
+    access:dataSetValues :SelfEditorDropFauxDataPropertyValueContainer .
 
-:SelfEditorDropFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:DropOperation .
+:SelfEditorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:DropOperation .
 
 ### Edit object property data sets
 
-:SelfEditorEditObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorEditObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyValueContainer ;
-    ao:dataSetValues ai:ObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorEditObjectPropertyValueContainer .
+:SelfEditorEditObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorEditObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :SelfEditorEditObjectPropertyValueContainer .
 
-:SelfEditorEditObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:ObjectProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:EditOperation .
+:SelfEditorEditObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:ObjectProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:EditOperation .
 
 ### Edit data property data sets
 
-:SelfEditorEditDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorEditDataPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:DataPropertyValueContainer ;
-    ao:dataSetValues ai:DataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorEditDataPropertyValueContainer .
+:SelfEditorEditDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorEditDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:DataPropertyValueContainer ;
+    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :SelfEditorEditDataPropertyValueContainer .
 
-:SelfEditorEditDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:DataProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:EditOperation .
+:SelfEditorEditDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:DataProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:EditOperation .
 
 ### Edit faux object property data sets
 
-:SelfEditorEditFauxObjectPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorEditFauxObjectPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyValueContainer ;
-    ao:dataSetValues ai:FauxObjectPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorEditFauxObjectPropertyValueContainer .
+:SelfEditorEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorEditFauxObjectPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :SelfEditorEditFauxObjectPropertyValueContainer .
 
-:SelfEditorEditFauxObjectPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxObjectProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:EditOperation .
+:SelfEditorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxObjectProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:EditOperation .
 
 ### Edit faux data property data sets
 
-:SelfEditorEditFauxDataPropertyDataSet a ao:PolicyDataSet ;
-    ao:dataSetKey :SelfEditorEditFauxDataPropertyDataSetKey ;
-    ao:dataSetValues ai:SelfEditorRoleValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyValueContainer ;
-    ao:dataSetValues ai:FauxDataPropertyStatementValueContainer ;
-    ao:dataSetValues ai:EditOperationValueContainer ;
-    ao:dataSetValues ai:SelfEditorEditFauxDataPropertyValueContainer .
+:SelfEditorEditFauxDataPropertyDataSet a access:PolicyDataSet ;
+    access:dataSetKey :SelfEditorEditFauxDataPropertyDataSetKey ;
+    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
+    access:dataSetValues access-individual:EditOperationValueContainer ;
+    access:dataSetValues :SelfEditorEditFauxDataPropertyValueContainer .
 
-:SelfEditorEditFauxDataPropertyDataSetKey a ao:DataSetKey ;
-    ao:keyComponent ai:FauxDataProperty ;
-    ao:keyComponent auth:SELF_EDITOR ;
-    ao:keyComponent ai:EditOperation .
+:SelfEditorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
+    access:keyComponent access-individual:FauxDataProperty ;
+    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:EditOperation .
 
 ### Rules
 
-:RuleSet a ao:Rules ;
-    ao:rule :AllowMatchingPropertyStatement ;
-    ao:rule :AllowMatchingProperty .
-
-:AllowMatchingProperty a ao:Rule;
-    ao:check :SubjectRoleCheck ;
-    ao:check :OperationCheck ;
-    ao:check :AccessObjectTypeCheck ;
-    ao:check :AccessObjectUriCheck .
-
-:AccessObjectTypeCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:AccessObjectType ;
-    ao:templateValue :AccessObjectTypeValueSet .
-
-:AccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyValueContainer ;
-    ao:attributeValue ai:DataPropertyValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyValueContainer ;
+:RuleSet a access:Rules ;
+    access:rule :AllowMatchingPropertyStatement ;
+    access:rule :AllowMatchingProperty .
+
+:AllowMatchingProperty a access:Rule;
+    access:check :SubjectRoleCheck ;
+    access:check :OperationCheck ;
+    access:check :AccessObjectTypeCheck ;
+    access:check :AccessObjectUriCheck .
+
+:AccessObjectTypeCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:values :AccessObjectTypeValueSet .
+
+:AccessObjectTypeValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:ObjectPropertyValueContainer ;
+    access:attributeValue access-individual:DataPropertyValueContainer ;
+    access:attributeValue access-individual:FauxObjectPropertyValueContainer ;
+    access:attributeValue access-individual:FauxDataPropertyValueContainer ;
     .
 
-:AllowMatchingPropertyStatement a ao:Rule;
-    ao:check :SubjectRoleCheck ;
-    ao:check :OperationCheck ;
-    ao:check :AccessObjectStatementTypeCheck ;
-    ao:check :StatementPredicateCheck ;
-    ao:check :RelationCheck ;
+:AllowMatchingPropertyStatement a access:Rule;
+    access:check :SubjectRoleCheck ;
+    access:check :OperationCheck ;
+    access:check :AccessObjectStatementTypeCheck ;
+    access:check :StatementPredicateCheck ;
+    access:check :RelationCheck ;
     .
 
-:RelationCheck a ao:Check ;
-    ao:operator ai:SparqlSelectQueryContains ;
-    ao:attribute ai:StatementSubjectUri ;
-    ao:value ai:PersonProfileProximityToResourceUri .
-
-:AccessObjectStatementTypeCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:AccessObjectType ;
-    ao:templateValue :StatementAccessObjectTypeValueSet .
-
-:StatementAccessObjectTypeValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:ObjectPropertyStatementValueContainer ;
-    ao:attributeValue ai:DataPropertyStatementValueContainer ;
-    ao:attributeValue ai:FauxObjectPropertyStatementValueContainer ;
-    ao:attributeValue ai:FauxDataPropertyStatementValueContainer ;
+:RelationCheck a access:Check ;
+    access:operator access-individual:SparqlSelectQueryContains ;
+    access:attribute access-individual:StatementSubjectUri ;
+    access:singleValue access-individual:PersonProfileProximityToResourceUri .
+
+:AccessObjectStatementTypeCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:values :StatementAccessObjectTypeValueSet .
+
+:StatementAccessObjectTypeValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:ObjectPropertyStatementValueContainer ;
+    access:attributeValue access-individual:DataPropertyStatementValueContainer ;
+    access:attributeValue access-individual:FauxObjectPropertyStatementValueContainer ;
+    access:attributeValue access-individual:FauxDataPropertyStatementValueContainer ;
     .
 
-:OperationCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:Operation ;
-    ao:templateValue :OperationValueSet .
+:OperationCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:values :OperationValueSet .
 
-:OperationValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:AddOperationValueContainer ;
-    ao:attributeValue ai:DropOperationValueContainer ;
-    ao:attributeValue ai:EditOperationValueContainer ;
+:OperationValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:AddOperationValueContainer ;
+    access:attributeValue access-individual:DropOperationValueContainer ;
+    access:attributeValue access-individual:EditOperationValueContainer ;
     .
 
-:SubjectRoleCheck a ao:Check ;
-    ao:operator ai:Equals ;
-    ao:attribute ai:SubjectRole ;
-    ao:templateValue :RoleValueSet .
+:SubjectRoleCheck a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:SubjectRole ;
+    access:values :RoleValueSet .
 
-:RoleValueSet a ao:AttributeValueSet ;
-    ao:attributeValue ai:SelfEditorRoleValueContainer .
+:RoleValueSet a access:AttributeValueSet ;
+    access:attributeValue access-individual:SelfEditorRoleValueContainer .
 
-:StatementPredicateCheck a ao:Check ;
-    ao:operator ai:OneOf ;
-    ao:attribute ai:StatementPredicateUri ;
-    ao:templateValue :AllowedPropertyUriValueSet .
+:StatementPredicateCheck a access:Check ;
+    access:operator access-individual:OneOf ;
+    access:attribute access-individual:StatementPredicateUri ;
+    access:values :AllowedPropertyUriValueSet .
 
-:AccessObjectUriCheck a ao:Check ;
-    ao:operator ai:OneOf ;
-    ao:attribute ai:AccessObjectUri ;
-    ao:templateValue :AllowedPropertyUriValueSet .
+:AccessObjectUriCheck a access:Check ;
+    access:operator access-individual:OneOf ;
+    access:attribute access-individual:AccessObjectUri ;
+    access:values :AllowedPropertyUriValueSet .
 
-:AllowedPropertyUriValueSet a ao:AttributeValueSet ;
+:AllowedPropertyUriValueSet a access:AttributeValueSet ;
 
-    ao:attributeValue ai:SelfEditorAddObjectPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorAddDataPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorAddFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorAddFauxDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorAddObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorAddDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorAddFauxObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorAddFauxDataPropertyValueContainer ;
 
-    ao:attributeValue ai:SelfEditorEditObjectPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorEditDataPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorEditFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorEditFauxDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorEditObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorEditDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorEditFauxObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorEditFauxDataPropertyValueContainer ;
 
-    ao:attributeValue ai:SelfEditorDropObjectPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorDropDataPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorDropFauxObjectPropertyValueContainer ;
-    ao:attributeValue ai:SelfEditorDropFauxDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorDropObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorDropDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorDropFauxObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorDropFauxDataPropertyValueContainer ;
     .
 
-ai:SelfEditorAddObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:SelfEditorAddDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:SelfEditorAddFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:SelfEditorAddFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-
-ai:SelfEditorEditObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:SelfEditorEditDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:SelfEditorEditFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:SelfEditorEditFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
-
-ai:SelfEditorDropObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:ObjectProperty .
-ai:SelfEditorDropDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:DataProperty .
-ai:SelfEditorDropFauxObjectPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxObjectProperty .
-ai:SelfEditorDropFauxDataPropertyValueContainer a ao:ValueContainer ;
-    ao:containerType ai:FauxDataProperty .
+:SelfEditorAddObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:SelfEditorAddDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:SelfEditorAddFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:SelfEditorAddFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+
+:SelfEditorEditObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:SelfEditorEditDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:SelfEditorEditFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:SelfEditorEditFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .
+
+:SelfEditorDropObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:ObjectProperty .
+:SelfEditorDropDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:DataProperty .
+:SelfEditorDropFauxObjectPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxObjectProperty .
+:SelfEditorDropFauxDataPropertyValueContainer a access:ValueContainer ;
+    access:containerType access-individual:FauxDataProperty .

From 573bdef79a3b82731d2de580b62361982ec8c04b Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 30 Oct 2023 15:35:12 +0100
Subject: [PATCH 086/148] fix: reload policies after migration. Write converted
 permissions to tomcat log file on migration from ARM. Code refactored for
 better readablility.

---
 .../webapp/migration/auth/ArmMigrator.java    | 149 +++++++++++-------
 .../webapp/migration/auth/AuthMigrator.java   |  20 +--
 .../migration/auth/ArmMigratorTest.java       |   5 +-
 3 files changed, 98 insertions(+), 76 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
index 495e26fd60..0a201dd8f7 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
@@ -40,6 +40,8 @@ public class ArmMigrator {
     protected static final String ARM_SELF_EDITOR = "SELF_EDITOR";
     protected static final String ARM_PUBLIC = "PUBLIC";
     protected static final String ARM_CUSTOM = "CUSTOM";
+    protected StringBuilder removals = new StringBuilder();
+    protected StringBuilder additions = new StringBuilder();
 
     protected static final List<String> armOperations = Arrays.asList(DISPLAY, UPDATE, PUBLISH);
     protected static final List<AccessObjectType> entityTypes =
@@ -104,36 +106,49 @@ private static String getRoleName(String roleUri) {
     public void migrateConfiguration() {
         cleanEntityDataSetValues();
         Map<AccessObjectType, Set<String>> entityTypeMap = getEntityMap();
-        StringBuilder additions = new StringBuilder();
-        collectAdditions(entityTypeMap, additions);
+        collectAdditions(entityTypeMap);
         PolicyLoader.getInstance().updateAccessControlModel(additions.toString(), true);
     }
 
     private void cleanEntityDataSetValues() {
-        StringBuilder removals = getStatementsToRemove();
+        getStatementsToRemove();
         PolicyLoader.getInstance().updateAccessControlModel(removals.toString(), false);
     }
 
     protected StringBuilder getStatementsToRemove() {
-        StringBuilder removals = new StringBuilder();
         for (String role : roleMap.keySet()) {
             String newRole = roleMap.get(role);
-            for (String operation : armOperations) {
-                OperationGroup og = operationMap.get(operation);
-                for (AccessOperation ao : OperationGroup.getOperations(og)) {
-                    for (AccessObjectType aot : entityTypes) {
-                        Set<String> entityUris = PolicyLoader.getInstance().getDataSetValues(ao, aot, newRole);
-                        for (String entityUri : entityUris) {
-                            EntityPolicyController.getDataValueStatements(entityUri, aot, ao,
-                                    Collections.singleton(newRole), removals);
-                        }
-                    }
-                }
-            }
+            getRoleStatementsToRemove(newRole);
         }
         return removals;
     }
 
+    private void getRoleStatementsToRemove(String role) {
+        for (String operation : armOperations) {
+            OperationGroup og = operationMap.get(operation);
+            getRoleOpGroupStatementsToRemove(role, og);
+        }
+    }
+
+    private void getRoleOpGroupStatementsToRemove(String role, OperationGroup og) {
+        for (AccessOperation ao : OperationGroup.getOperations(og)) {
+            getRoleOperationStatementsToRemove(role, ao);
+        }
+    }
+
+    private void getRoleOperationStatementsToRemove(String role, AccessOperation ao) {
+        for (AccessObjectType aot : entityTypes) {
+            getRoleOperationObjectTypedStatementsToRemove(role, ao, aot);
+        }
+    }
+
+    private void getRoleOperationObjectTypedStatementsToRemove(String role, AccessOperation ao, AccessObjectType aot) {
+        Set<String> entityUris = PolicyLoader.getInstance().getDataSetValues(ao, aot, role);
+        for (String entityUri : entityUris) {
+            EntityPolicyController.getDataValueStatements(entityUri, aot, ao, Collections.singleton(role), removals);
+        }
+    }
+
     private Set<String> getFauxByBase(String baseUri) {
         Set<String> entities = new HashSet<>();
         String queryText = getQueryText(AccessObjectType.FAUX_OBJECT_PROPERTY);
@@ -154,51 +169,67 @@ private Set<String> getFauxByBase(String baseUri) {
         return entities;
     }
 
-    protected void collectAdditions(Map<AccessObjectType, Set<String>> entityTypeMap, StringBuilder additions) {
-
+    protected void collectAdditions(Map<AccessObjectType, Set<String>> entityTypeMap) {
         for (String role : roleMap.keySet()) {
             String newRole = roleMap.get(role);
-            for (String operation : armOperations) {
-                String permissionUri = getArmPermissionSubject(operation, role);
-                Set<String> armEntities = getArmEntites(permissionUri);
-                OperationGroup og = operationMap.get(operation);
-                Set<String> addFauxOP = new HashSet<>();
-                Set<String> addFauxDP = new HashSet<>();
-                for (AccessObjectType type : entityTypes) {
-                    Set<String> allTypeEntitities = entityTypeMap.get(type);
-                    HashSet<String> intersectionEntities = new HashSet<>(armEntities);
-                    intersectionEntities.retainAll(allTypeEntitities);
-
-                    // Workaround for ARM behavior
-                    if (AccessObjectType.OBJECT_PROPERTY.equals(type)) {
-                        // find all faux object properties for each of base property from entityUri set
-                        // and add to the list of additional faux object properties
-                        for (String entity : intersectionEntities) {
-                            Set<String> faux = getFauxByBase(entity);
-                            addFauxOP.addAll(faux);
-                        }
-                    }
-                    if (AccessObjectType.DATA_PROPERTY.equals(type)) {
-                        // find all faux data properties for each of base property from entityUri set
-                        // and add to the list of additional faux data properties
-                        for (String entity : intersectionEntities) {
-                            Set<String> faux = getFauxByBase(entity);
-                            addFauxDP.addAll(faux);
-                        }
-                    }
-                    if (AccessObjectType.FAUX_OBJECT_PROPERTY.equals(type)) {
-                        intersectionEntities.addAll(addFauxOP);
-                    }
-                    if (AccessObjectType.FAUX_DATA_PROPERTY.equals(type)) {
-                        intersectionEntities.addAll(addFauxDP);
-                    }
-                    for (AccessOperation ao : OperationGroup.getOperations(og)) {
-                        for (String entityUri : intersectionEntities) {
-                            EntityPolicyController.getDataValueStatements(entityUri, type, ao,
-                                    Collections.singleton(newRole), additions);
-                        }
-                    }
-                }
+            getRoleStatementsToAdd(entityTypeMap, role, newRole);
+        }
+    }
+
+    private void getRoleStatementsToAdd(Map<AccessObjectType, Set<String>> entityTypeMap, String role, String newRole) {
+        for (String operation : armOperations) {
+            getRoleOperationStatementsToAdd(entityTypeMap, role, newRole, operation);
+        }
+    }
+
+    private void getRoleOperationStatementsToAdd(Map<AccessObjectType, Set<String>> entityTypeMap, String role,
+            String newRole, String operation) {
+        String permissionUri = getArmPermissionSubject(operation, role);
+        Set<String> armEntities = getArmEntites(permissionUri);
+        OperationGroup og = operationMap.get(operation);
+        Set<String> addFauxOP = new HashSet<>();
+        Set<String> addFauxDP = new HashSet<>();
+        for (AccessObjectType type : entityTypes) {
+            getRoleOperationObjectTypedStatementsToAdd(entityTypeMap, role, newRole, armEntities, og, addFauxOP,
+                    addFauxDP, type);
+        }
+    }
+
+    private void getRoleOperationObjectTypedStatementsToAdd(Map<AccessObjectType, Set<String>> entityTypeMap,
+            String role, String newRole, Set<String> armEntities, OperationGroup og, Set<String> addFauxOP,
+            Set<String> addFauxDP, AccessObjectType type) {
+        Set<String> allTypeEntitities = entityTypeMap.get(type);
+        HashSet<String> intersectionEntities = new HashSet<>(armEntities);
+        intersectionEntities.retainAll(allTypeEntitities);
+
+        // Workaround for ARM behavior
+        if (AccessObjectType.OBJECT_PROPERTY.equals(type)) {
+            // find all faux object properties for each of base property from entityUri set
+            // and add to the list of additional faux object properties
+            for (String entity : intersectionEntities) {
+                Set<String> faux = getFauxByBase(entity);
+                addFauxOP.addAll(faux);
+            }
+        }
+        if (AccessObjectType.DATA_PROPERTY.equals(type)) {
+            // find all faux data properties for each of base property from entityUri set
+            // and add to the list of additional faux data properties
+            for (String entity : intersectionEntities) {
+                Set<String> faux = getFauxByBase(entity);
+                addFauxDP.addAll(faux);
+            }
+        }
+        if (AccessObjectType.FAUX_OBJECT_PROPERTY.equals(type)) {
+            intersectionEntities.addAll(addFauxOP);
+        }
+        if (AccessObjectType.FAUX_DATA_PROPERTY.equals(type)) {
+            intersectionEntities.addAll(addFauxDP);
+        }
+        for (AccessOperation ao : OperationGroup.getOperations(og)) {
+            for (String entityUri : intersectionEntities) {
+                log.info(String.format("Allow %s role to %s %s entity <%s>", role, ao, type, entityUri));
+                EntityPolicyController.getDataValueStatements(entityUri, type, ao, Collections.singleton(newRole),
+                        additions);
             }
         }
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 0469441199..23b2e9a613 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -77,6 +77,8 @@ public void contextInitialized(ServletContextEvent sce) {
         convertAuthorizationConfiguration();
         log.info("Finished authorization configuration update");
         ss.info(this, secondsSince(begin) + " seconds to migrate auth models");
+        log.info("Reload all policies after migration");
+        PolicyLoader.getInstance().loadPolicies();
     }
 
     protected void initialize(RDFService content, RDFService configuration) {
@@ -85,8 +87,10 @@ protected void initialize(RDFService content, RDFService configuration) {
     }
 
     protected void convertAuthorizationConfiguration() {
-        if (isArmConfiguration()) {
-            migrateArmConfiguration();
+        OntModel userAccountsModel = modelAccess.getOntModelSelector().getUserAccountsModel();
+        ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService, userAccountsModel);
+        if (armMigrator.isArmConfiguation()) {
+            armMigrator.migrateConfiguration();
         } else {
             migrateAnnotationConfiguation();
         }
@@ -101,12 +105,6 @@ private void migrateSimplePermissions() {
         spm.migrateConfiguration();
     }
 
-    private void migrateArmConfiguration() {
-        OntModel userAccountsModel = modelAccess.getOntModelSelector().getUserAccountsModel();
-        ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService, userAccountsModel);
-        armMigrator.migrateConfiguration();
-    }
-
     private void migrateAnnotationConfiguation() {
         AnnotationMigrator annotationMigrator = new AnnotationMigrator(contentRdfService, configurationRdfService);
         annotationMigrator.migrateConfiguration();
@@ -119,12 +117,6 @@ private boolean isMigrationRequired() {
         return false;
     }
 
-    private boolean isArmConfiguration() {
-        OntModel userAccountsModel = modelAccess.getOntModelSelector().getUserAccountsModel();
-        ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService, userAccountsModel);
-        return armMigrator.isArmConfiguation();
-    }
-
     protected long getVersion() {
         long version = 0L;
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index 34e7ab2a75..eab7dbdc24 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -114,9 +114,8 @@ public void migrateConfigurationTest() {
         // addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.UPDATE, CLASS_URI);
 
         Map<AccessObjectType, Set<String>> entityTypeMap = armMigrator.getEntityMap();
-        StringBuilder additions = new StringBuilder();
-        armMigrator.collectAdditions(entityTypeMap, additions);
-        String stringResult = additions.toString();
+        armMigrator.collectAdditions(entityTypeMap);
+        String stringResult = armMigrator.additions.toString();
         assertFalse(stringResult.isEmpty());
         assertEquals(33, getCount("\n", stringResult));
         assertEquals(33, getCount(value, stringResult));

From 1306fdda34b192b4e6aa378d36cf7a14f2e299e8 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 1 Nov 2023 15:49:19 +0100
Subject: [PATCH 087/148] fixed wrong type of attribute value

---
 .../rdf/accessControl/firsttime/profile_proximity_query.n3      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3 b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
index 7bb3c3761b..8fe1eb2f73 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
@@ -3,7 +3,7 @@
 @prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-access-individual:PersonProfileProximityToResourceUri a access:ValueContainer ;
+access-individual:PersonProfileProximityToResourceUri a access:AttributeValue ;
     access:id """
     SELECT ?resourceUri WHERE {
         {

From 3e4b9cce5c1cc0baa6f1664bc7c84d137f1db2bf Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 1 Nov 2023 17:45:05 +0100
Subject: [PATCH 088/148] Added access control ontology

---
 .../vitro-access-control-ontology.n3          | 197 ++++++++++++++++++
 1 file changed, 197 insertions(+)
 create mode 100644 home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3

diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
new file mode 100644
index 0000000000..e87f104e1f
--- /dev/null
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -0,0 +1,197 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+### Ontology
+
+<https://vivoweb.org/ontology/vitro-application/auth/vocabulary> a owl:Ontology .
+
+### Classes
+
+access:PolicyTemplate a owl:Class ;
+    rdfs:label "Policy template"@en-US .
+
+access:Policy a owl:Class ;
+    rdfs:label "Policy"@en-US .
+
+access:PolicyDataSet a owl:Class ;
+    rdfs:label "Policy dataset"@en-US .
+
+access:ValueContainer a owl:Class ;
+    rdfs:label "Value container"@en-US .
+
+access:Rule a owl:Class ;
+    rdfs:label "Access rule"@en-US .
+
+access:Rules a owl:Class ;
+    rdfs:label "Access rule set"@en-US .
+
+access:Check a owl:Class ;
+    rdfs:label "Access rule check"@en-US .
+
+access:Operator a owl:Class ;
+    rdfs:label "Operator"@en-US .
+
+access:Operation a owl:Class ;
+    rdfs:label "Operation"@en-US .
+
+access:ObjectType a owl:Class ;
+    rdfs:label "Object type"@en-US .
+
+access:SubjectType a owl:Class ;
+    rdfs:label "Subject type"@en-US .
+
+access:Attribute a owl:Class ;
+    rdfs:label "Attribute"@en-US .
+
+access:AttributeValue a owl:Class ;
+    rdfs:label "Attribute value"@en-US .
+
+access:Decision a owl:Class ;
+    rdfs:label "Decision"@en-US .
+
+access:DataSetTemplate a owl:Class ;
+    rdfs:label "Data set template"@en-US .
+
+access:DataSetTemplateKey a owl:Class ;
+    rdfs:label "Data set template key"@en-US .
+
+access:DataSetKeyTemplate a owl:Class ;
+    rdfs:label "Data set key template"@en-US .
+
+access:ValueContainerTemplate a owl:Class ;
+    rdfs:label "Value container template"@en-US .
+
+### Data properties
+
+access:id a owl:DatatypeProperty ,
+    owl:FunctionalProperty ;
+    rdfs:range xsd:string ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( access:Operator access:Operation access:Decision access:AttributeValue access:SubjectType access:Attribute access:ObjectType ) ] ;
+    rdfs:label "id"@en-US .
+
+access:priority a owl:DatatypeProperty ,
+    owl:FunctionalProperty ;
+    rdfs:range xsd:integer ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( access:Policy access:PolicyTemplate access:PolicyDataSet ) ] ;
+    rdfs:label "priority"@en-US . 
+
+### Object properties
+
+access:dataSetValues a owl:ObjectProperty ;
+    rdfs:label "data set values"@en-US ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( access:DataSetTemplate access:PolicyDataSet ) ] ;
+    rdfs:range access:ValueContainer .
+
+access:value a owl:ObjectProperty ;
+    rdfs:label "value"@en-US ;
+    rdfs:domain access:ValueContainer .
+#range any uri
+
+access:operator a owl:ObjectProperty ;
+    rdfs:label "operator"@en-US ;
+    rdfs:domain access:Check ;
+    rdfs:range access:Operator .
+
+access:attribute  a owl:ObjectProperty ;
+    rdfs:label "attribute"@en-US ;
+    rdfs:domain access:Check ;
+    rdfs:range access:Attribute .
+
+access:values a owl:ObjectProperty ;
+    rdfs:label "values"@en-US ;
+    rdfs:domain access:Check ;
+    rdfs:range access:AttributeValueSet .
+
+access:defaultValue a owl:ObjectProperty ;
+    rdfs:label "default template value"@en-US ;
+    rdfs:domain access:ValueContainerTemplate .
+
+access:containerTypeTemplate a owl:ObjectProperty ,
+    owl:FunctionalProperty ;
+    rdfs:label "container type template"@en-US ;
+    rdfs:range access:Attribute ;
+    rdfs:domain access:ValueContainerTemplate .
+
+access:relatedValueSet a owl:ObjectProperty ;
+    rdfs:label "related value set"@en-US ;
+    rdfs:domain access:ValueContainerTemplate ;
+    rdfs:range access:AttributeValueSet .
+
+access:dataSetTemplateKey a owl:ObjectProperty ;
+    rdfs:label "data set template key"@en-US ;
+    rdfs:domain access:DataSetTemplate ;
+    rdfs:range access:DataSetTemplateKey .
+
+access:dataSetValueTemplate a owl:ObjectProperty ;
+    rdfs:label "data set value template"@en-US ;
+    rdfs:domain access:DataSetTemplate ;
+    rdfs:range access:ValueContainerTemplate .
+
+access:templateKey a owl:ObjectProperty ;
+    rdfs:label "template key"@en-US ;
+    rdfs:domain access:DataSetTemplateKey ;
+    rdfs:range access:Attribute .
+
+access:check a owl:ObjectProperty ;
+    rdfs:label "check"@en-US ;
+    rdfs:domain access:Rule ;
+    rdfs:range access:Check .
+
+access:decision a owl:ObjectProperty ;
+    rdfs:label "decision"@en-US ;
+    rdfs:domain access:Rule ;
+    rdfs:range access:Decision .    
+
+access:rules a owl:ObjectProperty ;
+    rdfs:label "rules"@en-US ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( access:Policy access:PolicyTemplate ) ] ;
+    rdfs:range access:Rules .
+
+access:policyDataSets a owl:ObjectProperty ;
+    rdfs:label "policy data sets"@en-US ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( access:Policy access:PolicyTemplate ) ] ;
+    rdfs:range access:PolicyDataSets .
+
+access:policyDataSet a owl:ObjectProperty ;
+    rdfs:label "policy data set"@en-US ;
+    rdfs:domain access:PolicyDataSets ;
+    rdfs:range access:PolicyDataSet .
+
+access:containerType a owl:ObjectProperty ;
+    rdfs:label "container type"@en-US ;
+    rdfs:domain access:ValueContainer ;
+    rdfs:range access:Attribute .
+
+access:singleValue a owl:ObjectProperty ;
+    rdfs:label "single value"@en-US ;
+    rdfs:domain access:Check .
+#range any uri
+
+access:rule a owl:ObjectProperty ;
+    rdfs:label "rule"@en-US ;
+    rdfs:domain access:Rules ;
+    rdfs:range access:Rule .
+
+access:dataSetKey a owl:ObjectProperty ;
+    rdfs:label "data set key"@en-US ;
+    rdfs:domain access:PolicyDataSet ;
+    rdfs:range access:DataSetKey .
+
+access:dataSetKeyTemplate a owl:ObjectProperty ;
+    rdfs:label "data set key template"@en-US ;
+    rdfs:domain access:DataSetTemplate ;
+    rdfs:range access:DataSetKeyTemplate .
+
+access:policyDataSetTemplate a owl:ObjectProperty ;
+    rdfs:label "policy data set template"@en-US ;
+    rdfs:domain access:PolicyDataSets ;
+    rdfs:range access:DataSetTemplate .
+
+access:keyComponent a owl:ObjectProperty ;
+    rdfs:domain [ a owl:Class ; owl:unionOf ( access:DataSetKeyTemplate access:DataSetKey ) ] ;
+    rdfs:label "key component"@en-US .
+#range any uri

From 8137aeca0e2eb47cde6478ea0cdaf23143ac38bf Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 2 Nov 2023 08:37:31 +0100
Subject: [PATCH 089/148] added missed class and object property to access
 control ontology

---
 .../rdf/tbox/firsttime/vitro-access-control-ontology.n3   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index e87f104e1f..f41f23b4a6 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -50,6 +50,9 @@ access:Attribute a owl:Class ;
 access:AttributeValue a owl:Class ;
     rdfs:label "Attribute value"@en-US .
 
+access:AttributeValueSet a owl:Class ;
+    rdfs:label "Attribute value set"@en-US .
+
 access:Decision a owl:Class ;
     rdfs:label "Decision"@en-US .
 
@@ -116,6 +119,11 @@ access:containerTypeTemplate a owl:ObjectProperty ,
     rdfs:range access:Attribute ;
     rdfs:domain access:ValueContainerTemplate .
 
+access:attributeValue a owl:ObjectProperty ;
+    rdfs:label "attribute value"@en-US ;
+    rdfs:domain access:AttributeValueSet ;
+    rdfs:range access:AttributeValue .
+
 access:relatedValueSet a owl:ObjectProperty ;
     rdfs:label "related value set"@en-US ;
     rdfs:domain access:ValueContainerTemplate ;

From d8c1d39b11b255c4bd6a9e836580ebd237a88849 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 2 Nov 2023 08:42:06 +0100
Subject: [PATCH 090/148] fix for prev commit

---
 .../rdf/tbox/firsttime/vitro-access-control-ontology.n3         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index f41f23b4a6..1058fee821 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -122,7 +122,7 @@ access:containerTypeTemplate a owl:ObjectProperty ,
 access:attributeValue a owl:ObjectProperty ;
     rdfs:label "attribute value"@en-US ;
     rdfs:domain access:AttributeValueSet ;
-    rdfs:range access:AttributeValue .
+    rdfs:range access:ValueContainer .
 
 access:relatedValueSet a owl:ObjectProperty ;
     rdfs:label "related value set"@en-US ;

From 47907edbf06c7889018472fc9aa2f8850045df79 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 3 Nov 2023 18:58:44 +0100
Subject: [PATCH 091/148] Added comments for ontology

---
 .../vitro-access-control-ontology.n3          | 233 +++++++++++-------
 1 file changed, 138 insertions(+), 95 deletions(-)

diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 1058fee821..b6319cb840 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -3,7 +3,7 @@
 @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
 @prefix owl: <http://www.w3.org/2002/07/owl#> .
 @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 ### Ontology
 
@@ -11,195 +11,238 @@
 
 ### Classes
 
-access:PolicyTemplate a owl:Class ;
+:PolicyTemplate a owl:Class ;
+    rdfs:comment "Policy template to define set of rules that can be reused by data sets" ; 
     rdfs:label "Policy template"@en-US .
 
-access:Policy a owl:Class ;
+:Policy a owl:Class ;
+    rdfs:comment "Policy to define access rules" ; 
     rdfs:label "Policy"@en-US .
 
-access:PolicyDataSet a owl:Class ;
+:PolicyDataSet a owl:Class ;
+    rdfs:comment "Data set to load policy instance with values defined in it. Contains value containers used by checks. While loading policy from data set value containers not specified in current data set are ignored (not used by checks)." ;
     rdfs:label "Policy dataset"@en-US .
 
-access:ValueContainer a owl:Class ;
+:ValueContainer a owl:Class ;
+    rdfs:comment "Container for values" ; 
     rdfs:label "Value container"@en-US .
 
-access:Rule a owl:Class ;
+:Rule a owl:Class ;
+    rdfs:comment "Contains checks to perform. If all checks match, rule returns decision.";
     rdfs:label "Access rule"@en-US .
 
-access:Rules a owl:Class ;
+:Rules a owl:Class ;
+    rdfs:comment "Container for rules";
     rdfs:label "Access rule set"@en-US .
 
-access:Check a owl:Class ;
+:Check a owl:Class ;
+    rdfs:comment "Check to perform on attribute of request";
     rdfs:label "Access rule check"@en-US .
 
-access:Operator a owl:Class ;
+:Operator a owl:Class ;
+    rdfs:comment "Operator to use in check";
     rdfs:label "Operator"@en-US .
 
-access:Operation a owl:Class ;
+:Operation a owl:Class ;
+    rdfs:comment "Access operation";
     rdfs:label "Operation"@en-US .
 
-access:ObjectType a owl:Class ;
+:ObjectType a owl:Class ;
+    rdfs:comment "Type of access object";
     rdfs:label "Object type"@en-US .
 
-access:SubjectType a owl:Class ;
+:SubjectType a owl:Class ;
+    rdfs:comment "Type of subject(user, non-personal entity) requested access";
     rdfs:label "Subject type"@en-US .
 
-access:Attribute a owl:Class ;
+:Attribute a owl:Class ;
+    rdfs:comment "Attribute to check";
     rdfs:label "Attribute"@en-US .
 
-access:AttributeValue a owl:Class ;
+:AttributeValue a owl:Class ;
+    rdfs:comment "Resource represents single attribute value, usually specified as literal with :id ";
     rdfs:label "Attribute value"@en-US .
 
-access:AttributeValueSet a owl:Class ;
+:AttributeValueSet a owl:Class ;
+    rdfs:comment "Container of attribute values to use in checks, should contain all value containers related to the check.";
     rdfs:label "Attribute value set"@en-US .
 
-access:Decision a owl:Class ;
+:Decision a owl:Class ;
+    rdfs:comment "Decision to return in case all checks in a rule match";
     rdfs:label "Decision"@en-US .
 
-access:DataSetTemplate a owl:Class ;
+:DataSetTemplate a owl:Class ;
+    rdfs:comment "Data set template to create new data set: specify new value containers and add them into attribute value sets, create new data set key. Data set template should contain it's own key to be found and used. For example on new role creation new data sets for new role should be created, template key for that example would be access-individual:SubjectRole";
     rdfs:label "Data set template"@en-US .
 
-access:DataSetTemplateKey a owl:Class ;
+:DataSetTemplateKey a owl:Class ;
+    rdfs:comment "Key to find template";
     rdfs:label "Data set template key"@en-US .
 
-access:DataSetKeyTemplate a owl:Class ;
+:DataSetKeyTemplate a owl:Class ;
+    rdfs:comment "Template of data set key to find data set";
     rdfs:label "Data set key template"@en-US .
 
-access:ValueContainerTemplate a owl:Class ;
+:ValueContainerTemplate a owl:Class ;
+    rdfs:comment "Template to create new value container from";
     rdfs:label "Value container template"@en-US .
 
 ### Data properties
 
-access:id a owl:DatatypeProperty ,
+:id a owl:DatatypeProperty ,
     owl:FunctionalProperty ;
+    rdfs:comment "Set string identifier";
     rdfs:range xsd:string ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( access:Operator access:Operation access:Decision access:AttributeValue access:SubjectType access:Attribute access:ObjectType ) ] ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Operator :Operation :Decision :AttributeValue :SubjectType :Attribute :ObjectType ) ] ;
     rdfs:label "id"@en-US .
 
-access:priority a owl:DatatypeProperty ,
+:priority a owl:DatatypeProperty ,
     owl:FunctionalProperty ;
+    rdfs:comment "Set priority to :Policy, :PolicyTemplate or :PolicyDataSet";
     rdfs:range xsd:integer ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( access:Policy access:PolicyTemplate access:PolicyDataSet ) ] ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Policy :PolicyTemplate :PolicyDataSet ) ] ;
     rdfs:label "priority"@en-US . 
 
 ### Object properties
 
-access:dataSetValues a owl:ObjectProperty ;
+:dataSetValues a owl:ObjectProperty ;
+    rdfs:comment "Data set/data set template contains value container";
     rdfs:label "data set values"@en-US ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( access:DataSetTemplate access:PolicyDataSet ) ] ;
-    rdfs:range access:ValueContainer .
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :DataSetTemplate :PolicyDataSet ) ] ;
+    rdfs:range :ValueContainer .
 
-access:value a owl:ObjectProperty ;
+:value a owl:ObjectProperty ;
+    rdfs:comment "Assign value to value container (any URI or :AttributeValue with :id to define literal value)";
     rdfs:label "value"@en-US ;
-    rdfs:domain access:ValueContainer .
-#range any uri
+    rdfs:domain :ValueContainer .
 
-access:operator a owl:ObjectProperty ;
+:operator a owl:ObjectProperty ;
+    rdfs:comment "Set type of check to perform";
     rdfs:label "operator"@en-US ;
-    rdfs:domain access:Check ;
-    rdfs:range access:Operator .
+    rdfs:domain :Check ;
+    rdfs:range :Operator .
 
-access:attribute  a owl:ObjectProperty ;
+:attribute a owl:ObjectProperty ;
+    rdfs:comment "Set attribute that should be checked";
     rdfs:label "attribute"@en-US ;
-    rdfs:domain access:Check ;
-    rdfs:range access:Attribute .
+    rdfs:domain :Check ;
+    rdfs:range :Attribute .
 
-access:values a owl:ObjectProperty ;
+:values a owl:ObjectProperty ;
+    rdfs:comment "Assign values to :Check";
     rdfs:label "values"@en-US ;
-    rdfs:domain access:Check ;
-    rdfs:range access:AttributeValueSet .
+    rdfs:domain :Check ;
+    rdfs:range :AttributeValueSet .
 
-access:defaultValue a owl:ObjectProperty ;
+:defaultValue a owl:ObjectProperty ;
+    rdfs:comment "default value to add into new value container";
     rdfs:label "default template value"@en-US ;
-    rdfs:domain access:ValueContainerTemplate .
+    rdfs:domain :ValueContainerTemplate .
 
-access:containerTypeTemplate a owl:ObjectProperty ,
+:containerTypeTemplate a owl:ObjectProperty ,
     owl:FunctionalProperty ;
+    rdfs:comment "Type of values for new value container";
     rdfs:label "container type template"@en-US ;
-    rdfs:range access:Attribute ;
-    rdfs:domain access:ValueContainerTemplate .
+    rdfs:range :Attribute ;
+    rdfs:domain :ValueContainerTemplate .
 
-access:attributeValue a owl:ObjectProperty ;
+:attributeValue a owl:ObjectProperty ;
+    rdfs:comment "Value set contains value container";
     rdfs:label "attribute value"@en-US ;
-    rdfs:domain access:AttributeValueSet ;
-    rdfs:range access:ValueContainer .
+    rdfs:domain :AttributeValueSet ;
+    rdfs:range :ValueContainer .
 
-access:relatedValueSet a owl:ObjectProperty ;
+:relatedValueSet a owl:ObjectProperty ;
+    rdfs:comment "Specify :AttributeValueSet into which new ValueContainer should be added";
     rdfs:label "related value set"@en-US ;
-    rdfs:domain access:ValueContainerTemplate ;
-    rdfs:range access:AttributeValueSet .
+    rdfs:domain :ValueContainerTemplate ;
+    rdfs:range :AttributeValueSet .
 
-access:dataSetTemplateKey a owl:ObjectProperty ;
+:dataSetTemplateKey a owl:ObjectProperty, 
+    owl:FunctionalProperty ;
+    rdfs:comment "Specify data set template key";
     rdfs:label "data set template key"@en-US ;
-    rdfs:domain access:DataSetTemplate ;
-    rdfs:range access:DataSetTemplateKey .
+    rdfs:domain :DataSetTemplate ;
+    rdfs:range :DataSetTemplateKey .
 
-access:dataSetValueTemplate a owl:ObjectProperty ;
+:dataSetValueTemplate a owl:ObjectProperty ;
+    rdfs:comment "Contains value container template";
     rdfs:label "data set value template"@en-US ;
-    rdfs:domain access:DataSetTemplate ;
-    rdfs:range access:ValueContainerTemplate .
+    rdfs:domain :DataSetTemplate ;
+    rdfs:range :ValueContainerTemplate .
 
-access:templateKey a owl:ObjectProperty ;
+:templateKey a owl:ObjectProperty ;
+    rdfs:comment "Attribute to use as a template key";
     rdfs:label "template key"@en-US ;
-    rdfs:domain access:DataSetTemplateKey ;
-    rdfs:range access:Attribute .
+    rdfs:domain :DataSetTemplateKey ;
+    rdfs:range :Attribute .
 
-access:check a owl:ObjectProperty ;
+:check a owl:ObjectProperty ;
+    rdfs:comment "contains check";
     rdfs:label "check"@en-US ;
-    rdfs:domain access:Rule ;
-    rdfs:range access:Check .
+    rdfs:domain :Rule ;
+    rdfs:range :Check .
 
-access:decision a owl:ObjectProperty ;
+:decision a owl:ObjectProperty ;
+    rdfs:comment "Decision to return in case of all checks match";
     rdfs:label "decision"@en-US ;
-    rdfs:domain access:Rule ;
-    rdfs:range access:Decision .    
+    rdfs:domain :Rule ;
+    rdfs:range :Decision .    
 
-access:rules a owl:ObjectProperty ;
+:rules a owl:ObjectProperty ;
+    rdfs:comment "Contains rules";
     rdfs:label "rules"@en-US ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( access:Policy access:PolicyTemplate ) ] ;
-    rdfs:range access:Rules .
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Policy :PolicyTemplate ) ] ;
+    rdfs:range :Rules .
 
-access:policyDataSets a owl:ObjectProperty ;
+:policyDataSets a owl:ObjectProperty ;
+    rdfs:comment "Contains policy data sets";
     rdfs:label "policy data sets"@en-US ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( access:Policy access:PolicyTemplate ) ] ;
-    rdfs:range access:PolicyDataSets .
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Policy :PolicyTemplate ) ] ;
+    rdfs:range :PolicyDataSets .
 
-access:policyDataSet a owl:ObjectProperty ;
+:policyDataSet a owl:ObjectProperty ;
+    rdfs:comment "Data sets container contain data set";
     rdfs:label "policy data set"@en-US ;
-    rdfs:domain access:PolicyDataSets ;
-    rdfs:range access:PolicyDataSet .
+    rdfs:domain :PolicyDataSets ;
+    rdfs:range :PolicyDataSet .
 
-access:containerType a owl:ObjectProperty ;
+:containerType a owl:ObjectProperty ;
+    rdfs:comment "Specifies type of container values";
     rdfs:label "container type"@en-US ;
-    rdfs:domain access:ValueContainer ;
-    rdfs:range access:Attribute .
+    rdfs:domain :ValueContainer ;
+    rdfs:range :Attribute .
 
-access:singleValue a owl:ObjectProperty ;
+:singleValue a owl:ObjectProperty ;
+    rdfs:comment "Contains single value to check";
     rdfs:label "single value"@en-US ;
-    rdfs:domain access:Check .
-#range any uri
+    rdfs:domain :Check .
 
-access:rule a owl:ObjectProperty ;
+:rule a owl:ObjectProperty ;
+    rdfs:comment "Contains a rule";
     rdfs:label "rule"@en-US ;
-    rdfs:domain access:Rules ;
-    rdfs:range access:Rule .
+    rdfs:domain :Rules ;
+    rdfs:range :Rule .
 
-access:dataSetKey a owl:ObjectProperty ;
+:dataSetKey a owl:ObjectProperty ;
+    rdfs:comment "Assign data set template to policy data sets";
     rdfs:label "data set key"@en-US ;
-    rdfs:domain access:PolicyDataSet ;
-    rdfs:range access:DataSetKey .
+    rdfs:domain :PolicyDataSet ;
+    rdfs:range :DataSetKey .
 
-access:dataSetKeyTemplate a owl:ObjectProperty ;
+:dataSetKeyTemplate a owl:ObjectProperty ;
+    rdfs:comment "Assign data set key template to data set template";
     rdfs:label "data set key template"@en-US ;
-    rdfs:domain access:DataSetTemplate ;
-    rdfs:range access:DataSetKeyTemplate .
+    rdfs:domain :DataSetTemplate ;
+    rdfs:range :DataSetKeyTemplate .
 
-access:policyDataSetTemplate a owl:ObjectProperty ;
+:policyDataSetTemplate a owl:ObjectProperty ;
+    rdfs:comment "Assign data set template to policy data sets";
     rdfs:label "policy data set template"@en-US ;
-    rdfs:domain access:PolicyDataSets ;
-    rdfs:range access:DataSetTemplate .
+    rdfs:domain :PolicyDataSets ;
+    rdfs:range :DataSetTemplate .
 
-access:keyComponent a owl:ObjectProperty ;
-    rdfs:domain [ a owl:Class ; owl:unionOf ( access:DataSetKeyTemplate access:DataSetKey ) ] ;
+:keyComponent a owl:ObjectProperty ;
+    rdfs:comment "Specify component of combined key";
+    rdfs:domain [ a owl:Class ; owl:unionOf ( :DataSetKeyTemplate :DataSetKey ) ] ;
     rdfs:label "key component"@en-US .
-#range any uri

From 39fddde8d4359b8060120d686194e468d959b096 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 6 Nov 2023 08:44:09 +0100
Subject: [PATCH 092/148] removed redundant access modifiers

---
 .../attributes/AttributeValueContainer.java   | 24 +++++++++----------
 .../auth/attributes/AttributeValues.java      |  6 ++---
 .../vitro/webapp/auth/checks/Check.java       | 18 +++++++-------
 .../vitro/webapp/auth/policy/Policies.java    | 11 +++++----
 .../webapp/auth/policy/ifaces/Policy.java     |  9 +++----
 .../auth/policy/ifaces/PolicyDecision.java    | 17 +++++++------
 .../vitro/webapp/auth/rules/AccessRule.java   | 24 +++++++++----------
 7 files changed, 57 insertions(+), 52 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainer.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainer.java
index d625cc21e9..c05089096e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainer.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainer.java
@@ -2,28 +2,28 @@
 
 public interface AttributeValueContainer {
 
-    public void add(String value);
+    void add(String value);
 
-    public void remove(String value);
+    void remove(String value);
 
-    public void clear();
+    void clear();
 
-    public boolean contains(String value);
+    boolean contains(String value);
 
-    public boolean containsSingleValue();
+    boolean containsSingleValue();
 
-    public String getSingleValue();
+    String getSingleValue();
 
-    public boolean isEmpty();
+    boolean isEmpty();
 
-    public void setContainerUri(String containerUri);
+    void setContainerUri(String containerUri);
 
-    public String getContainerUri();
+    String getContainerUri();
 
-    public void setType(String containerType);
+    void setType(String containerType);
 
-    public void setDataSetUri(String dataSetUri);
+    void setDataSetUri(String dataSetUri);
 
-    public void setKey(AttributeValueKey key);
+    void setKey(AttributeValueKey key);
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValues.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValues.java
index d5e550ed72..31204c441d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValues.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValues.java
@@ -2,10 +2,10 @@
 
 public interface AttributeValues {
 
-    public AttributeValueContainer get(AttributeValueKey key);
+    AttributeValueContainer get(AttributeValueKey key);
 
-    public void put(AttributeValueKey key, AttributeValueContainer values);
+    void put(AttributeValueKey key, AttributeValueContainer values);
 
-    public void clear();
+    void clear();
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/Check.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/Check.java
index dfa5c334c9..522f676828 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/Check.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/Check.java
@@ -8,22 +8,22 @@
 
 public interface Check {
 
-    public void setUri(String uri);
+    void setUri(String uri);
 
-    public String getUri();
+    String getUri();
 
-    public boolean check(AuthorizationRequest ar);
+    boolean check(AuthorizationRequest ar);
 
-    public Attribute getAttributeType();
+    Attribute getAttributeType();
 
-    public CheckType getType();
+    CheckType getType();
 
-    public AttributeValueContainer getValues();
+    AttributeValueContainer getValues();
 
-    public void addValue(String value);
+    void addValue(String value);
 
-    public void setType(CheckType valueOf);
+    void setType(CheckType valueOf);
 
-    public long getComputationalCost();
+    long getComputationalCost();
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
index cdb6096599..ba0b8f04d0 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
@@ -8,15 +8,16 @@
 
 public interface Policies {
 
-    public List<Policy> getList();
+    List<Policy> getList();
 
-    public boolean contains(Policy policy);
+    boolean contains(Policy policy);
 
-    public void add(Policy policy);
+    void add(Policy policy);
 
-    public long size();
+    long size();
 
-    public void clear();
+    void clear();
 
     void remove(String policyUri);
+
 }
\ No newline at end of file
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java
index a943c398d3..159bf85455 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Policy.java
@@ -12,17 +12,18 @@
  *
  */
 public interface Policy {
-    public PolicyDecision decide(AuthorizationRequest ar);
 
-    public default String getUri() {
+    PolicyDecision decide(AuthorizationRequest ar);
+
+    default String getUri() {
         return "";
     }
 
-    public default long getPriority() {
+    default long getPriority() {
         return 0;
     }
 
-    public default String getShortUri() {
+    default String getShortUri() {
         return "";
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyDecision.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyDecision.java
index 93ad098963..c7a93fbed6 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyDecision.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyDecision.java
@@ -3,14 +3,17 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces;
 
 /**
- * Object to represent a decision from a policy.  The intent is
- * that the message would be presented to users to indicate why
- * they are not authorized for some action.
+ * Object to represent a decision from a policy. The intent is that the message would be presented to users to indicate
+ * why they are not authorized for some action.
  */
 public interface PolicyDecision {
-    public DecisionResult getDecisionResult();
 
-    public String getStackTrace();
-    public String getMessage();
-    public String getDebuggingInfo();
+    DecisionResult getDecisionResult();
+
+    String getStackTrace();
+
+    String getMessage();
+
+    String getDebuggingInfo();
+
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
index 83f44e07d4..42ba614897 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRule.java
@@ -11,27 +11,27 @@
 
 public interface AccessRule {
 
-    public boolean isAllowMatched();
+    boolean isAllowMatched();
 
-    public void setAllowMatched(boolean allowMatched);
+    void setAllowMatched(boolean allowMatched);
 
-    public String getRuleUri();
+    String getRuleUri();
 
-    public void setRuleUri(String ruleUri);
+    void setRuleUri(String ruleUri);
 
-    public List<Check> getChecks();
+    List<Check> getChecks();
 
-    public boolean match(AuthorizationRequest ar);
+    boolean match(AuthorizationRequest ar);
 
-    public void addCheck(Check attr);
+    void addCheck(Check attr);
 
-    public Set<String> getCheckUris();
+    Set<String> getCheckUris();
 
-    public boolean containsCheckUri(String uri);
+    boolean containsCheckUri(String uri);
 
-    public Set<Check> getChecksByType(Attribute type);
+    Set<Check> getChecksByType(Attribute type);
 
-    public long getChecksCount();
+    long getChecksCount();
 
-    public Check getCheck(String uri);
+    Check getCheck(String uri);
 }

From 805c581559098b12cb5b39f95c264f0be27af7b9 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 6 Nov 2023 08:45:42 +0100
Subject: [PATCH 093/148] renamed variable in FileUploadController

---
 .../freemarker/FileUploadController.java      | 42 ++++++++++---------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FileUploadController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FileUploadController.java
index 8ebcaedf49..c45a8f6110 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FileUploadController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FileUploadController.java
@@ -84,26 +84,28 @@ public void init() throws ServletException {
 		setAllowedMediaTypes();
 	}
 
-	@Override
-	protected AuthorizationRequest requiredActions(VitroRequest vreq) {
-		AccessObject ra;
-		AccessOperation ao;
-		try {
-			Property predicate = new Property(getPredicateUri(vreq));
-			final OntModel jenaOntModel = vreq.getJenaOntModel();
-			final String subject = getSubjectUri(vreq);
-			if (isUpload(vreq)) {
-				ra = new ObjectPropertyStatementAccessObject(jenaOntModel, subject, predicate,AccessObject.SOME_URI);
-				ao = AccessOperation.ADD;
-			} else { // delete
-				ra = new ObjectPropertyStatementAccessObject(jenaOntModel, subject, predicate, getFileUri(vreq));
-				ao = AccessOperation.DROP;
-			}
-			return new SimpleAuthorizationRequest(ra, ao);
-		} catch (Exception e) {
-			return AuthorizationRequest.UNAUTHORIZED;
-		}
-	}
+    @Override
+    protected AuthorizationRequest requiredActions(VitroRequest vreq) {
+        AccessObject accessObject;
+        AccessOperation accessOperation;
+        try {
+            Property predicate = new Property(getPredicateUri(vreq));
+            final OntModel jenaOntModel = vreq.getJenaOntModel();
+            final String subject = getSubjectUri(vreq);
+            if (isUpload(vreq)) {
+                accessObject = new ObjectPropertyStatementAccessObject(jenaOntModel, subject, predicate,
+                        AccessObject.SOME_URI);
+                accessOperation = AccessOperation.ADD;
+            } else { // delete
+                accessObject =
+                        new ObjectPropertyStatementAccessObject(jenaOntModel, subject, predicate, getFileUri(vreq));
+                accessOperation = AccessOperation.DROP;
+            }
+            return new SimpleAuthorizationRequest(accessObject, accessOperation);
+        } catch (Exception e) {
+            return AuthorizationRequest.UNAUTHORIZED;
+        }
+    }
 
 	private String getFileUri(VitroRequest vreq) {
 		return vreq.getParameter(PARAMETER_FILE_URI);

From cdd9de82072a24e5b2b68dcf9cdf1d142268b8c6 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 6 Nov 2023 08:49:03 +0100
Subject: [PATCH 094/148] Extracted method for debug messages

---
 .../webapp/auth/policy/DynamicPolicy.java      | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
index 37d82e36cc..5f885a24be 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/DynamicPolicy.java
@@ -63,22 +63,16 @@ public PolicyDecision decide(AuthorizationRequest ar) {
             String ruleUri = shortenUri(rule.getRuleUri());
             if (rule.match(ar)) {
                 if (rule.isAllowMatched()) {
-                    if (log.isDebugEnabled()) {
-                        log.debug("Policy '" + policyUri + "' rule '" + ruleUri + "' approved request " + ar);
-                    }
+                    debug("Policy '" + policyUri + "' rule '" + ruleUri + "' approved request " + ar);
                     String message = "Policy '" + policyUri + "' rule '" + ruleUri + "' approved " + ar;
                     return new BasicPolicyDecision(DecisionResult.AUTHORIZED, message);
                 } else {
-                    if (log.isDebugEnabled()) {
-                        log.debug("Policy '" + policyUri + "' rule " + ruleUri + " rejected request " + ar);
-                    }
+                    debug("Policy '" + policyUri + "' rule " + ruleUri + " rejected request " + ar);
                     String message = "Policy '" + policyUri + "' rule '" + ruleUri + "' rejected request" + ar;
                     return new BasicPolicyDecision(DecisionResult.UNAUTHORIZED, message);
                 }
             } else {
-                if (log.isDebugEnabled()) {
-                    log.debug("Policy '" + policyUri + "' rule '" + ruleUri + "' didn't match request " + ar);
-                }
+                debug("Policy '" + policyUri + "' rule '" + ruleUri + "' didn't match request " + ar);
             }
         }
 
@@ -99,4 +93,10 @@ private static String shortenUri(String uri) {
         }
         return uri;
     }
+
+    private static void debug(String message) {
+        if (log.isDebugEnabled()) {
+            log.debug(message);
+        }
+    }
 }

From 739cc1ac12d7cb39801cbfbcfcc0ba3353047f20 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 6 Nov 2023 08:50:57 +0100
Subject: [PATCH 095/148] removed useless condition

---
 .../objects/ObjectPropertyAccessObject.java   | 20 +++++++++----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
index 8cf41c404a..caa123ecc7 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
@@ -37,17 +37,15 @@ public String toString() {
     }
 
     private void debug(ObjectProperty property) {
-        if (true) {
-            if (property instanceof FauxObjectPropertyWrapper) {
-                Throwable t = new Throwable();
-                log.error("FauxObjectPropertyWrapper provided in ObjectPropertyAccessObject constructor");
-                log.error(t, t);
-            }
-            if (property == null) {
-                Throwable t = new Throwable();
-                log.error("null provided in ObjectPropertyAccessObject constructor");
-                log.error(t, t);
-            }
+        if (property instanceof FauxObjectPropertyWrapper) {
+            Throwable t = new Throwable();
+            log.error("FauxObjectPropertyWrapper provided in ObjectPropertyAccessObject constructor");
+            log.error(t, t);
+        }
+        if (property == null) {
+            Throwable t = new Throwable();
+            log.error("null provided in ObjectPropertyAccessObject constructor");
+            log.error(t, t);
         }
     }
 }

From 8624d4d379ce6e942d97dd2dc15b98434fa33c3a Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 6 Nov 2023 09:00:16 +0100
Subject: [PATCH 096/148] Use of specific exception in CheckFactory

---
 .../mannlib/vitro/webapp/auth/checks/CheckFactory.java        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java
index e3ff9cbd6e..b29342f4f1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java
@@ -61,13 +61,13 @@ private static String getValue(QuerySolution qs) {
         }
     }
 
-
     public static void extendAttribute(Check check, QuerySolution qs) throws Exception {
         String testId = qs.getLiteral("testId").getString();
         if (CheckType.ONE_OF.toString().equals(testId) || CheckType.NOT_ONE_OF.toString().equals(testId)) {
             check.addValue(getValue(qs));
             return;
         }
-        throw new Exception();
+        throw new IllegalArgumentException(
+                String.format("Operator '%s' can't be used in combination with multiple attribute values.", testId));
     }
 }

From 5cbc15483da101bd491eb8849a9f2752cbafdfaa Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 6 Nov 2023 09:26:33 +0100
Subject: [PATCH 097/148] removed useless condition

---
 .../objects/DataPropertyAccessObject.java     | 20 +++++++++----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
index 66442aff5d..8c9414f47a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
@@ -38,17 +38,15 @@ public String toString() {
     }
 
     private void debug(DataProperty dataProperty) {
-        if (true) {
-            if (dataProperty instanceof FauxDataPropertyWrapper) {
-                Throwable t = new Throwable();
-                log.error("FauxDataPropertyWrapper provided in DataPropertyAccessObject constructor");
-                log.error(t, t);
-            }
-            if (dataProperty == null) {
-                Throwable t = new Throwable();
-                log.error("null provided in DataPropertyAccessObject constructor");
-                log.error(t, t);
-            }
+        if (dataProperty instanceof FauxDataPropertyWrapper) {
+            Throwable t = new Throwable();
+            log.error("FauxDataPropertyWrapper provided in DataPropertyAccessObject constructor");
+            log.error(t, t);
+        }
+        if (dataProperty == null) {
+            Throwable t = new Throwable();
+            log.error("null provided in DataPropertyAccessObject constructor");
+            log.error(t, t);
         }
     }
 }

From 8820608e62a9da9369c03f9469cf2c2dc6d8d840 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 6 Nov 2023 09:26:57 +0100
Subject: [PATCH 098/148] Use optionals in ValueContainerFactory

---
 .../attributes/ValueContainerFactory.java     | 48 +++++++++++--------
 1 file changed, 29 insertions(+), 19 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
index c4ca95661c..ae347f473c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
@@ -1,16 +1,17 @@
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
+import java.util.Optional;
+
 import org.apache.jena.query.QuerySolution;
 
 public class ValueContainerFactory {
 
-    public static AttributeValueContainer create(String value, QuerySolution qs,
-            AttributeValueKey dataSetKey) {
-        String type = getContainerType(qs);
-        if (type == null || dataSetKey == null) {
+    public static AttributeValueContainer create(String value, QuerySolution qs, AttributeValueKey dataSetKey) {
+        Optional<String> type = getContainerType(qs);
+        if (type.isEmpty() || dataSetKey == null) {
             return new AttributeValueContainerImpl(value);
         } else {
-            AttributeValueKey avcKey = getAttributeValueContainerKey(dataSetKey, type);
+            AttributeValueKey avcKey = getAttributeValueContainerKey(dataSetKey, type.get());
             AttributeValueContainer avc = AttributeValuesRegistry.getInstance().get(avcKey);
             if (avc == null) {
                 return createNew(value, qs, dataSetKey, avcKey);
@@ -26,13 +27,22 @@ private static AttributeValueContainer returnFromRegistry(String value, Attribut
         return avc;
     }
 
-    private static AttributeValueContainer createNew(String value, QuerySolution qs,
-            AttributeValueKey dataSetKey, AttributeValueKey avcKey) {
+    private static AttributeValueContainer createNew(String value, QuerySolution qs, AttributeValueKey dataSetKey,
+            AttributeValueKey avcKey) {
         AttributeValueContainer avc;
         avc = new AttributeValueContainerImpl(value);
-        avc.setContainerUri(getContainerUri(qs));
-        avc.setType(getContainerType(qs));
-        avc.setDataSetUri(getDataSetUri(qs));
+        Optional<String> containerUri = getContainerUri(qs);
+        if (containerUri.isPresent()) {
+            avc.setContainerUri(containerUri.get());
+        }
+        Optional<String> type = getContainerType(qs);
+        if (type.isPresent()) {
+            avc.setType(type.get());
+        }
+        Optional<String> dataSetUri = getDataSetUri(qs);
+        if (dataSetUri.isPresent()) {
+            avc.setDataSetUri(dataSetUri.get());
+        }
         avc.setKey(dataSetKey);
         register(avc, avcKey);
         return avc;
@@ -48,27 +58,27 @@ private static void register(AttributeValueContainer avc, AttributeValueKey key)
         AttributeValuesRegistry.getInstance().put(key, avc);
     }
 
-    private static String getContainerUri(QuerySolution qs) {
+    private static Optional<String> getContainerUri(QuerySolution qs) {
         if (qs.contains("attributeValue") && qs.get("attributeValue").isResource()) {
             String uri = qs.getResource("attributeValue").getURI();
-            return uri;
+            return Optional.of(uri);
         }
-        return null;
+        return Optional.empty();
     }
 
-    private static String getContainerType(QuerySolution qs) {
+    private static Optional<String> getContainerType(QuerySolution qs) {
         if (qs.contains("containerType") && qs.get("containerType").isLiteral()) {
             String containerType = qs.getLiteral("containerType").getString();
-            return containerType;
+            return Optional.of(containerType);
         }
-        return null;
+        return Optional.empty();
     }
 
-    private static String getDataSetUri(QuerySolution qs) {
+    private static Optional<String> getDataSetUri(QuerySolution qs) {
         if (qs.contains("dataSetUri") && qs.get("dataSetUri").isResource()) {
             String dataSetUri = qs.getResource("dataSetUri").getURI();
-            return dataSetUri;
+            return Optional.of(dataSetUri);
         }
-        return null;
+        return Optional.empty();
     }
 }

From 7258542cc455ded905514bc93b4c30ec438746b8 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 6 Nov 2023 12:34:13 +0100
Subject: [PATCH 099/148] Converted Access objects to return optionals

---
 .../attributes/ValueContainerFactory.java     |  2 +-
 .../auth/checks/AccessObjectUriCheck.java     | 15 ++++--
 .../webapp/auth/objects/AccessObject.java     | 49 ++++++++++++-------
 .../webapp/auth/objects/AccessObjectImpl.java |  9 +++-
 .../objects/DataPropertyAccessObject.java     | 20 +++++---
 .../objects/FauxDataPropertyAccessObject.java | 35 ++++++++-----
 .../FauxObjectPropertyAccessObject.java       | 37 +++++++++-----
 .../objects/ObjectPropertyAccessObject.java   | 21 +++++---
 .../controller/edit/AuthenticateTest.java     |  2 +-
 9 files changed, 128 insertions(+), 62 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
index ae347f473c..80392137b5 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
@@ -8,7 +8,7 @@ public class ValueContainerFactory {
 
     public static AttributeValueContainer create(String value, QuerySolution qs, AttributeValueKey dataSetKey) {
         Optional<String> type = getContainerType(qs);
-        if (type.isEmpty() || dataSetKey == null) {
+        if (!type.isPresent() || dataSetKey == null) {
             return new AttributeValueContainerImpl(value);
         } else {
             AttributeValueKey avcKey = getAttributeValueContainerKey(dataSetKey, type.get());
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectUriCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectUriCheck.java
index 3585d7e786..72f243d746 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectUriCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectUriCheck.java
@@ -2,6 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
+import java.util.Optional;
+
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
@@ -20,12 +22,17 @@ public AccessObjectUriCheck(String uri, AttributeValueContainer container) {
     @Override
     public boolean check(AuthorizationRequest ar) {
         AccessObject ao = ar.getAccessObject();
-        final String inputValue = ao.getUri();
-        if (AttributeValueChecker.test(this, ar, inputValue)) {
-            log.debug("Attribute match requested '" + inputValue + "'");
+        Optional<String> inputValue = ao.getUri();
+        if (!inputValue.isPresent()) {
+            log.debug("Checked access object uri is not present.");
+            return false;
+        }
+        String uri = inputValue.get();
+        if (AttributeValueChecker.test(this, ar, uri)) {
+            log.debug("Attribute match requested '" + uri + "'");
             return true;
         }
-        log.debug("Attribute don't match requested '" + inputValue + "'");
+        log.debug("Attribute don't match requested '" + uri + "'");
         return false;
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
index 5d6630f011..32e003cd5e 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObject.java
@@ -2,6 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
+import java.util.Optional;
+
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
@@ -18,22 +20,28 @@ public abstract class AccessObject {
     private DataProperty dataProperty;
     private ObjectProperty objectProperty;
 
-    public ObjectProperty getObjectProperty() {
-        return objectProperty;
+    public Optional<ObjectProperty> getObjectProperty() {
+        if (objectProperty != null) {
+            return Optional.of(objectProperty);
+        }
+        return Optional.empty();
     }
 
     public void setObjectProperty(ObjectProperty objectProperty) {
         this.objectProperty = objectProperty;
     }
 
-    public String getUri() {
-        return null;
+    public Optional<String> getUri() {
+        return Optional.empty();
     }
 
     public abstract AccessObjectType getType();
 
-    public AccessObjectStatement getStatement() {
-        return statement;
+    public Optional<AccessObjectStatement> getStatement() {
+        if (statement == null) {
+            return Optional.empty();
+        }
+        return Optional.of(statement);
     };
 
     protected void initializeStatement() {
@@ -44,32 +52,34 @@ protected void initializeStatement() {
 
     public void setStatementOntModel(Model ontModel) {
         initializeStatement();
-        getStatement().setModel(ontModel);
+        statement.setModel(ontModel);
     }
 
     public Model getStatementOntModel() {
-        initializeStatement();
-        return getStatement().getModel();
+        if (statement != null) {
+            return statement.getModel();
+        }
+        return null;
     }
 
     public void setStatementSubject(String subject) {
         initializeStatement();
-        getStatement().setSubject(subject);
+        statement.setSubject(subject);
     }
 
     public String getStatementSubject() {
         initializeStatement();
-        return getStatement().getSubject();
+        return statement.getSubject();
     }
 
     public void setStatementPredicate(Property predicate) {
         initializeStatement();
-        getStatement().setPredicate(predicate);
+        statement.setPredicate(predicate);
     }
 
     protected Property getPredicate() {
         initializeStatement();
-        return getStatement().getPredicate();
+        return statement.getPredicate();
     }
 
     public String getStatementPredicateUri() {
@@ -82,16 +92,19 @@ public String getStatementPredicateUri() {
 
     public void setStatementObject(String objectUri) {
         initializeStatement();
-        this.getStatement().setObject(objectUri);
+        this.statement.setObject(objectUri);
     }
 
     public String getStatementObject() {
         initializeStatement();
-        return getStatement().getObject();
+        return statement.getObject();
     }
 
-    public DataProperty getDataProperty() {
-        return dataProperty;
+    public Optional<DataProperty> getDataProperty() {
+        if (dataProperty == null) {
+            return Optional.empty();
+        }
+        return Optional.of(dataProperty);
     }
 
     public void setDataProperty(DataProperty dataProperty) {
@@ -100,7 +113,7 @@ public void setDataProperty(DataProperty dataProperty) {
 
     public String[] getResourceUris() {
         initializeStatement();
-        return getStatement().getResourceUris(getType());
+        return statement.getResourceUris(getType());
     }
 
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java
index 08b7f89b8e..5bb16bedc2 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java
@@ -2,6 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
+import java.util.Optional;
+
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 
 /**
@@ -27,8 +29,11 @@ public AccessObjectImpl(String uri) {
     }
 
     @Override
-    public String getUri() {
-        return uri;
+    public Optional<String> getUri() {
+        if (uri == null) {
+            return Optional.empty();
+        }
+        return Optional.of(uri);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
index 8c9414f47a..785dfce319 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/DataPropertyAccessObject.java
@@ -2,6 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
+import java.util.Optional;
+
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxDataPropertyWrapper;
@@ -18,12 +20,16 @@ public DataPropertyAccessObject(DataProperty dataProperty) {
     }
 
     @Override
-    public String getUri() {
-        DataProperty dp = getDataProperty();
-        if (dp != null) {
-            return dp.getURI();
+    public Optional<String> getUri() {
+        Optional<DataProperty> dp = getDataProperty();
+        if (dp.isPresent()) {
+            String uri = dp.get().getURI();
+            if (uri == null) {
+                return Optional.empty();
+            }
+            return Optional.of(uri);
         }
-        return null;
+        return Optional.empty();
     }
 
     @Override
@@ -33,8 +39,8 @@ public AccessObjectType getType() {
 
     @Override
     public String toString() {
-        DataProperty dp = getDataProperty();
-        return getClass().getSimpleName() + ": " + (dp == null ? dp : dp.getURI());
+        Optional<DataProperty> dp = getDataProperty();
+        return getClass().getSimpleName() + ": " + (!dp.isPresent() ? "not present" : dp.get().getURI());
     }
 
     private void debug(DataProperty dataProperty) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
index d1ff802e42..d7c3f7a070 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxDataPropertyAccessObject.java
@@ -2,6 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
+import java.util.Optional;
+
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
 import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxDataPropertyWrapper;
@@ -17,23 +19,34 @@ public AccessObjectType getType() {
         return AccessObjectType.FAUX_DATA_PROPERTY;
     }
 
-    public String getUri() {
-        DataProperty dp = getDataProperty();
-        if (dp instanceof FauxDataPropertyWrapper) {
-            return ((FauxDataPropertyWrapper) dp).getConfigUri();
+    @Override
+    public Optional<String> getUri() {
+        Optional<DataProperty> dp = getDataProperty();
+        if (!dp.isPresent()) {
+            return Optional.empty();
+        }
+        DataProperty property = dp.get();
+        if (property instanceof FauxDataPropertyWrapper) {
+            String uri = ((FauxDataPropertyWrapper) property).getConfigUri();
+            if (uri == null) {
+                return Optional.empty();
+            }
+            return Optional.of(uri);
         }
-        if (dp != null) {
-            return dp.getURI();
+        String uri = property.getURI();
+        if (uri == null) {
+            return Optional.empty();
         }
-        return null;
+        return Optional.of(uri);
     }
 
     @Override
     public String toString() {
-        DataProperty dp = getDataProperty();
-        if (dp instanceof FauxDataPropertyWrapper) {
-            return getClass().getSimpleName() + ": " + ((FauxDataPropertyWrapper) dp).getConfigUri();
+        Optional<DataProperty> dp = getDataProperty();
+        DataProperty property = dp.get();
+        if (property instanceof FauxDataPropertyWrapper) {
+            return getClass().getSimpleName() + ": " + ((FauxDataPropertyWrapper) property).getConfigUri();
         }
-        return getClass().getSimpleName() + ": " + (dp == null ? dp : dp.getURI());
+        return getClass().getSimpleName() + ": " + (!dp.isPresent() ? "not present" : dp.get().getURI());
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
index ff931a5978..5513c48873 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/FauxObjectPropertyAccessObject.java
@@ -2,6 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
+import java.util.Optional;
+
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxObjectPropertyWrapper;
@@ -17,23 +19,36 @@ public AccessObjectType getType() {
         return AccessObjectType.FAUX_OBJECT_PROPERTY;
     }
 
-    public String getUri() {
-        ObjectProperty op = getObjectProperty();
-        if (op instanceof FauxObjectPropertyWrapper) {
-            return ((FauxObjectPropertyWrapper) op).getConfigUri();
+    public Optional<String> getUri() {
+        Optional<ObjectProperty> op = getObjectProperty();
+        if (!op.isPresent()) {
+            return Optional.empty();
+        }
+        ObjectProperty property = op.get();
+        if (property instanceof FauxObjectPropertyWrapper) {
+            String uri = ((FauxObjectPropertyWrapper) property).getConfigUri();
+            if (uri == null) {
+                return Optional.empty();
+            }
+            return Optional.of(uri);
         }
-        if (op != null) {
-            return op.getURI();
+        String uri = property.getURI();
+        if (uri == null) {
+            return Optional.empty();
         }
-        return null;
+        return Optional.of(uri);
     }
 
     @Override
     public String toString() {
-        ObjectProperty op = getObjectProperty();
-        if (op instanceof FauxObjectPropertyWrapper) {
-            return getClass().getSimpleName() + ": " + ((FauxObjectPropertyWrapper) op).getConfigUri();
+        Optional<ObjectProperty> op = getObjectProperty();
+        if (!op.isPresent()) {
+            return getClass().getSimpleName() + ": Object property is not present.";
+        }
+        ObjectProperty property = op.get();
+        if (property instanceof FauxObjectPropertyWrapper) {
+            return getClass().getSimpleName() + ": " + ((FauxObjectPropertyWrapper) property).getConfigUri();
         }
-        return getClass().getSimpleName() + ": " + (op == null ? op : op.getURI());
+        return getClass().getSimpleName() + ": " + (property == null ? "not present." : property.getURI());
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
index caa123ecc7..bfa94ddff6 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/ObjectPropertyAccessObject.java
@@ -2,6 +2,8 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.objects;
 
+import java.util.Optional;
+
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual.FauxObjectPropertyWrapper;
@@ -17,12 +19,17 @@ public ObjectPropertyAccessObject(ObjectProperty objectProperty) {
         debug(objectProperty);
     }
 
-    public String getUri() {
-        ObjectProperty op = getObjectProperty();
-        if (op != null) {
-            return op.getURI();
+    @Override
+    public Optional<String> getUri() {
+        Optional<ObjectProperty> op = getObjectProperty();
+        if (op.isPresent()) {
+            String uri = op.get().getURI();
+            if (uri == null) {
+                return Optional.empty();
+            }
+            return Optional.of(uri);
         }
-        return null;
+        return Optional.empty();
     }
 
     @Override
@@ -32,8 +39,8 @@ public AccessObjectType getType() {
 
     @Override
     public String toString() {
-        ObjectProperty op = getObjectProperty();
-        return getClass().getSimpleName() + ": " + (op == null ? op : op.getURI());
+        Optional<ObjectProperty> op = getObjectProperty();
+        return getClass().getSimpleName() + ": " + (!op.isPresent() ? "not present." : op.get().getURI());
     }
 
     private void debug(ObjectProperty property) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java
index afbf18a1d2..521cfa28ac 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java
@@ -156,7 +156,7 @@ public void setup() throws Exception {
 		PermissionSet adminPermissionSet = new PermissionSet();
 		adminPermissionSet.setUri(URI_DBA);
 		adminPermissionSet.setPermissionUris(Collections
-				.singleton(SimplePermission.SEE_SITE_ADMIN_PAGE.ACTION.getObject().getUri()));
+				.singleton(SimplePermission.SEE_SITE_ADMIN_PAGE.ACTION.getObject().getUri().get()));
 
 		userAccountsDao = new UserAccountsDaoStub();
 		userAccountsDao.addPermissionSet(adminPermissionSet);

From 2165b2a6768d3981ed045b13253557d56187e10b Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 7 Nov 2023 16:53:55 +0100
Subject: [PATCH 100/148] code style fixes

---
 .../vitro/webapp/auth/checks/AttributeValueChecker.java   | 2 +-
 .../mannlib/vitro/webapp/auth/policy/Policies.java        | 2 +-
 .../webapp/auth/policy/PolicyTemplateController.java      | 1 -
 .../webapp/auth/requestedAction/AuthorizationRequest.java | 2 +-
 .../requestedAction/ForbiddenAuthorizationRequest.java    | 1 -
 .../controller/edit/FauxPropertyRetryController.java      | 2 +-
 .../controller/EditRequestDispatchController.java         | 2 +-
 .../mannlib/vitro/webapp/modelaccess/ModelNames.java      | 8 ++++----
 8 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AttributeValueChecker.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AttributeValueChecker.java
index 2c1445aa29..1f0899dad4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AttributeValueChecker.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AttributeValueChecker.java
@@ -44,7 +44,7 @@ private static boolean sparqlQueryContains(Check attr, AuthorizationRequest ar,
         }
         String queryTemplate = values.getSingleValue();
         if (StringUtils.isBlank(queryTemplate)) {
-            log.error("SparqlQueryContins template is empty");
+            log.error("SparqlQueryContains template is empty");
             return false;
         }
         AccessObject ao = ar.getAccessObject();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
index ba0b8f04d0..f57588beca 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/Policies.java
@@ -20,4 +20,4 @@ public interface Policies {
 
     void remove(String policyUri);
 
-}
\ No newline at end of file
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
index 2a3277d789..af469f3678 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -26,7 +26,6 @@ public static void createRoleDataSets(String roleUri) {
     private static void createRoleDataSet(String dataSetTemplateUri, String roleUri, String dataSetsUri) {
         String role = getRoleShortName(roleUri);
         String dataSetUri = getUriFromTemplate(dataSetTemplateUri, role);
-        // TODO: Check uri doesn't exists in access control graph
         String dataSetKeyUri = dataSetUri + "Key";
         // TODO: Check uri doesn't exists in access control graph
         PolicyLoader policyLoader = PolicyLoader.getInstance();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
index f6b31e4373..788cb9290c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
@@ -89,4 +89,4 @@ public String toString() {
         result += String.format(" on '%s' ", getAccessObject());
         return result;
     }
-}
\ No newline at end of file
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ForbiddenAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ForbiddenAuthorizationRequest.java
index 878fb13d48..62b8d6ff68 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ForbiddenAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ForbiddenAuthorizationRequest.java
@@ -32,7 +32,6 @@ public AccessOperation getAccessOperation() {
 
     @Override
     public IdentifierBundle getIds() {
-        // TODO Auto-generated method stub
         return null;
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java
index 7b45fe94f6..00dd403109 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/FauxPropertyRetryController.java
@@ -78,7 +78,7 @@ public void doPost(HttpServletRequest req, HttpServletResponse response) {
 		} else {
 		    aot = AccessObjectType.FAUX_OBJECT_PROPERTY;
 		}
-        req.setAttribute("_faux_property_type", aot);
+		req.setAttribute("_faux_property_type", aot);
 
 		addAccessAttributes(req, populator.beanForEditing.getConfigUri(), aot);
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
index 30357232e5..2bdd3fd789 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
@@ -115,7 +115,7 @@ protected AuthorizationRequest requiredActions(VitroRequest vreq) {
 		} else {
 		    dataPropertyAccessObject = new FauxDataPropertyStatementAccessObject(ontModel, subjectUri, fauxProperty, objectUri);
 		}
-        boolean isAuthorized = PolicyHelper.isAuthorizedForActions(vreq, 
+		boolean isAuthorized = PolicyHelper.isAuthorizedForActions(vreq, 
 		        AuthorizationRequest.or(
 		                new SimpleAuthorizationRequest(dataPropertyAccessObject, AccessOperation.EDIT), 
 		                new SimpleAuthorizationRequest(objectPropertyAccessObject, accessOperation)));
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelNames.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelNames.java
index b959d23e42..dfe42b22b3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelNames.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/modelaccess/ModelNames.java
@@ -36,8 +36,8 @@ public class ModelNames {
 	public static final String DISPLAY_DISPLAY_FIRSTTIME_BACKUP = DISPLAY_DISPLAY + "FirsttimeBackup";
 	public static final String INTERFACE_I18N = "http://vitro.mannlib.cornell.edu/default/interface-i18n";
 	public static final String INTERFACE_I18N_FIRSTTIME_BACKUP = INTERFACE_I18N + "FirsttimeBackup";
-    public static final String ACCESS_CONTROL = "http://vitro.mannlib.cornell.edu/default/access-control";
-    public static final String ACCESS_CONTROL_FIRSTTIME_BACKUP = ACCESS_CONTROL + "FirsttimeBackup";
+	public static final String ACCESS_CONTROL = "http://vitro.mannlib.cornell.edu/default/access-control";
+	public static final String ACCESS_CONTROL_FIRSTTIME_BACKUP = ACCESS_CONTROL + "FirsttimeBackup";
 
 
 
@@ -72,8 +72,8 @@ private static Map<String, String> populateNamesMap() {
 		map.put("DISPLAY_DISPLAY_FIRSTTIME_BACKUP", DISPLAY_DISPLAY_FIRSTTIME_BACKUP);
 		map.put("INTERFACE_I18N", INTERFACE_I18N);
 		map.put("INTERFACE_I18N_FIRSTTIME_BACKUP", INTERFACE_I18N_FIRSTTIME_BACKUP);
-        map.put("INTERFACE_I18N", ACCESS_CONTROL);
-        map.put("INTERFACE_I18N_FIRSTTIME_BACKUP", ACCESS_CONTROL_FIRSTTIME_BACKUP);
+		map.put("INTERFACE_I18N", ACCESS_CONTROL);
+		map.put("INTERFACE_I18N_FIRSTTIME_BACKUP", ACCESS_CONTROL_FIRSTTIME_BACKUP);
 		return Collections.unmodifiableMap(map);
 	}
 

From e9cf3ba0788f41f6cfd9d5cd77770c87ab5974f3 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 7 Nov 2023 17:52:16 +0100
Subject: [PATCH 101/148] renamed AccessRuleImpl to FastFailAccessRule,
 AccessObjectImpl to NamedAccessObject

---
 ...ccessObjectImpl.java => NamedAccessObject.java} | 14 +++++++-------
 .../webapp/auth/objects/RootAccessObject.java      |  2 +-
 .../webapp/auth/permissions/SimplePermission.java  |  4 ++--
 .../SimpleAuthorizationRequest.java                |  4 ++--
 .../vitro/webapp/auth/rules/AccessRuleFactory.java |  2 +-
 ...AccessRuleImpl.java => FastFailAccessRule.java} |  4 ++--
 .../controller/freemarker/PageController.java      |  4 ++--
 .../vitro/webapp/auth/rules/AccessRuleTest.java    |  2 +-
 8 files changed, 18 insertions(+), 18 deletions(-)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/{AccessObjectImpl.java => NamedAccessObject.java} (77%)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/{AccessRuleImpl.java => FastFailAccessRule.java} (96%)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/NamedAccessObject.java
similarity index 77%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/NamedAccessObject.java
index 5bb16bedc2..2617cedbd5 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/AccessObjectImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/NamedAccessObject.java
@@ -7,23 +7,23 @@
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 
 /**
- * A RequestedAction that can be recognized by a SimplePermission.
+ * A NamedAccessObject to be used for SimplePermission.
  */
-public class AccessObjectImpl extends AccessObject {
+public class NamedAccessObject extends AccessObject {
     private final String uri;
     private AccessObjectType type;
 
-    public AccessObjectImpl() {
+    public NamedAccessObject() {
         this.uri = "";
         this.type = AccessObjectType.NAMED_OBJECT;
     }
 
-    public AccessObjectImpl(String uri, AccessObjectType type) {
+    public NamedAccessObject(String uri, AccessObjectType type) {
         this.uri = uri;
         this.type = type;
     }
 
-    public AccessObjectImpl(String uri) {
+    public NamedAccessObject(String uri) {
         this.uri = uri;
         this.type = AccessObjectType.NAMED_OBJECT;
     }
@@ -43,8 +43,8 @@ public int hashCode() {
 
     @Override
     public boolean equals(Object o) {
-        if (o instanceof AccessObjectImpl) {
-            AccessObjectImpl that = (AccessObjectImpl) o;
+        if (o instanceof NamedAccessObject) {
+            NamedAccessObject that = (NamedAccessObject) o;
             return equivalent(this.uri, that.uri);
         }
         return false;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/RootAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/RootAccessObject.java
index 222ed2f806..2bb5108313 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/RootAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/RootAccessObject.java
@@ -7,7 +7,7 @@
 /**
  * Should we allow the user to edit or delete the root account?
  */
-public class RootAccessObject extends AccessObjectImpl {
+public class RootAccessObject extends NamedAccessObject {
 
     @Override
     public AccessObjectType getType() {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
index 530d27983b..3cfbc4a3e1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
@@ -4,7 +4,7 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
-import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObjectImpl;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.NamedAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
 
 public class SimplePermission {
@@ -75,7 +75,7 @@ public String getUri() {
 
     private SimplePermission(String uri) {
         this.uri = SimplePermission.NS + uri;
-        AccessObjectImpl ao = new AccessObjectImpl(this.uri, AccessObjectType.NAMED_OBJECT);
+        NamedAccessObject ao = new NamedAccessObject(this.uri, AccessObjectType.NAMED_OBJECT);
         this.ACTION = new SimpleAuthorizationRequest(ao, AccessOperation.EXECUTE);
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java
index 59dea15f68..8cba356195 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/SimpleAuthorizationRequest.java
@@ -4,7 +4,7 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
-import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObjectImpl;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.NamedAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
 
 public class SimpleAuthorizationRequest extends AuthorizationRequest {
@@ -27,7 +27,7 @@ public SimpleAuthorizationRequest(AccessObject object, AccessOperation operation
     }
 
     public SimpleAuthorizationRequest(String namedAccessObject) {
-        this.object = new AccessObjectImpl(namedAccessObject);
+        this.object = new NamedAccessObject(namedAccessObject);
         this.operation = AccessOperation.EXECUTE;
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
index c101dc1faa..8c08ebf077 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleFactory.java
@@ -18,7 +18,7 @@ public static AccessRule createRule(QuerySolution qs) {
     }
 
     public static AccessRule createRule(QuerySolution qs, AttributeValueKey key) {
-        AccessRule ar = new AccessRuleImpl();
+        AccessRule ar = new FastFailAccessRule();
         String ruleUri = qs.getResource(PolicyLoader.RULE).getURI();
         ar.setRuleUri(ruleUri);
         ar.addCheck(CheckFactory.createCheck(qs, key));
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/FastFailAccessRule.java
similarity index 96%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/FastFailAccessRule.java
index 5aa667700a..82d46e5fec 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/rules/FastFailAccessRule.java
@@ -19,8 +19,8 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-public class AccessRuleImpl implements AccessRule {
-    private static final Log log = LogFactory.getLog(AccessRuleImpl.class);
+public class FastFailAccessRule implements AccessRule {
+    private static final Log log = LogFactory.getLog(FastFailAccessRule.class);
     protected Map<String, Check> checksMap = new HashMap<>();
     protected List<Check> checks = new ArrayList<Check>();
     private static final Comparator<Check> comparator = getAttributeComparator();
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java
index d1da6275df..a5e2a99829 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java
@@ -18,7 +18,7 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
-import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObjectImpl;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.NamedAccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
@@ -73,7 +73,7 @@ private AuthorizationRequest getActionsForPage( VitroRequest vreq ) throws Excep
             if (StringUtils.isBlank(uri)) {
                 continue;
             }
-            AccessObjectImpl ao = new AccessObjectImpl(uri, AccessObjectType.NAMED_OBJECT);
+            NamedAccessObject ao = new NamedAccessObject(uri, AccessObjectType.NAMED_OBJECT);
             auth = auth.and( new SimpleAuthorizationRequest(ao, AccessOperation.EXECUTE));
         }
         return auth;
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
index 62f9f8ab0a..892192edd1 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
@@ -17,7 +17,7 @@ public class AccessRuleTest {
 
     @Test
     public void testAttributeOrderByComputationalCost() {
-        AccessRule rule = new AccessRuleImpl();
+        AccessRule rule = new FastFailAccessRule();
         Check cheapAttribute = uriCheck("test:cheapAttributeUri", value("test:objectUri"));
         cheapAttribute.setType(EQUALS);
         Check affordableAttribute = uriCheck("test:affordableAttributeUri", value("test:objectUri"));

From 06be2af0a1374dc8762f2ac745cca88b7ae13a58 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 7 Nov 2023 17:55:48 +0100
Subject: [PATCH 102/148] renamed AttributeValueContainerImpl to
 MutableAttributeValueContainer

---
 ...ContainerImpl.java => MutableAttributeValueContainer.java} | 4 ++--
 .../vitro/webapp/auth/attributes/ValueContainerFactory.java   | 4 ++--
 .../mannlib/vitro/webapp/auth/rules/AccessRuleTest.java       | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{AttributeValueContainerImpl.java => MutableAttributeValueContainer.java} (92%)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerImpl.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/MutableAttributeValueContainer.java
similarity index 92%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerImpl.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/MutableAttributeValueContainer.java
index 11ef2d0934..7d5dc773df 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerImpl.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/MutableAttributeValueContainer.java
@@ -4,7 +4,7 @@
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 
-public class AttributeValueContainerImpl implements AttributeValueContainer {
+public class MutableAttributeValueContainer implements AttributeValueContainer {
 
     private Set<String> values = ConcurrentHashMap.newKeySet();
     private String containerUri;
@@ -16,7 +16,7 @@ public void setContainerUri(String valueContainerUri) {
         this.containerUri = valueContainerUri;
     }
 
-    public AttributeValueContainerImpl(String value) {
+    public MutableAttributeValueContainer(String value) {
         values.add(value);
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
index 80392137b5..760eda8a30 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
@@ -9,7 +9,7 @@ public class ValueContainerFactory {
     public static AttributeValueContainer create(String value, QuerySolution qs, AttributeValueKey dataSetKey) {
         Optional<String> type = getContainerType(qs);
         if (!type.isPresent() || dataSetKey == null) {
-            return new AttributeValueContainerImpl(value);
+            return new MutableAttributeValueContainer(value);
         } else {
             AttributeValueKey avcKey = getAttributeValueContainerKey(dataSetKey, type.get());
             AttributeValueContainer avc = AttributeValuesRegistry.getInstance().get(avcKey);
@@ -30,7 +30,7 @@ private static AttributeValueContainer returnFromRegistry(String value, Attribut
     private static AttributeValueContainer createNew(String value, QuerySolution qs, AttributeValueKey dataSetKey,
             AttributeValueKey avcKey) {
         AttributeValueContainer avc;
-        avc = new AttributeValueContainerImpl(value);
+        avc = new MutableAttributeValueContainer(value);
         Optional<String> containerUri = getContainerUri(qs);
         if (containerUri.isPresent()) {
             avc.setContainerUri(containerUri.get());
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
index 892192edd1..e52313a2f6 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
@@ -8,7 +8,7 @@
 import java.util.List;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainerImpl;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.MutableAttributeValueContainer;
 import edu.cornell.mannlib.vitro.webapp.auth.checks.AccessObjectUriCheck;
 import edu.cornell.mannlib.vitro.webapp.auth.checks.Check;
 import org.junit.Test;
@@ -34,7 +34,7 @@ public void testAttributeOrderByComputationalCost() {
     }
 
     private AttributeValueContainer value(String value) {
-        return new AttributeValueContainerImpl(value);
+        return new MutableAttributeValueContainer(value);
     }
 
     private Check uriCheck(String uri, AttributeValueContainer avc) {

From f8769c7514bc5e9ea61859617db2c8f1c1678e89 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 7 Nov 2023 18:11:33 +0100
Subject: [PATCH 103/148] Renamed AttributeValuesRegistry to
 AttributeValueContainerRegistry, removed not needed interface AttributeValues

---
 ...stry.java => AttributeValueContainerRegistry.java} | 11 ++++-------
 .../vitro/webapp/auth/attributes/AttributeValues.java | 11 -----------
 .../webapp/auth/attributes/ValueContainerFactory.java |  4 ++--
 .../webapp/auth/policy/EntityPolicyController.java    |  9 ++++-----
 .../mannlib/vitro/webapp/auth/policy/PolicyTest.java  |  6 +++---
 .../vitro/webapp/migration/auth/AuthMigratorTest.java |  4 ++--
 6 files changed, 15 insertions(+), 30 deletions(-)
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{AttributeValuesRegistry.java => AttributeValueContainerRegistry.java} (68%)
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValues.java

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValuesRegistry.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerRegistry.java
similarity index 68%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValuesRegistry.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerRegistry.java
index cc255ec282..bd0eb3e2c7 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValuesRegistry.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerRegistry.java
@@ -3,30 +3,27 @@
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
-public class AttributeValuesRegistry implements AttributeValues {
+public class AttributeValueContainerRegistry {
 
-    private static AttributeValues INSTANCE = new AttributeValuesRegistry();
+    private static AttributeValueContainerRegistry INSTANCE = new AttributeValueContainerRegistry();
     private Map<AttributeValueKey, AttributeValueContainer> valuesMap = new ConcurrentHashMap<>();
 
-    private AttributeValuesRegistry() {
+    private AttributeValueContainerRegistry() {
         INSTANCE = this;
     }
 
-    public static AttributeValues getInstance() {
+    public static AttributeValueContainerRegistry getInstance() {
         return INSTANCE;
     }
 
-    @Override
     public AttributeValueContainer get(AttributeValueKey key) {
         return valuesMap.get(key);
     }
 
-    @Override
     public void put(AttributeValueKey key, AttributeValueContainer values) {
         valuesMap.put(key, values);
     }
 
-    @Override
     public void clear() {
         valuesMap.clear();
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValues.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValues.java
deleted file mode 100644
index 31204c441d..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValues.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
-
-public interface AttributeValues {
-
-    AttributeValueContainer get(AttributeValueKey key);
-
-    void put(AttributeValueKey key, AttributeValueContainer values);
-
-    void clear();
-
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
index 760eda8a30..3079e7bb66 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
@@ -12,7 +12,7 @@ public static AttributeValueContainer create(String value, QuerySolution qs, Att
             return new MutableAttributeValueContainer(value);
         } else {
             AttributeValueKey avcKey = getAttributeValueContainerKey(dataSetKey, type.get());
-            AttributeValueContainer avc = AttributeValuesRegistry.getInstance().get(avcKey);
+            AttributeValueContainer avc = AttributeValueContainerRegistry.getInstance().get(avcKey);
             if (avc == null) {
                 return createNew(value, qs, dataSetKey, avcKey);
             } else {
@@ -55,7 +55,7 @@ private static AttributeValueKey getAttributeValueContainerKey(AttributeValueKey
     }
 
     private static void register(AttributeValueContainer avc, AttributeValueKey key) {
-        AttributeValuesRegistry.getInstance().put(key, avc);
+        AttributeValueContainerRegistry.getInstance().put(key, avc);
     }
 
     private static Optional<String> getContainerUri(QuerySolution qs) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index d0caadc734..cda5bf39a0 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -15,9 +15,8 @@
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainerRegistry;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueKey;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValues;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValuesRegistry;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
@@ -49,8 +48,8 @@ public static void updateEntityDataSet(String entityUri, AccessObjectType aot, A
         }
     }
 
-    private static AttributeValues getRegistry() {
-        return AttributeValuesRegistry.getInstance();
+    private static AttributeValueContainerRegistry getRegistry() {
+        return AttributeValueContainerRegistry.getInstance();
     }
 
     public static void revokeAccess(String entityUri, AccessObjectType aot, AccessOperation ao, String role) {
@@ -115,7 +114,7 @@ public static boolean isGranted(String entityUri, AccessObjectType aot, AccessOp
         if (StringUtils.isBlank(entityUri)) {
             return false;
         }
-        AttributeValues registry = getRegistry();
+        AttributeValueContainerRegistry registry = getRegistry();
         AttributeValueKey key = new AttributeValueKey(ao, aot, role, aot.toString());
         AttributeValueContainer container = registry.get(key);
         if (container == null) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index acc497ed1e..7e3a5028f8 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -9,7 +9,7 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValuesRegistry;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainerRegistry;
 import edu.cornell.mannlib.vitro.webapp.auth.checks.Check;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
@@ -93,7 +93,7 @@ public void init() {
         load(PROFILE_PROXIMITY_QUERY);
         load(TEST_DECISIONS);
         RDFServiceModel rdfService = new RDFServiceModel(configurationDataSet);
-        AttributeValuesRegistry.getInstance().clear();
+        AttributeValueContainerRegistry.getInstance().clear();
         PolicyLoader.initialize(rdfService);
         loader = PolicyLoader.getInstance();
         Logger logger = LogManager.getLogger(PolicyLoader.class);
@@ -102,7 +102,7 @@ public void init() {
 
     @After
     public void finish() {
-        AttributeValuesRegistry.getInstance().clear();
+        AttributeValueContainerRegistry.getInstance().clear();
     }
 
     protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<Integer> attrCount) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
index 2e7501cdc7..8d8f684699 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
@@ -1,6 +1,6 @@
 package edu.cornell.mannlib.vitro.webapp.migration.auth;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValuesRegistry;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainerRegistry;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
@@ -32,7 +32,7 @@ public void initAuthMigration() {
         load(configurationModel, CONFIGURATION);
         configurationDataSet.replaceNamedModel(ModelNames.DISPLAY, configurationModel);
         load(contentModel, CONTENT);
-        AttributeValuesRegistry.getInstance().clear();
+        AttributeValueContainerRegistry.getInstance().clear();
         LogManager.getLogger(AnnotationMigrator.class).setLevel(Level.ERROR);
         LogManager.getLogger(ArmMigrator.class).setLevel(Level.ERROR);
     }

From b88ebc1a155fd3f8077b288bd8ac4df60e1afd67 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 14 Nov 2023 12:16:52 +0100
Subject: [PATCH 104/148] fix: access control ontology property range fixes

---
 .../rdf/tbox/firsttime/vitro-access-control-ontology.n3       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index b6319cb840..e7f9085592 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -143,7 +143,7 @@
     owl:FunctionalProperty ;
     rdfs:comment "Type of values for new value container";
     rdfs:label "container type template"@en-US ;
-    rdfs:range :Attribute ;
+    rdfs:range [ a owl:Class ; owl:unionOf  ( :Attribute :ObjectType ) ] ;
     rdfs:domain :ValueContainerTemplate .
 
 :attributeValue a owl:ObjectProperty ;
@@ -211,7 +211,7 @@
     rdfs:comment "Specifies type of container values";
     rdfs:label "container type"@en-US ;
     rdfs:domain :ValueContainer ;
-    rdfs:range :Attribute .
+    rdfs:range :ObjectType .
 
 :singleValue a owl:ObjectProperty ;
     rdfs:comment "Contains single value to check";

From 31c0dc58a334d11581515cdd1a59c797baca3dce Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 14 Nov 2023 12:27:59 +0100
Subject: [PATCH 105/148] Added missing Configuration class and version data
 property configurations in access control ontology

---
 .../tbox/firsttime/vitro-access-control-ontology.n3   | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index e7f9085592..1ee1e66afc 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -86,6 +86,10 @@
 :ValueContainerTemplate a owl:Class ;
     rdfs:comment "Template to create new value container from";
     rdfs:label "Value container template"@en-US .
+    
+:Configuration a owl:Class ;
+    rdfs:comment "Access control configuration";
+    rdfs:label "Configuration"@en-US .
 
 ### Data properties
 
@@ -102,6 +106,13 @@
     rdfs:range xsd:integer ;
     rdfs:domain [ a owl:Class ; owl:unionOf  ( :Policy :PolicyTemplate :PolicyDataSet ) ] ;
     rdfs:label "priority"@en-US . 
+    
+:version a owl:DatatypeProperty ,
+    owl:FunctionalProperty ;
+    rdfs:comment "Access control configuration version";
+    rdfs:range xsd:integer ;
+    rdfs:domain :Configuration ;
+    rdfs:label "version"@en-US .
 
 ### Object properties
 

From 7b631da26806234eb95d2232e77c92fe457fd74c Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 15 Nov 2023 18:57:32 +0100
Subject: [PATCH 106/148] Vitro value containers to allow rdfs:label property

---
 .../allowed_entities_admin_add_object_property.n3        | 9 +++++++++
 .../allowed_entities_admin_display_object_property.n3    | 7 +++++++
 .../allowed_entities_admin_drop_object_property.n3       | 7 +++++++
 .../allowed_entities_admin_edit_object_property.n3       | 7 +++++++
 .../allowed_entities_admin_publish_object_property.n3    | 7 +++++++
 .../allowed_entities_curator_add_object_property.n3      | 7 +++++++
 .../allowed_entities_curator_display_object_property.n3  | 7 +++++++
 .../allowed_entities_curator_drop_object_property.n3     | 7 +++++++
 .../allowed_entities_curator_edit_object_property.n3     | 7 +++++++
 .../allowed_entities_curator_publish_object_property.n3  | 7 +++++++
 .../allowed_entities_editor_add_object_property.n3       | 7 +++++++
 .../allowed_entities_editor_display_object_property.n3   | 7 +++++++
 .../allowed_entities_editor_drop_object_property.n3      | 7 +++++++
 .../allowed_entities_editor_edit_object_property.n3      | 7 +++++++
 .../allowed_entities_editor_publish_object_property.n3   | 7 +++++++
 .../allowed_entities_public_display_object_property.n3   | 7 +++++++
 .../allowed_entities_self_editor_add_object_property.n3  | 7 +++++++
 ...lowed_entities_self_editor_display_object_property.n3 | 7 +++++++
 .../allowed_entities_self_editor_drop_object_property.n3 | 7 +++++++
 .../allowed_entities_self_editor_edit_object_property.n3 | 7 +++++++
 ...lowed_entities_self_editor_publish_object_property.n3 | 7 +++++++
 21 files changed, 149 insertions(+)
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_object_property.n3

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_object_property.n3
new file mode 100644
index 0000000000..bba9b630f3
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_object_property.n3
@@ -0,0 +1,9 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:AdminAddObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
+
+
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_object_property.n3
new file mode 100644
index 0000000000..839f2c3d37
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+
+:AdminDisplayObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_object_property.n3
new file mode 100644
index 0000000000..b43961b01f
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+
+:AdminDropObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_object_property.n3
new file mode 100644
index 0000000000..95b173b5a6
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+
+:AdminEditObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_object_property.n3
new file mode 100644
index 0000000000..292170fa7f
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+
+:AdminPublishObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_object_property.n3
new file mode 100644
index 0000000000..537f447048
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:CuratorAddObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_object_property.n3
new file mode 100644
index 0000000000..61fa1f5cac
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+    
+:CuratorDisplayObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_object_property.n3
new file mode 100644
index 0000000000..faafcbde81
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:CuratorDropObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_object_property.n3
new file mode 100644
index 0000000000..32a93eb41a
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:CuratorEditObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_object_property.n3
new file mode 100644
index 0000000000..94591949b7
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:CuratorPublishObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_object_property.n3
new file mode 100644
index 0000000000..e3129f18b5
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:EditorAddObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_object_property.n3
new file mode 100644
index 0000000000..3630cd36d5
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:EditorDisplayObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_object_property.n3
new file mode 100644
index 0000000000..67cd460a52
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:EditorDropObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_object_property.n3
new file mode 100644
index 0000000000..b06fafb882
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:EditorEditObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_object_property.n3
new file mode 100644
index 0000000000..9f8afae4d6
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:EditorPublishObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_object_property.n3
new file mode 100644
index 0000000000..c4875d1efd
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:PublicDisplayObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_object_property.n3
new file mode 100644
index 0000000000..9640b0e255
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/update-related-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:SelfEditorAddObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_object_property.n3
new file mode 100644
index 0000000000..106cd509d8
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/related-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:SelfEditorDisplayObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_object_property.n3
new file mode 100644
index 0000000000..aabd218ab2
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/update-related-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:SelfEditorDropObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_object_property.n3
new file mode 100644
index 0000000000..0203501db1
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/update-related-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:SelfEditorEditObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_object_property.n3
new file mode 100644
index 0000000000..01db9a3c64
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_object_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/related-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:SelfEditorPublishObjectPropertyValueContainer access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .

From 67bbb3fbcd6203b2573ceb042a3e1d7cd4b1f7e0 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 15 Nov 2023 19:02:49 +0100
Subject: [PATCH 107/148] increased verbosity of annotation migration

---
 .../migration/auth/AnnotationMigrator.java    | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
index b62d7e2c0d..8145754478 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
@@ -31,6 +31,8 @@
 
 public class AnnotationMigrator {
 
+    private static final String ROLE_PREFIX = "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#";
+
     private static final Log log = LogFactory.getLog(AnnotationMigrator.class);
 
     private static final String PREFIX = "http://vitro.mannlib.cornell.edu/ns/vitro/role#";
@@ -184,6 +186,10 @@ private static Long[] updatePolicyDatasets(AccessObjectType aot,
             for (OperationGroup og : groupMap.keySet()) {
                 for (AccessOperation ao : OperationGroup.getOperations(og)) {
                     Set<String> rolesToAdd = groupMap.get(og);
+                    if (!rolesToAdd.isEmpty()) {
+                        log.info(String.format("Granted access to %s %s %s for roles %s", ao, aot, entityUri,
+                                rolesToString(rolesToAdd)));
+                    }
                     EntityPolicyController.getDataValueStatements(entityUri, aot, ao, rolesToAdd, additions);
                     Set<String> rolesToRemove = new HashSet<>(ALL_ROLES);
                     rolesToRemove.removeAll(rolesToAdd);
@@ -193,6 +199,10 @@ private static Long[] updatePolicyDatasets(AccessObjectType aot,
                     if (OperationGroup.PUBLISH_GROUP.equals(og) || OperationGroup.UPDATE_GROUP.equals(og)) {
                         rolesToRemove.remove(ROLE_PUBLIC_URI);
                     }
+                    if (!rolesToRemove.isEmpty()) {
+                        log.info(String.format("Revoked access to %s %s %s for roles %s", ao, aot, entityUri,
+                                rolesToString(rolesToRemove)));
+                    }
                     EntityPolicyController.getDataValueStatements(entityUri, aot, ao, rolesToRemove, removals);
                     log.debug(String.format(
                             "Updated entity %s dataset for operation group %s access object type %s roles %s",
@@ -205,6 +215,21 @@ private static Long[] updatePolicyDatasets(AccessObjectType aot,
         return new Long[] { getLineCount(additions.toString()), getLineCount(removals.toString()) };
     }
 
+    private static Object rolesToString(Set<String> roles) {
+        String result = "";
+        for (String roleUri : roles) {
+            String roleName = roleUri;
+            if (roleName.startsWith(ROLE_PREFIX)) {
+                roleName = roleName.substring(ROLE_PREFIX.length());
+            }
+            if (!result.isEmpty()) {
+                result += ", ";
+            }
+            result += roleName;
+        }
+        return result;
+    }
+
     private static String getAnnotationQuery(String typeSpecificPatterns) {
         return ""
                 + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"

From 642ea45ae92997038414747e464277da30724563 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 21 Nov 2023 12:53:44 +0100
Subject: [PATCH 108/148] Removed attribute value set ontology class

---
 .../webapp/auth/policy/PolicyLoader.java      |   8 +-
 .../auth/rules/test_policy_broken_set.n3      |  13 +-
 .../auth/rules/test_policy_valid_set.n3       |   8 -
 .../template_access_allowed_class.n3          |  24 +-
 .../template_access_allowed_property.n3       | 213 +++++++++++++-----
 ...emplate_access_related_allowed_property.n3 |  25 +-
 .../template_not_modifiable_statements.n3     |  18 +-
 .../firsttime/template_simple_permissions.n3  |  20 +-
 ...emplate_update_related_allowed_property.n3 |  32 ++-
 .../vitro-access-control-ontology.n3          |  18 +-
 10 files changed, 209 insertions(+), 170 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index f58cce420e..fdd7a605ab 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -158,9 +158,7 @@ public class PolicyLoader {
             + "      ?decision access:id ?decision_id .\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?check access:values ?attributeValueSet .\n"
-            + "      ?attributeValueSet a access:AttributeValueSet .\n"
-            + "      ?attributeValueSet access:attributeValue ?attributeValue .\n"
+            + "      ?check access:attributeValue ?attributeValue .\n"
             + "      ?attributeValue access:value ?value .\n"
             + "      ?dataSet access:dataSetValues ?attributeValue .\n"
             + "      OPTIONAL {\n"
@@ -292,7 +290,7 @@ public class PolicyLoader {
     public static final String CONSTRUCT_VALUE_CONTAINER_QUERY = ""
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "CONSTRUCT {\n"
-            + "  ?relatedAttributeValueSet access:attributeValue ?valueContainer .\n"
+            + "  ?relatedCheck access:attributeValue ?valueContainer .\n"
             + "  ?valueContainer a access:ValueContainer .\n"
             + "  ?valueContainer access:containerType ?containerType .\n"
             + "  ?valueContainer access:value ?newRoleUri .\n"
@@ -300,7 +298,7 @@ public class PolicyLoader {
             + "}\n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?valueContainerTemplateUri access:relatedValueSet ?relatedAttributeValueSet .\n"
+            + "    ?valueContainerTemplateUri access:relatedValueSet ?relatedCheck .\n"
             + "    ?valueContainerTemplateUri access:containerTypeTemplate ?containerType .\n"
             + "    OPTIONAL {\n"
             + "      ?valueContainerTemplateUri access:defaultValue ?dataValue .\n"
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index b4f9d1d2bf..d24652eae2 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -22,13 +22,14 @@ access-individual:BrokenRule rdf:type access:Rule ;
 access-individual:BrokenSetAttribute1 rdf:type access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:ObjectUri ;
-    access:values access-individual:AttributeValueSet1 ;
+    access:attributeValue access-individual:valueSet1 ;
     .
     
 access-individual:BrokenSetAttribute2 rdf:type access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:ObjectUri ;
-    access:values access-individual:AttributeValueSet2 .
+    access:attributeValue access-individual:valueSet2 ;
+    .
 
 access-individual:testDataSets rdf:type access:PolicyDataSets ;
     access:policyDataSet access-individual:testDataSet1 ;
@@ -40,14 +41,6 @@ access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
 access-individual:testDataSet2 rdf:type access:PolicyDataSet ;
     access:dataSetValues access-individual:valueSet2 .
 
-access-individual:AttributeValueSet1 a access:AttributeValueSet  ;
-    access:attributeValue access-individual:valueSet1 ;
-    .
-
-access-individual:AttributeValueSet2 a access:AttributeValueSet  ;
-    access:attributeValue access-individual:valueSet2 ;
-    .
-
 access-individual:valueSet1 rdf:type access:ValueContainer ;
     access:value <test:value1> ;
     access:value <test:value2> ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index ffd6cde29b..f7de505e17 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -22,10 +22,6 @@ access-individual:ValidRule rdf:type access:Rule ;
 access-individual:ValidAttribute1 rdf:type access:Check ;
      access:operator access-individual:Equals ;
      access:attribute access-individual:AccessObjectUri ;
-     access:values access-individual:AttributeValueSet1 ;
-     .
-
-access-individual:AttributeValueSet1 a access:AttributeValueSet  ;
      access:attributeValue access-individual:valueSet1 ;
      access:attributeValue access-individual:valueSet3 ;
      .
@@ -33,10 +29,6 @@ access-individual:AttributeValueSet1 a access:AttributeValueSet  ;
 access-individual:ValidAttribute2 rdf:type access:Check ;
      access:operator access-individual:Equals ;
      access:attribute access-individual:AccessObjectUri ;
-     access:values access-individual:AttributeValueSet2 ;
-     .
-
-access-individual:AttributeValueSet2 a access:AttributeValueSet  ;
      access:attributeValue access-individual:valueSet4 ;
      access:attributeValue access-individual:valueSet2 ;
      .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 194be0c529..d558fe9991 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -51,11 +51,11 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayClassRoleValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleCheck;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDisplayClassValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedClassValueSet ;
+    access:relatedValueSet :AccessObjectUriCheck ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:Class .
 
@@ -78,11 +78,11 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleUpdateClassRoleValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleCheck;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleUpdateClassValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedClassValueSet ;
+    access:relatedValueSet :AccessObjectUriCheck ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:Class .
 
@@ -105,11 +105,11 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishClassRoleValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleCheck;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePublishClassValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedClassValueSet ;
+    access:relatedValueSet :AccessObjectUriCheck ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:Class .
 
@@ -323,18 +323,12 @@
 :AccessObjectTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:values :AccessObjectTypeValueSet .
-
-:AccessObjectTypeValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:ClassValueContainer ;
     .
 
 :OperationCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:values :OperationValueSet .
-
-:OperationValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:DisplayOperationValueContainer ;
     access:attributeValue access-individual:PublishOperationValueContainer ;
     access:attributeValue access-individual:UpdateOperationValueContainer ;
@@ -343,9 +337,6 @@
 :SubjectRoleCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:values :RoleValueSet .
-
-:RoleValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:PublicRoleValueContainer ;
     access:attributeValue access-individual:SelfEditorRoleValueContainer ;
     access:attributeValue access-individual:EditorRoleValueContainer ;
@@ -355,9 +346,6 @@
 :AccessObjectUriCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:values :AllowedClassValueSet .
-
-:AllowedClassValueSet a access:AttributeValueSet ;
     access:attributeValue :AdminPublishClassValueContainer ;
     access:attributeValue :AdminDisplayClassValueContainer ;
     access:attributeValue :AdminUpdateClassValueContainer ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 8eb503ad16..7ca087cba8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -154,11 +154,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDisplayObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
@@ -182,11 +183,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePublishObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
@@ -210,11 +212,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleAddObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleAddObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
@@ -238,11 +241,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDropObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDropObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
@@ -266,11 +270,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleEditObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleEditObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
@@ -294,11 +299,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDisplayDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
@@ -322,11 +328,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePublishDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
@@ -350,11 +357,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleAddDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleAddDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
@@ -378,11 +386,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDropDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDropDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
@@ -406,11 +415,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleEditDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleEditDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
@@ -434,11 +444,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDisplayFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
@@ -462,11 +473,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePublishFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
@@ -490,11 +502,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleAddFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleAddFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
@@ -518,11 +531,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDropFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDropFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
@@ -546,11 +560,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleEditFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleEditFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
@@ -574,11 +589,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDisplayFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
@@ -602,11 +618,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePublishFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
@@ -630,11 +647,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleAddFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleAddFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
@@ -658,11 +676,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDropFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDropFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
@@ -686,11 +705,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleEditFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleEditFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AllowedPropertyUriValueSet ;
+    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
+    access:relatedValueSet :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
@@ -1740,9 +1760,6 @@
 :AccessObjectTypeEqualsDataSetValue a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:values :AccessObjectTypeValueSet .
-
-:AccessObjectTypeValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:ObjectPropertyValueContainer ;
     access:attributeValue access-individual:DataPropertyValueContainer ;
     access:attributeValue access-individual:FauxObjectPropertyValueContainer ;
@@ -1759,9 +1776,6 @@
 :AccessObjectTypeStatementEquals a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:values :StatementAccessObjectTypeValueSet .
-
-:StatementAccessObjectTypeValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:ObjectPropertyStatementValueContainer ;
     access:attributeValue access-individual:DataPropertyStatementValueContainer ;
     access:attributeValue access-individual:FauxObjectPropertyStatementValueContainer ;
@@ -1771,9 +1785,6 @@
 :OperationEqualsDataSetOperation a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:values :OperationValueSet .
-
-:OperationValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:DisplayOperationValueContainer ;
     access:attributeValue access-individual:PublishOperationValueContainer ;
     access:attributeValue access-individual:EditOperationValueContainer ;
@@ -1784,9 +1795,6 @@
 :SubjectRoleEqualsDataSetRoleAttribute a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:values :RoleValueSet .
-
-:RoleValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:PublicRoleValueContainer ;
     access:attributeValue access-individual:EditorRoleValueContainer ;
     access:attributeValue access-individual:CuratorRoleValueContainer ;
@@ -1795,15 +1803,106 @@
 :StatementPredicateEquals a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:values :AllowedPropertyUriValueSet .
+    access:attributeValue :PublicDisplayObjectPropertyValueContainer ;
+    access:attributeValue :EditorDisplayObjectPropertyValueContainer ;
+    access:attributeValue :CuratorDisplayObjectPropertyValueContainer ;
+    access:attributeValue :AdminDisplayObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicDisplayDataPropertyValueContainer ;
+    access:attributeValue :EditorDisplayDataPropertyValueContainer ;
+    access:attributeValue :CuratorDisplayDataPropertyValueContainer ;
+    access:attributeValue :AdminDisplayDataPropertyValueContainer ;
+
+    access:attributeValue :PublicDisplayFauxObjectPropertyValueContainer ;
+    access:attributeValue :EditorDisplayFauxObjectPropertyValueContainer ;
+    access:attributeValue :CuratorDisplayFauxObjectPropertyValueContainer ;
+    access:attributeValue :AdminDisplayFauxObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicDisplayFauxDataPropertyValueContainer ;   
+    access:attributeValue :EditorDisplayFauxDataPropertyValueContainer ;
+    access:attributeValue :CuratorDisplayFauxDataPropertyValueContainer ;
+    access:attributeValue :AdminDisplayFauxDataPropertyValueContainer ;
+
+    access:attributeValue :EditorPublishObjectPropertyValueContainer ;
+    access:attributeValue :CuratorPublishObjectPropertyValueContainer ;
+    access:attributeValue :AdminPublishObjectPropertyValueContainer ;
+
+    access:attributeValue :EditorPublishDataPropertyValueContainer ;
+    access:attributeValue :CuratorPublishDataPropertyValueContainer ;
+    access:attributeValue :AdminPublishDataPropertyValueContainer ;
+
+    access:attributeValue :EditorPublishFauxObjectPropertyValueContainer ;
+    access:attributeValue :CuratorPublishFauxObjectPropertyValueContainer ;
+    access:attributeValue :AdminPublishFauxObjectPropertyValueContainer ;
+
+    access:attributeValue :EditorPublishFauxDataPropertyValueContainer ;
+    access:attributeValue :CuratorPublishFauxDataPropertyValueContainer ;
+    access:attributeValue :AdminPublishFauxDataPropertyValueContainer ;
+
+    access:attributeValue :PublicEditObjectPropertyValueContainer ;
+    access:attributeValue :EditorEditObjectPropertyValueContainer ;
+    access:attributeValue :CuratorEditObjectPropertyValueContainer ;
+    access:attributeValue :AdminEditObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicAddObjectPropertyValueContainer ;
+    access:attributeValue :EditorAddObjectPropertyValueContainer ;
+    access:attributeValue :CuratorAddObjectPropertyValueContainer ;
+    access:attributeValue :AdminAddObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicDropObjectPropertyValueContainer ;
+    access:attributeValue :EditorDropObjectPropertyValueContainer ;
+    access:attributeValue :CuratorDropObjectPropertyValueContainer ;
+    access:attributeValue :AdminDropObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicEditDataPropertyValueContainer ;
+    access:attributeValue :EditorEditDataPropertyValueContainer ;
+    access:attributeValue :CuratorEditDataPropertyValueContainer ;
+    access:attributeValue :AdminEditDataPropertyValueContainer ;
+
+    access:attributeValue :PublicAddDataPropertyValueContainer ;
+    access:attributeValue :EditorAddDataPropertyValueContainer ;
+    access:attributeValue :CuratorAddDataPropertyValueContainer ;
+    access:attributeValue :AdminAddDataPropertyValueContainer ;
+
+    access:attributeValue :PublicDropDataPropertyValueContainer ;
+    access:attributeValue :EditorDropDataPropertyValueContainer ;
+    access:attributeValue :CuratorDropDataPropertyValueContainer ;
+    access:attributeValue :AdminDropDataPropertyValueContainer ;
+
+    access:attributeValue :PublicEditFauxObjectPropertyValueContainer ;
+    access:attributeValue :EditorEditFauxObjectPropertyValueContainer ;
+    access:attributeValue :CuratorEditFauxObjectPropertyValueContainer ;
+    access:attributeValue :AdminEditFauxObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicAddFauxObjectPropertyValueContainer ;
+    access:attributeValue :EditorAddFauxObjectPropertyValueContainer ;
+    access:attributeValue :CuratorAddFauxObjectPropertyValueContainer ;
+    access:attributeValue :AdminAddFauxObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicDropFauxObjectPropertyValueContainer ;
+    access:attributeValue :EditorDropFauxObjectPropertyValueContainer ;
+    access:attributeValue :CuratorDropFauxObjectPropertyValueContainer ;
+    access:attributeValue :AdminDropFauxObjectPropertyValueContainer ;
+
+    access:attributeValue :PublicEditFauxDataPropertyValueContainer ;
+    access:attributeValue :EditorEditFauxDataPropertyValueContainer ;
+    access:attributeValue :CuratorEditFauxDataPropertyValueContainer ;
+    access:attributeValue :AdminEditFauxDataPropertyValueContainer ;
+
+    access:attributeValue :PublicAddFauxDataPropertyValueContainer ;
+    access:attributeValue :EditorAddFauxDataPropertyValueContainer ;
+    access:attributeValue :CuratorAddFauxDataPropertyValueContainer ;
+    access:attributeValue :AdminAddFauxDataPropertyValueContainer ;
+
+    access:attributeValue :PublicDropFauxDataPropertyValueContainer ;
+    access:attributeValue :EditorDropFauxDataPropertyValueContainer ;
+    access:attributeValue :CuratorDropFauxDataPropertyValueContainer ;
+    access:attributeValue :AdminDropFauxDataPropertyValueContainer ;
+    .
 
 :AccessObjectUriContainsInDataSet a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:values :AllowedPropertyUriValueSet .
-
-:AllowedPropertyUriValueSet a access:AttributeValueSet ;
-
     access:attributeValue :PublicDisplayObjectPropertyValueContainer ;
     access:attributeValue :EditorDisplayObjectPropertyValueContainer ;
     access:attributeValue :CuratorDisplayObjectPropertyValueContainer ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 706b8e8371..00b955ae4a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -155,9 +155,6 @@
 :AccessObjectTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:values :AccessObjectTypeValueSet .
-
-:AccessObjectTypeValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:ObjectPropertyValueContainer ;
     access:attributeValue access-individual:DataPropertyValueContainer ;
     access:attributeValue access-individual:FauxObjectPropertyValueContainer ;
@@ -174,9 +171,6 @@
 :AccessObjectStatementTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:values :StatementAccessObjectTypeValueSet .
-
-:StatementAccessObjectTypeValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:ObjectPropertyStatementValueContainer ;
     access:attributeValue access-individual:DataPropertyStatementValueContainer ;
     access:attributeValue access-individual:FauxObjectPropertyStatementValueContainer ;
@@ -186,9 +180,6 @@
 :OperationCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:values :OperationValueSet .
-
-:OperationValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:DisplayOperationValueContainer ;
     access:attributeValue access-individual:PublishOperationValueContainer ;
     .
@@ -196,22 +187,24 @@
 :SubjectRoleCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:values :RoleValueSet .
-
-:RoleValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:SelfEditorRoleValueContainer .
 
 :StatementPredicateCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:values :AllowedPropertyUriValueSet .
+    access:attributeValue :SelfEditorDisplayObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorDisplayDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorDisplayFauxObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorDisplayFauxDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorPublishObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorPublishDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorPublishFauxObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorPublishFauxDataPropertyValueContainer ;
+    .
 
 :AccessObjectUriCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:values :AllowedPropertyUriValueSet .
-
-:AllowedPropertyUriValueSet a access:AttributeValueSet ;
     access:attributeValue :SelfEditorDisplayObjectPropertyValueContainer ;
     access:attributeValue :SelfEditorDisplayDataPropertyValueContainer ;
     access:attributeValue :SelfEditorDisplayFauxObjectPropertyValueContainer ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index 4d3f9d45e8..35d7f05c27 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -61,32 +61,32 @@
 :PredicateUriStartWithProhibitedNamespace a access:Check ;
     access:operator access-individual:StartsWith ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:values :ProhibitedNamespaceValueSet .
+    access:attributeValue :ProhibitedNamespaceValueContainer .
 
 :PredicateNotANamespaceException a access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:values :ProhibitedNamespaceExceptionsValueSet .
+    access:attributeValue :ProhibitedNamespaceExceptionsValueContainer .
 
 :SubjectUriStartWithProhibitedNamespace a access:Check ;
     access:operator access-individual:StartsWith ;
     access:attribute access-individual:StatementSubjectUri ;
-    access:values :ProhibitedNamespaceValueSet .
+    access:attributeValue :ProhibitedNamespaceValueContainer .
 
 :StatementSubjectNotOneOfProhibitedExceptions a access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:StatementSubjectUri ;
-    access:values :ProhibitedNamespaceExceptionsValueSet .    
+    access:attributeValue :ProhibitedNamespaceExceptionsValueContainer .
 
 :StatementObjectUriStartsWithProhibitedNameSpace a access:Check ;
     access:operator access-individual:StartsWith ;
     access:attribute access-individual:StatementObjectUri ;
-    access:values :ProhibitedNamespaceValueSet .
+    access:attributeValue :ProhibitedNamespaceValueContainer .
 
 :ObjectUriNotOneOfProhibitedExceptions a access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:StatementObjectUri ;
-    access:values :ProhibitedNamespaceExceptionsValueSet .  
+    access:attributeValue :ProhibitedNamespaceExceptionsValueContainer .
 
 ###DataSets
 
@@ -97,12 +97,6 @@
     access:dataSetValues :ProhibitedNamespaceExceptionsValueContainer ;
     access:dataSetValues :ProhibitedNamespaceValueContainer .
 
-:ProhibitedNamespaceValueSet a access:AttributeValueSet ;
-    access:attributeValue :ProhibitedNamespaceValueContainer .
-
-:ProhibitedNamespaceExceptionsValueSet a access:AttributeValueSet ;
-    access:attributeValue :ProhibitedNamespaceExceptionsValueContainer .
-
 :ProhibitedNamespaceExceptionsValueContainer a access:ValueContainer ;
     .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 9d8773a4a7..b6a0d4cf31 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -36,11 +36,11 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedValueSet :SubjectRoleEqualsDataSetRole;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePermissionValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :TypeValueSet;
+    access:relatedValueSet :PermissionNameAllowed;
     access:defaultValue simplePermission:PageViewablePublic;
     access:defaultValue simplePermission:QueryFullModel ;
     access:containerTypeTemplate access-individual:NamedObject .
@@ -114,20 +114,17 @@
 :PermissionNameAllowed a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:values :TypeValueSet .
-
-:IsSimplePermission a access:Check ;
-    access:operator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
-    access:singleValue access-individual:NamedObject .
-
-:TypeValueSet a access:AttributeValueSet ;
     access:attributeValue :PublicSimplePermissionValueContainer ;
     access:attributeValue :SelfEditorSimplePermissionValueContainer ;
     access:attributeValue :EditorSimplePermissionValueContainer ;
     access:attributeValue :CuratorSimplePermissionValueContainer ;
     access:attributeValue :AdminSimplePermissionValueContainer .
 
+:IsSimplePermission a access:Check ;
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:singleValue access-individual:NamedObject .
+
 :PublicSimplePermissionValueContainer a access:ValueContainer ;
     access:containerType access-individual:NamedObject .
 :SelfEditorSimplePermissionValueContainer a access:ValueContainer ;
@@ -142,9 +139,6 @@
 :SubjectRoleEqualsDataSetRole a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:values :RoleValueSet .
-
-:RoleValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:PublicRoleValueContainer ;
     access:attributeValue access-individual:SelfEditorRoleValueContainer ;
     access:attributeValue access-individual:EditorRoleValueContainer ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 8af4a433c0..fd4723c310 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -222,9 +222,6 @@
 :AccessObjectTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:values :AccessObjectTypeValueSet .
-
-:AccessObjectTypeValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:ObjectPropertyValueContainer ;
     access:attributeValue access-individual:DataPropertyValueContainer ;
     access:attributeValue access-individual:FauxObjectPropertyValueContainer ;
@@ -247,9 +244,6 @@
 :AccessObjectStatementTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:values :StatementAccessObjectTypeValueSet .
-
-:StatementAccessObjectTypeValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:ObjectPropertyStatementValueContainer ;
     access:attributeValue access-individual:DataPropertyStatementValueContainer ;
     access:attributeValue access-individual:FauxObjectPropertyStatementValueContainer ;
@@ -259,9 +253,6 @@
 :OperationCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:values :OperationValueSet .
-
-:OperationValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:AddOperationValueContainer ;
     access:attributeValue access-individual:DropOperationValueContainer ;
     access:attributeValue access-individual:EditOperationValueContainer ;
@@ -270,23 +261,30 @@
 :SubjectRoleCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:values :RoleValueSet .
-
-:RoleValueSet a access:AttributeValueSet ;
     access:attributeValue access-individual:SelfEditorRoleValueContainer .
 
 :StatementPredicateCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:values :AllowedPropertyUriValueSet .
+    access:attributeValue :SelfEditorAddObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorAddDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorAddFauxObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorAddFauxDataPropertyValueContainer ;
+
+    access:attributeValue :SelfEditorEditObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorEditDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorEditFauxObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorEditFauxDataPropertyValueContainer ;
+
+    access:attributeValue :SelfEditorDropObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorDropDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorDropFauxObjectPropertyValueContainer ;
+    access:attributeValue :SelfEditorDropFauxDataPropertyValueContainer ;
+    .
 
 :AccessObjectUriCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:values :AllowedPropertyUriValueSet .
-
-:AllowedPropertyUriValueSet a access:AttributeValueSet ;
-
     access:attributeValue :SelfEditorAddObjectPropertyValueContainer ;
     access:attributeValue :SelfEditorAddDataPropertyValueContainer ;
     access:attributeValue :SelfEditorAddFauxObjectPropertyValueContainer ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 1ee1e66afc..a5f2577ffb 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -63,10 +63,6 @@
     rdfs:comment "Resource represents single attribute value, usually specified as literal with :id ";
     rdfs:label "Attribute value"@en-US .
 
-:AttributeValueSet a owl:Class ;
-    rdfs:comment "Container of attribute values to use in checks, should contain all value containers related to the check.";
-    rdfs:label "Attribute value set"@en-US .
-
 :Decision a owl:Class ;
     rdfs:comment "Decision to return in case all checks in a rule match";
     rdfs:label "Decision"@en-US .
@@ -139,12 +135,6 @@
     rdfs:domain :Check ;
     rdfs:range :Attribute .
 
-:values a owl:ObjectProperty ;
-    rdfs:comment "Assign values to :Check";
-    rdfs:label "values"@en-US ;
-    rdfs:domain :Check ;
-    rdfs:range :AttributeValueSet .
-
 :defaultValue a owl:ObjectProperty ;
     rdfs:comment "default value to add into new value container";
     rdfs:label "default template value"@en-US ;
@@ -158,16 +148,16 @@
     rdfs:domain :ValueContainerTemplate .
 
 :attributeValue a owl:ObjectProperty ;
-    rdfs:comment "Value set contains value container";
+    rdfs:comment "Check contains value container";
     rdfs:label "attribute value"@en-US ;
-    rdfs:domain :AttributeValueSet ;
+    rdfs:domain :Check ;
     rdfs:range :ValueContainer .
 
 :relatedValueSet a owl:ObjectProperty ;
-    rdfs:comment "Specify :AttributeValueSet into which new ValueContainer should be added";
+    rdfs:comment "Specify :Check into which new ValueContainer should be added";
     rdfs:label "related value set"@en-US ;
     rdfs:domain :ValueContainerTemplate ;
-    rdfs:range :AttributeValueSet .
+    rdfs:range :Check .
 
 :dataSetTemplateKey a owl:ObjectProperty, 
     owl:FunctionalProperty ;

From 8b3d1bafb72872e5ef83a19c5cb51f7a68d3bf2b Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 21 Nov 2023 13:18:04 +0100
Subject: [PATCH 109/148] Removed Rules ontology class

---
 .../webapp/auth/policy/PolicyLoader.java      | 15 ++--
 .../webapp/auth/rules/data_set_templates.n3   |  3 +-
 .../auth/rules/proximity_test_policy.n3       | 23 +++----
 .../webapp/auth/rules/test_policy_broken1.n3  | 25 +++----
 .../webapp/auth/rules/test_policy_broken2.n3  | 25 +++----
 .../webapp/auth/rules/test_policy_broken3.n3  | 27 ++++----
 .../webapp/auth/rules/test_policy_broken4.n3  | 25 +++----
 .../webapp/auth/rules/test_policy_broken5.n3  | 37 +++++-----
 .../auth/rules/test_policy_broken_set.n3      |  3 -
 .../webapp/auth/rules/test_policy_key.n3      | 25 +++----
 .../webapp/auth/rules/test_policy_valid.n3    | 17 ++---
 .../auth/rules/test_policy_valid_set.n3       | 69 +++++++++----------
 .../firsttime/policy_editable_pages.n3        |  3 -
 .../firsttime/policy_menu_items_editing.n3    |  3 -
 .../firsttime/policy_root_user.n3             |  3 -
 .../template_access_allowed_class.n3          |  7 +-
 .../template_access_allowed_property.n3       |  9 +--
 ...emplate_access_related_allowed_property.n3 |  9 +--
 .../template_not_modifiable_statements.n3     |  3 -
 .../firsttime/template_simple_permissions.n3  |  5 +-
 ...emplate_update_related_allowed_property.n3 |  9 +--
 .../vitro-access-control-ontology.n3          | 12 +---
 22 files changed, 137 insertions(+), 220 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index fdd7a605ab..3a53c69744 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -97,12 +97,11 @@ public class PolicyLoader {
     private static final String NO_DATASET_RULES_QUERY = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "SELECT DISTINCT ?policyUri ?rules ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id \n"
+            + "SELECT DISTINCT ?policyUri ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "?policy a access:Policy .\n"
-            + "?policy access:rules ?rules . \n"
-            + "?rules access:rule ?rule . \n"
+            + "?policy access:rule ?rule . \n"
             + "?rule access:check ?check .\n"
             + "OPTIONAL {\n"
             + "  ?check access:operator ?checkTest .\n"
@@ -129,16 +128,14 @@ public class PolicyLoader {
     private static final String DATASET_RULES_QUERY = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "SELECT DISTINCT ?policyUri ?rules ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id "
+            + "SELECT DISTINCT ?policyUri ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id "
             + " ?dataSetUri ?attributeValue ?containerType \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?policy a access:PolicyTemplate .\n"
-            + "    ?policy access:rules ?rules .\n"
             + "    ?policy access:policyDataSets ?policyDataSets .\n"
             + "    ?policyDataSets access:policyDataSet ?dataSet .\n"
-            + "    ?rules a access:Rules .\n"
-            + "    ?rules access:rule ?rule .\n"
+            + "    ?policy access:rule ?rule .\n"
             + "    ?rule access:check ?check .\n"
             + "    ?check a access:Check .\n"
             + "    OPTIONAL {\n"
@@ -748,10 +745,6 @@ private static boolean isInvalidPolicySolution(QuerySolution qs) {
             return true;
         }
         String policy = qs.get("policyUri").asResource().getURI();
-        if (!qs.contains("rules") || !qs.get("rules").isResource()) {
-            log.debug(String.format("Query solution for policy <%s> doesn't contain rules uri", policy));
-            return true;
-        }
         if (!qs.contains("rule") || !qs.get("rule").isResource()) {
             log.debug(String.format("Query solution for policy <%s> doesn't contain rule uri", policy));
             return true;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index f99e7f36a5..50fe9d15dc 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -11,8 +11,7 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/test-data-set-templates/> .
 
 :PolicyTemplate a access:PolicyTemplate ;
-    access:policyDataSets :DataSets ;
-    access:rules :RuleSet .
+    access:policyDataSets :DataSets .
 
 :DataSets a access:PolicyDataSets ;
     access:policyDataSetTemplate :RoleDataSetTemplate1 ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
index 6a06235f39..7c1c214ef3 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
@@ -9,22 +9,19 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:ProximityTestPolicy rdf:type access:Policy ;
-          access:rules access-individual:ProximityRuleSet .
-
-access-individual:ProximityRuleSet rdf:type access:Rules ;
-          access:rule access-individual:AllowPersonEditOwnPublication .
+    access:rule access-individual:AllowPersonEditOwnPublication .
           
 access-individual:AllowPersonEditOwnPublication rdf:type access:Rule ;
-          access:check access-individual:PublicationInProximityAttribute .
+    access:check access-individual:PublicationInProximityAttribute .
           
 access-individual:PublicationInProximityAttribute rdf:type access:Check ;
-         access:operator access-individual:SparqlSelectQueryContains ;
-         access:attribute access-individual:StatementSubjectUri ;
-         access:singleValue access-individual:PublicationProximityToPerson .
+    access:operator access-individual:SparqlSelectQueryContains ;
+    access:attribute access-individual:StatementSubjectUri ;
+    access:singleValue access-individual:PublicationProximityToPerson .
 
 access-individual:PublicationProximityToPerson rdf:type access:ValueContainer ;
-        access:id """
-        SELECT ?resourceUri WHERE {
-                  ?personUri <test:has_publication> ?resourceUri .
-        }
-        """ .
+    access:id """
+    SELECT ?resourceUri WHERE {
+              ?personUri <test:has_publication> ?resourceUri .
+    }
+    """ .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
index bceb8328ae..6407502098 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
@@ -9,21 +9,18 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenPolicyBrokenTestType rdf:type access:Policy ;
-          access:rules access-individual:BrokenTestPolicyRuleSet .
-
-access-individual:BrokenTestPolicyRuleSet rdf:type access:Rules ;
-          access:rule access-individual:BrokenTestRule .
-          
+    access:rule access-individual:BrokenTestRule .
+  
 access-individual:BrokenTestRule rdf:type access:Rule ;
-          access:check access-individual:ValidTestAttribute ;
-          access:check access-individual:BrokenTestAttribute .
-          
+    access:check access-individual:ValidTestAttribute ;
+    access:check access-individual:BrokenTestAttribute .
+  
 access-individual:BrokenTestAttribute rdf:type access:Check ;
-         access:attribute access-individual:Operation ;
-         access:singleValue access-individual:PublishOperation .
-         
+    access:attribute access-individual:Operation ;
+    access:singleValue access-individual:PublishOperation .
+ 
 access-individual:ValidTestAttribute rdf:type access:Check ;
-         access:operator access-individual:Equals ;
-         access:attribute access-individual:Operation ;
-         access:singleValue access-individual:PublishOperation .
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:singleValue access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
index 7e5b37195a..f08543cdc9 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
@@ -9,21 +9,18 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenPolicyType rdf:type access:Policy ;
-          access:rules access-individual:BrokenTestPolicyRuleSet .
-
-access-individual:BrokenTestPolicyRuleSet rdf:type access:Rules ;
-          access:rule access-individual:BrokenTestRule .
-          
+    access:rule access-individual:BrokenTestRule .
+  
 access-individual:BrokenTestRule rdf:type access:Rule ;
-          access:check access-individual:ValidTestAttribute ;
-          access:check access-individual:BrokenTestAttribute .
-          
+    access:check access-individual:ValidTestAttribute ;
+    access:check access-individual:BrokenTestAttribute .
+  
 access-individual:BrokenTestAttribute rdf:type access:Check ;
-         access:operator access-individual:Equals ;
-         access:singleValue access-individual:PublishOperation .
-         
+    access:operator access-individual:Equals ;
+    access:singleValue access-individual:PublishOperation .
+ 
 access-individual:ValidTestAttribute rdf:type access:Check ;
-         access:operator access-individual:Equals ;
-         access:attribute access-individual:Operation ;
-         access:singleValue access-individual:PublishOperation .
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:singleValue access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
index 2c734b916a..95c5ad37dd 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
@@ -9,22 +9,19 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenPolicyBrokenTestTypeId rdf:type access:Policy ;
-          access:rules access-individual:BrokenTestPolicyRuleSet .
-
-access-individual:BrokenTestPolicyRuleSet rdf:type access:Rules ;
-          access:rule access-individual:BrokenTestRule .
-          
+    access:rule access-individual:BrokenTestRule .
+  
 access-individual:BrokenTestRule rdf:type access:Rule ;
-          access:check access-individual:ValidTestAttribute ;
-          access:check access-individual:BrokenTestAttribute .
-          
+    access:check access-individual:ValidTestAttribute ;
+    access:check access-individual:BrokenTestAttribute .
+  
 access-individual:BrokenTestAttribute rdf:type access:Check ;
-         access:operator access-individual:UnknownTest ;
-         access:attribute access-individual:Operation ;
-         access:singleValue access-individual:PublishOperation .
-         
+    access:operator access-individual:UnknownTest ;
+    access:attribute access-individual:Operation ;
+    access:singleValue access-individual:PublishOperation .
+ 
 access-individual:ValidTestAttribute rdf:type access:Check ;
-         access:operator access-individual:Equals ;
-         access:attribute access-individual:Operation ;
-         access:singleValue access-individual:PublishOperation .
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:singleValue access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
index f268d2bd82..8dd03f4744 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
@@ -9,22 +9,19 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenPolicyTypeId rdf:type access:Policy ;
-          access:rules access-individual:BrokenTestPolicyRuleSet .
+    access:rule access-individual:BrokenTestRule .
 
-access-individual:BrokenTestPolicyRuleSet rdf:type access:Rules ;
-          access:rule access-individual:BrokenTestRule .
-          
 access-individual:BrokenTestRule rdf:type access:Rule ;
-          access:check access-individual:ValidTestAttribute ;
-          access:check access-individual:BrokenTestAttribute .
-          
+    access:check access-individual:ValidTestAttribute ;
+    access:check access-individual:BrokenTestAttribute .
+
 access-individual:BrokenTestAttribute rdf:type access:Check ;
-         access:operator access-individual:Equals ;
-         access:attribute access-individual:UnknownType ;
-         access:singleValue access-individual:PublishOperation .
-         
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:UnknownType ;
+    access:singleValue access-individual:PublishOperation .
+
 access-individual:ValidTestAttribute rdf:type access:Check ;
-         access:operator access-individual:Equals ;
-         access:attribute access-individual:Operation ;
-         access:singleValue access-individual:PublishOperation .
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:singleValue access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index 547376e67e..6651ddb60e 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -9,34 +9,31 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenTestSetPolicy rdf:type access:Policy ;
-          access:policyDataSets access-individual:testDataSets ;
-          access:rules access-individual:BrokenRuleSet .
+    access:policyDataSets access-individual:testDataSets ;
+    access:rule access-individual:BrokenRule .
 
-access-individual:BrokenRuleSet rdf:type access:Rules ;
-          access:rule access-individual:BrokenRule .
-          
 access-individual:BrokenRule rdf:type access:Rule ;
-          access:check access-individual:BrokenAttribute1 ;
-          access:check access-individual:BrokenAttribute2 .
-          
+    access:check access-individual:BrokenAttribute1 ;
+    access:check access-individual:BrokenAttribute2 .
+
 access-individual:BrokenAttribute1 rdf:type access:Check ;
-         access:operator access-individual:Equals ;
-         access:attribute access-individual:ObjectUri ;
-         access:setValue access-individual:valueSet1 .
-         
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:ObjectUri ;
+    access:setValue access-individual:valueSet1 .
+
 access-individual:BrokenAttribute2 rdf:type access:Check ;
-         access:operator access-individual:Equals ;
-         access:attribute access-individual:ObjectUri ;
-         access:setValue access-individual:valueSet2 .
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:ObjectUri ;
+    access:setValue access-individual:valueSet2 .
 
 access-individual:testDataSets rdf:type access:PolicyDataSets ;
-          access:policyDataSet access-individual:testDataSet1 .
+    access:policyDataSet access-individual:testDataSet1 .
 
 access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
-          access:dataSetValues access-individual:valueSet1 .
+    access:dataSetValues access-individual:valueSet1 .
 
 access-individual:valueSet1 rdf:type access:ValueContainer ;
-        access:value <test:value1> ;
-        access:value <test:value2> ;
-        .        
+    access:value <test:value1> ;
+    access:value <test:value2> ;
+    .    
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index d24652eae2..0aca1dcc01 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -10,9 +10,6 @@
 
 access-individual:BrokenTestSetPolicy rdf:type access:Policy ;
     access:policyDataSets access-individual:testDataSets ;
-    access:rules access-individual:BrokenRuleSet .
-
-access-individual:BrokenRuleSet rdf:type access:Rules ;
     access:rule access-individual:BrokenRule .
     
 access-individual:BrokenRule rdf:type access:Rule ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
index 44f8d02032..ecb795ca5b 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -9,21 +9,18 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:KeyTestPolicy rdf:type access:Policy ;
-          access:policyKey access-individual:PolicyKeyTest ;
-          access:rules access-individual:KeyTestRuleSet .
-
-access-individual:KeyTestRuleSet rdf:type access:Rules ;
-          access:rule access-individual:KeyTestRule .
-          
+    access:policyKey access-individual:PolicyKeyTest ;
+    access:rule access-individual:KeyTestRule .
+    
 access-individual:KeyTestRule rdf:type access:Rule ;
-          access:check access-individual:KeyTestAttribute .
-          
+    access:check access-individual:KeyTestAttribute .
+    
 access-individual:KeyTestAttribute rdf:type access:Check ;
-         access:operator access-individual:Equals ;
-         access:attribute access-individual:Operation ;
-         access:singleValue access-individual:PublishOperation .
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:singleValue access-individual:PublishOperation .
 
 access-individual:PolicyKeyTest rdf:type access:PolicyKey ;
-          access:keyComponent access-individual:ObjectPropertyAccesObject ;
-          access:keyComponent auth:ADMIN ;
-          access:keyComponent access-individual:DisplayOperation .
+    access:keyComponent access-individual:ObjectPropertyAccesObject ;
+    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:DisplayOperation .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
index 1839d8098e..115753d4c2 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
@@ -9,16 +9,13 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:ValidTestPolicy rdf:type access:Policy ;
-          access:rules access-individual:ValidRuleSet .
-
-access-individual:ValidRuleSet rdf:type access:Rules ;
-          access:rule access-individual:ValidRule .
-          
+    access:rule access-individual:ValidRule .
+    
 access-individual:ValidRule rdf:type access:Rule ;
-          access:check access-individual:ValidAttribute .
-          
+    access:check access-individual:ValidAttribute .
+    
 access-individual:ValidAttribute rdf:type access:Check ;
-         access:operator access-individual:Equals ;
-         access:attribute access-individual:Operation ;
-         access:singleValue access-individual:PublishOperation .
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:singleValue access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index f7de505e17..98aa373a59 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -9,54 +9,51 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:ValidTestSetPolicy rdf:type access:PolicyTemplate ;
-      access:policyDataSets access-individual:testDataSets1 ;
-      access:rules access-individual:ValidRuleSet .
-
-access-individual:ValidRuleSet rdf:type access:Rules ;
-      access:rule access-individual:ValidRule .
-      
+    access:policyDataSets access-individual:testDataSets1 ;
+    access:rule access-individual:ValidRule .
+    
 access-individual:ValidRule rdf:type access:Rule ;
-      access:check access-individual:ValidAttribute1 ;
-      access:check access-individual:ValidAttribute2 .
-      
+    access:check access-individual:ValidAttribute1 ;
+    access:check access-individual:ValidAttribute2 .
+    
 access-individual:ValidAttribute1 rdf:type access:Check ;
-     access:operator access-individual:Equals ;
-     access:attribute access-individual:AccessObjectUri ;
-     access:attributeValue access-individual:valueSet1 ;
-     access:attributeValue access-individual:valueSet3 ;
-     .
-     
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectUri ;
+    access:attributeValue access-individual:valueSet1 ;
+    access:attributeValue access-individual:valueSet3 ;
+    .
+    
 access-individual:ValidAttribute2 rdf:type access:Check ;
-     access:operator access-individual:Equals ;
-     access:attribute access-individual:AccessObjectUri ;
-     access:attributeValue access-individual:valueSet4 ;
-     access:attributeValue access-individual:valueSet2 ;
-     .
+    access:operator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectUri ;
+    access:attributeValue access-individual:valueSet4 ;
+    access:attributeValue access-individual:valueSet2 ;
+    .
 
 access-individual:testDataSets1 rdf:type access:PolicyDataSets ;
-     access:policyDataSet access-individual:testDataSet2 ;
-     access:policyDataSet access-individual:testDataSet1 .
+    access:policyDataSet access-individual:testDataSet2 ;
+    access:policyDataSet access-individual:testDataSet1 .
 
 access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
-     access:dataSetValues access-individual:valueSet2 ;
-     access:dataSetValues access-individual:valueSet1 .
-     
+    access:dataSetValues access-individual:valueSet2 ;
+    access:dataSetValues access-individual:valueSet1 .
+    
 access-individual:testDataSet2 rdf:type access:PolicyDataSet ;
-     access:dataSetValues access-individual:valueSet3 ;
-     access:dataSetValues access-individual:valueSet4 .
+    access:dataSetValues access-individual:valueSet3 ;
+    access:dataSetValues access-individual:valueSet4 .
 
 access-individual:valueSet1 rdf:type access:ValueContainer ;
-     access:value <test:value1> ;
-     .
+    access:value <test:value1> ;
+    .
     
 access-individual:valueSet2 rdf:type access:ValueContainer ;
-     access:value <test:value2> ;
-     .
-     
+    access:value <test:value2> ;
+    .
+    
 access-individual:valueSet3 rdf:type access:ValueContainer ;
-     access:value <test:value3> ;
-     .
+    access:value <test:value3> ;
+    .
     
 access-individual:valueSet4 rdf:type access:ValueContainer ;
-     access:value <test:value4> ;
-     .
+    access:value <test:value4> ;
+    .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index ef8259b1c1..720c842235 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -6,9 +6,6 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/edit-individual-pages/> .
 
 :Policy a access:Policy ;
-    access:rules :RuleSet .
-
-:RuleSet a access:Rules ;
     access:rule :AllowEditRelatedPagesRule ;
     access:rule :AllowEditIndividualPagesRule .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
index 3620343d6e..d63711f0e0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
@@ -6,9 +6,6 @@
 
 :Policy a access:Policy ;
     access:priority 9000 ;
-    access:rules :RuleSet .
-
-:RuleSet a access:Rules ;
     access:rule :RestrictEdit ;
     access:rule :RestrictDrop .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
index 4720349408..afb3df61e2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
@@ -6,9 +6,6 @@
 
 :Policy a access:Policy ;
     access:priority 10000 ;
-    access:rules :RuleSet .
-
-:RuleSet a access:Rules ;
     access:rule :AllowRootUserRule .
 
 :AllowRootUserRule a access:Rule;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index d558fe9991..58e04fb18b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -6,7 +6,7 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-class/> .
 
 :PolicyTemplate a access:PolicyTemplate ;
-    access:rules :RuleSet ;
+    access:rule :AllowMatchingClass ;
     access:policyDataSets :DataSets .
 
 :DataSets a access:PolicyDataSets ;
@@ -309,11 +309,6 @@
     access:keyComponent auth:ADMIN ;
     access:keyComponent access-individual:PublishOperation .
 
-### Rules
-
-:RuleSet a access:Rules ;
-    access:rule :AllowMatchingClass .
-
 :AllowMatchingClass a access:Rule;
     access:check :SubjectRoleCheck ;
     access:check :OperationCheck ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 7ca087cba8..d9bd61d197 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -6,7 +6,8 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 
 :PolicyTemplate a access:PolicyTemplate ;
-    access:rules :RuleSet ;
+    access:rule :AllowMatchingPropertyStatement ;
+    access:rule :AllowMatchingProperty ;
     access:policyDataSets :DataSets .
 
 :DataSets a access:PolicyDataSets ;
@@ -1745,12 +1746,6 @@
     access:keyComponent auth:ADMIN ;
     access:keyComponent access-individual:PublishOperation .
 
-### Rules
-
-:RuleSet a access:Rules ;
-    access:rule :AllowMatchingPropertyStatement ;
-    access:rule :AllowMatchingProperty .
-
 :AllowMatchingProperty a access:Rule;
     access:check :SubjectRoleEqualsDataSetRoleAttribute ;
     access:check :OperationEqualsDataSetOperation ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 00b955ae4a..d311675364 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -6,7 +6,8 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/related-allowed-property/> .
 
 :PolicyTemplate a access:PolicyTemplate ;
-    access:rules :RuleSet ;
+    access:rule :AllowMatchingPropertyStatement ;
+    access:rule :AllowMatchingProperty ;
     access:policyDataSets :DataSets .
 
 :DataSets a access:PolicyDataSets ;
@@ -140,12 +141,6 @@
     access:keyComponent auth:SELF_EDITOR ;
     access:keyComponent access-individual:PublishOperation .
 
-### Rules
-
-:RuleSet a access:Rules ;
-    access:rule :AllowMatchingPropertyStatement ;
-    access:rule :AllowMatchingProperty .
-
 :AllowMatchingProperty a access:Rule;
     access:check :SubjectRoleCheck ;
     access:check :OperationCheck ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index 35d7f05c27..6e6d3d05d1 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -7,9 +7,6 @@
 :PolicyTemplate a access:PolicyTemplate ;
     access:priority 8000 ;
     access:policyDataSets :DataSets ;
-    access:rules :RuleSet .
-
-:RuleSet a access:Rules ;
     access:rule :RestrictObjectPropertyStatementsWithNotModifiablePredicate ;
     access:rule :RestrictObjectPropertyStatementsWithNotModifiableSubject ;
     access:rule :RestrictObjectPropertyStatementsWithNotModifiableObject ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index b6a0d4cf31..dd31e9554e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -9,7 +9,7 @@
 :PolicyTemplate a access:PolicyTemplate ;
     access:priority 1000 ;
     access:policyDataSets :DataSets ;
-    access:rules :RuleSet .
+    access:rule :AllowSimplePermission .
 
 :DataSets a access:PolicyDataSets ;
     access:policyDataSetTemplate :RoleDataSetTemplate ;
@@ -97,9 +97,6 @@
     access:keyComponent access-individual:ExecuteOperation ;
     access:keyComponent auth:ADMIN .
 
-:RuleSet a access:Rules ;
-    access:rule :AllowSimplePermission .
-
 :AllowSimplePermission a access:Rule;
     access:check :IsSimplePermission ;
     access:check :IsExecuteOperation ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index fd4723c310..e8b66c4c94 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -6,7 +6,8 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/update-related-allowed-property/> .
 
 :PolicyTemplate a access:PolicyTemplate ;
-    access:rules :RuleSet ;
+    access:rule :AllowMatchingPropertyStatement ;
+    access:rule :AllowMatchingProperty ;
     access:policyDataSets :DataSets .
 
 :DataSets a access:PolicyDataSets ;
@@ -207,12 +208,6 @@
     access:keyComponent auth:SELF_EDITOR ;
     access:keyComponent access-individual:EditOperation .
 
-### Rules
-
-:RuleSet a access:Rules ;
-    access:rule :AllowMatchingPropertyStatement ;
-    access:rule :AllowMatchingProperty .
-
 :AllowMatchingProperty a access:Rule;
     access:check :SubjectRoleCheck ;
     access:check :OperationCheck ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index a5f2577ffb..a4c2e84933 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -31,10 +31,6 @@
     rdfs:comment "Contains checks to perform. If all checks match, rule returns decision.";
     rdfs:label "Access rule"@en-US .
 
-:Rules a owl:Class ;
-    rdfs:comment "Container for rules";
-    rdfs:label "Access rule set"@en-US .
-
 :Check a owl:Class ;
     rdfs:comment "Check to perform on attribute of request";
     rdfs:label "Access rule check"@en-US .
@@ -190,12 +186,6 @@
     rdfs:domain :Rule ;
     rdfs:range :Decision .    
 
-:rules a owl:ObjectProperty ;
-    rdfs:comment "Contains rules";
-    rdfs:label "rules"@en-US ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Policy :PolicyTemplate ) ] ;
-    rdfs:range :Rules .
-
 :policyDataSets a owl:ObjectProperty ;
     rdfs:comment "Contains policy data sets";
     rdfs:label "policy data sets"@en-US ;
@@ -222,7 +212,7 @@
 :rule a owl:ObjectProperty ;
     rdfs:comment "Contains a rule";
     rdfs:label "rule"@en-US ;
-    rdfs:domain :Rules ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Policy :PolicyTemplate ) ] ;
     rdfs:range :Rule .
 
 :dataSetKey a owl:ObjectProperty ;

From a3a72418e2dea5a1f570732e897f1c2619c1cabc Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Tue, 21 Nov 2023 14:16:15 +0100
Subject: [PATCH 110/148] Removed PolicyDataSets ontology class

---
 .../webapp/auth/policy/PolicyLoader.java      | 27 ++++++++-----------
 .../webapp/auth/policy/PolicyLoaderTest.java  |  4 +--
 .../webapp/auth/rules/data_set_templates.n3   |  3 ---
 .../webapp/auth/rules/test_policy_broken5.n3  |  5 +---
 .../auth/rules/test_policy_broken_set.n3      |  7 ++---
 .../auth/rules/test_policy_valid_set.n3       |  7 ++---
 .../template_access_allowed_class.n3          |  2 --
 .../template_access_allowed_property.n3       |  2 --
 ...emplate_access_related_allowed_property.n3 |  2 --
 .../template_not_modifiable_statements.n3     |  7 +----
 .../firsttime/template_simple_permissions.n3  |  5 +---
 ...emplate_update_related_allowed_property.n3 |  5 +---
 .../vitro-access-control-ontology.n3          | 20 +++++---------
 13 files changed, 28 insertions(+), 68 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 3a53c69744..ba431fd576 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -74,9 +74,8 @@ public class PolicyLoader {
             + "SELECT DISTINCT ?" + PRIORITY + " \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?policy access:priority ?set_priority .\n"
-            + "    ?policy access:policyDataSets ?dataSets .\n"
-            + "    ?dataSets access:policyDataSet ?dataSet .\n"
+            + "    ?policyTemplate access:priority ?set_priority .\n"
+            + "    ?policyTemplate access:policyDataSet ?dataSet .\n"
             + "    OPTIONAL {?policy access:priority ?policyPriority" + " . }\n"
             + "    OPTIONAL {?dataSet access:priority ?dataSetPriority" + " . }\n"
             + "    BIND(COALESCE(?dataSetPriority, ?policyPriority, 0 ) as ?" + PRIORITY + " ) .\n"
@@ -89,8 +88,7 @@ public class PolicyLoader {
             + "SELECT DISTINCT ?dataSet \n" + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "       ?policy a access:PolicyTemplate .\n"
-            + "       ?policy access:policyDataSets ?dataSets .\n"
-            + "       ?dataSets access:policyDataSet ?dataSet .\n"
+            + "       ?policy access:policyDataSet ?dataSet .\n"
             + "  }\n"
             + "} ORDER BY ?dataSet";
 
@@ -133,8 +131,7 @@ public class PolicyLoader {
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?policy a access:PolicyTemplate .\n"
-            + "    ?policy access:policyDataSets ?policyDataSets .\n"
-            + "    ?policyDataSets access:policyDataSet ?dataSet .\n"
+            + "    ?policy access:policyDataSet ?dataSet .\n"
             + "    ?policy access:rule ?rule .\n"
             + "    ?rule access:check ?check .\n"
             + "    ?check a access:Check .\n"
@@ -180,8 +177,7 @@ public class PolicyLoader {
             + POLICY + " ?dataSet ?testData ?value ?valueId ?valueContainer ( COUNT(?key) AS ?keySize ) \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "  ?" + POLICY + " access:policyDataSets ?policyDataSets .\n"
-            + "  ?policyDataSets access:policyDataSet ?dataSet .\n"
+            + "  ?" + POLICY + " access:policyDataSet ?dataSet .\n"
             + "  ?dataSet access:dataSetKey ?dataSetKeyUri .\n"
             + "  ?dataSet access:dataSetValues ?valueContainer .\n"
             + "  ?valueContainer access:containerType ?containerType .\n"
@@ -203,8 +199,7 @@ public class PolicyLoader {
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "  ?dataSet access:dataSetKey ?dataSetKeyUri .\n"
-            + "  ?" + POLICY + " access:policyDataSets ?policyDataSets .\n"
-            + "  ?policyDataSets access:policyDataSet ?dataSet . \n"
+            + "  ?" + POLICY + " access:policyDataSet ?dataSet . \n"
             + "  ?dataSet access:dataSetValues ?valueContainer . \n"
             + "  ?valueContainer access:containerType ?containerTypeUri . \n"
             + "  ?containerTypeUri access:id ?containerType . \n";
@@ -214,16 +209,16 @@ public class PolicyLoader {
     public static final String DATA_SET_TEMPLATES_QUERY = ""
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/>\n"
-            + "SELECT ?dataSetTemplate ?dataSets ( COUNT(?key) AS ?keySize )\n"
+            + "SELECT ?dataSetTemplate ?policyTemplate ( COUNT(?key) AS ?keySize )\n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSets access:policyDataSetTemplate ?dataSetTemplate .\n"
+            + "    ?policyTemplate access:policyDataSetTemplate ?dataSetTemplate .\n"
             + "    ?dataSetTemplate access:dataSetTemplateKey ?dataSetTemplateKey .\n"
             + "    ?dataSetTemplateKey access:templateKey access-individual:SubjectRole .\n"
             + "    ?dataSetTemplateKey access:templateKey ?key .\n"
             + "  }\n"
             + "}\n"
-            + "GROUP BY ?dataSetTemplate ?dataSets";
+            + "GROUP BY ?dataSetTemplate ?policyTemplate";
 
     public static final String DATA_SET_KEY_TEMPLATE_QUERY = ""
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
@@ -871,11 +866,11 @@ protected void processQuerySolution(QuerySolution qs) {
                     if (!qs.contains("dataSetTemplate") || !qs.get("dataSetTemplate").isResource()) {
                         return;
                     }
-                    if (!qs.contains("dataSets") || !qs.get("dataSets").isResource()) {
+                    if (!qs.contains("policyTemplate") || !qs.get("policyTemplate").isResource()) {
                         return;
                     }
                     dataSetTemplates.put(qs.getResource("dataSetTemplate").getURI(),
-                            qs.getResource("dataSets").getURI());
+                            qs.getResource("policyTemplate").getURI());
                 }
             });
         } catch (RDFServiceException e) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
index 19d8f3e56b..977c2fb126 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
@@ -24,9 +24,9 @@ public void getRoleDataSetTemplatesTest() {
         Map<String, String> templates = PolicyLoader.getInstance().getRoleDataSetTemplates();
         assertEquals(2, templates.size());
         assertTrue(templates.containsKey(PREFIX + "RoleDataSetTemplate1"));
-        assertEquals(PREFIX + "DataSets", templates.get(PREFIX + "RoleDataSetTemplate1"));
+        assertEquals(PREFIX + "PolicyTemplate", templates.get(PREFIX + "RoleDataSetTemplate1"));
         assertTrue(templates.containsKey(PREFIX + "RoleDataSetTemplate2"));
-        assertEquals(PREFIX + "DataSets", templates.get(PREFIX + "RoleDataSetTemplate2"));
+        assertEquals(PREFIX + "PolicyTemplate", templates.get(PREFIX + "RoleDataSetTemplate2"));
     }
 
     @Test
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index 50fe9d15dc..91fe0d3b81 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -11,9 +11,6 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/test-data-set-templates/> .
 
 :PolicyTemplate a access:PolicyTemplate ;
-    access:policyDataSets :DataSets .
-
-:DataSets a access:PolicyDataSets ;
     access:policyDataSetTemplate :RoleDataSetTemplate1 ;
     access:policyDataSetTemplate :RoleDataSetTemplate2 ;
     access:policyDataSet :PublicDataSet .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index 6651ddb60e..352d91b84e 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -9,7 +9,7 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenTestSetPolicy rdf:type access:Policy ;
-    access:policyDataSets access-individual:testDataSets ;
+    access:policyDataSet access-individual:testDataSet1 ;
     access:rule access-individual:BrokenRule .
 
 access-individual:BrokenRule rdf:type access:Rule ;
@@ -26,9 +26,6 @@ access-individual:BrokenAttribute2 rdf:type access:Check ;
     access:attribute access-individual:ObjectUri ;
     access:setValue access-individual:valueSet2 .
 
-access-individual:testDataSets rdf:type access:PolicyDataSets ;
-    access:policyDataSet access-individual:testDataSet1 .
-
 access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
     access:dataSetValues access-individual:valueSet1 .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index 0aca1dcc01..4f77de0c55 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -9,7 +9,8 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenTestSetPolicy rdf:type access:Policy ;
-    access:policyDataSets access-individual:testDataSets ;
+    access:policyDataSet access-individual:testDataSet1 ;
+    access:policyDataSet access-individual:testDataSet2 ;
     access:rule access-individual:BrokenRule .
     
 access-individual:BrokenRule rdf:type access:Rule ;
@@ -28,10 +29,6 @@ access-individual:BrokenSetAttribute2 rdf:type access:Check ;
     access:attributeValue access-individual:valueSet2 ;
     .
 
-access-individual:testDataSets rdf:type access:PolicyDataSets ;
-    access:policyDataSet access-individual:testDataSet1 ;
-    access:policyDataSet access-individual:testDataSet2 .
-
 access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
     access:dataSetValues access-individual:valueSet1 .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index 98aa373a59..c319f1d6d4 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -9,7 +9,8 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:ValidTestSetPolicy rdf:type access:PolicyTemplate ;
-    access:policyDataSets access-individual:testDataSets1 ;
+    access:policyDataSet access-individual:testDataSet2 ;
+    access:policyDataSet access-individual:testDataSet1 ;
     access:rule access-individual:ValidRule .
     
 access-individual:ValidRule rdf:type access:Rule ;
@@ -30,10 +31,6 @@ access-individual:ValidAttribute2 rdf:type access:Check ;
     access:attributeValue access-individual:valueSet2 ;
     .
 
-access-individual:testDataSets1 rdf:type access:PolicyDataSets ;
-    access:policyDataSet access-individual:testDataSet2 ;
-    access:policyDataSet access-individual:testDataSet1 .
-
 access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
     access:dataSetValues access-individual:valueSet2 ;
     access:dataSetValues access-individual:valueSet1 .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 58e04fb18b..52a5e21682 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -7,9 +7,7 @@
 
 :PolicyTemplate a access:PolicyTemplate ;
     access:rule :AllowMatchingClass ;
-    access:policyDataSets :DataSets .
 
-:DataSets a access:PolicyDataSets ;
     access:policyDataSet :PublicDisplayClassDataSet ;
     access:policyDataSet :SelfEditorDisplayClassDataSet ;
     access:policyDataSet :EditorDisplayClassDataSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index d9bd61d197..61bf93239a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -8,9 +8,7 @@
 :PolicyTemplate a access:PolicyTemplate ;
     access:rule :AllowMatchingPropertyStatement ;
     access:rule :AllowMatchingProperty ;
-    access:policyDataSets :DataSets .
 
-:DataSets a access:PolicyDataSets ;
     access:policyDataSet :PublicDisplayObjectPropertyDataSet ;
     access:policyDataSet :EditorDisplayObjectPropertyDataSet ;
     access:policyDataSet :CuratorDisplayObjectPropertyDataSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index d311675364..67cf46f65b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -8,9 +8,7 @@
 :PolicyTemplate a access:PolicyTemplate ;
     access:rule :AllowMatchingPropertyStatement ;
     access:rule :AllowMatchingProperty ;
-    access:policyDataSets :DataSets .
 
-:DataSets a access:PolicyDataSets ;
     access:policyDataSet :SelfEditorDisplayObjectPropertyDataSet ;
     access:policyDataSet :SelfEditorDisplayDataPropertyDataSet ;
     access:policyDataSet :SelfEditorDisplayFauxObjectPropertyDataSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index 6e6d3d05d1..99faabafc8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -6,7 +6,7 @@
 
 :PolicyTemplate a access:PolicyTemplate ;
     access:priority 8000 ;
-    access:policyDataSets :DataSets ;
+    access:policyDataSet :NotModifiableStatementsPolicyDataSet ;
     access:rule :RestrictObjectPropertyStatementsWithNotModifiablePredicate ;
     access:rule :RestrictObjectPropertyStatementsWithNotModifiableSubject ;
     access:rule :RestrictObjectPropertyStatementsWithNotModifiableObject ;
@@ -85,11 +85,6 @@
     access:attribute access-individual:StatementObjectUri ;
     access:attributeValue :ProhibitedNamespaceExceptionsValueContainer .
 
-###DataSets
-
-:DataSets a access:PolicyDataSets ;
-    access:policyDataSet :NotModifiableStatementsPolicyDataSet .
-
 :NotModifiableStatementsPolicyDataSet a access:PolicyDataSet ;
     access:dataSetValues :ProhibitedNamespaceExceptionsValueContainer ;
     access:dataSetValues :ProhibitedNamespaceValueContainer .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index dd31e9554e..36cd1bb65b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -8,10 +8,7 @@
 
 :PolicyTemplate a access:PolicyTemplate ;
     access:priority 1000 ;
-    access:policyDataSets :DataSets ;
-    access:rule :AllowSimplePermission .
-
-:DataSets a access:PolicyDataSets ;
+    access:rule :AllowSimplePermission ;
     access:policyDataSetTemplate :RoleDataSetTemplate ;
     access:policyDataSet :PublicDataSet ;
     access:policyDataSet :SelfEditorDataSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index e8b66c4c94..9fddcd6582 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -8,10 +8,7 @@
 :PolicyTemplate a access:PolicyTemplate ;
     access:rule :AllowMatchingPropertyStatement ;
     access:rule :AllowMatchingProperty ;
-    access:policyDataSets :DataSets .
-
-:DataSets a access:PolicyDataSets ;
-
+ 
     access:policyDataSet :SelfEditorAddObjectPropertyDataSet ;
     access:policyDataSet :SelfEditorAddDataPropertyDataSet ;
     access:policyDataSet :SelfEditorAddFauxObjectPropertyDataSet ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index a4c2e84933..073312a689 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -12,7 +12,7 @@
 ### Classes
 
 :PolicyTemplate a owl:Class ;
-    rdfs:comment "Policy template to define set of rules that can be reused by data sets" ; 
+    rdfs:comment "Policy template to define rules that can be reused by data sets" ; 
     rdfs:label "Policy template"@en-US .
 
 :Policy a owl:Class ;
@@ -64,7 +64,7 @@
     rdfs:label "Decision"@en-US .
 
 :DataSetTemplate a owl:Class ;
-    rdfs:comment "Data set template to create new data set: specify new value containers and add them into attribute value sets, create new data set key. Data set template should contain it's own key to be found and used. For example on new role creation new data sets for new role should be created, template key for that example would be access-individual:SubjectRole";
+    rdfs:comment "Data set template to create new data set: specify new value containers and add them into checks, create new data set key. Data set template should contain it's own key to be found and used. For example on new role creation new data sets for new role should be created, template key for that example would be access-individual:SubjectRole";
     rdfs:label "Data set template"@en-US .
 
 :DataSetTemplateKey a owl:Class ;
@@ -186,16 +186,10 @@
     rdfs:domain :Rule ;
     rdfs:range :Decision .    
 
-:policyDataSets a owl:ObjectProperty ;
-    rdfs:comment "Contains policy data sets";
-    rdfs:label "policy data sets"@en-US ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Policy :PolicyTemplate ) ] ;
-    rdfs:range :PolicyDataSets .
-
 :policyDataSet a owl:ObjectProperty ;
-    rdfs:comment "Data sets container contain data set";
+    rdfs:comment "Contain policy data set";
     rdfs:label "policy data set"@en-US ;
-    rdfs:domain :PolicyDataSets ;
+    rdfs:domain :PolicyTemplate ;
     rdfs:range :PolicyDataSet .
 
 :containerType a owl:ObjectProperty ;
@@ -216,7 +210,7 @@
     rdfs:range :Rule .
 
 :dataSetKey a owl:ObjectProperty ;
-    rdfs:comment "Assign data set template to policy data sets";
+    rdfs:comment "Assign data set template to policy data set";
     rdfs:label "data set key"@en-US ;
     rdfs:domain :PolicyDataSet ;
     rdfs:range :DataSetKey .
@@ -228,9 +222,9 @@
     rdfs:range :DataSetKeyTemplate .
 
 :policyDataSetTemplate a owl:ObjectProperty ;
-    rdfs:comment "Assign data set template to policy data sets";
+    rdfs:comment "Assign data set template to policy data set";
     rdfs:label "policy data set template"@en-US ;
-    rdfs:domain :PolicyDataSets ;
+    rdfs:domain :PolicyTemplate ;
     rdfs:range :DataSetTemplate .
 
 :keyComponent a owl:ObjectProperty ;

From 741c25e9a5673edbe89d9826af180f7387370044 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 22 Nov 2023 18:01:12 +0100
Subject: [PATCH 111/148] access control ontology: renamed property
 relatedValueSet to relatedCheck

---
 .../webapp/auth/policy/PolicyLoader.java      |   2 +-
 .../webapp/auth/rules/data_set_templates.n3   |   8 +-
 .../template_access_allowed_class.n3          |  12 +-
 .../template_access_allowed_property.n3       | 120 +++++++++---------
 .../firsttime/template_simple_permissions.n3  |   4 +-
 .../vitro-access-control-ontology.n3          |   6 +-
 6 files changed, 76 insertions(+), 76 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index ba431fd576..2a0da8e6c0 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -290,7 +290,7 @@ public class PolicyLoader {
             + "}\n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?valueContainerTemplateUri access:relatedValueSet ?relatedCheck .\n"
+            + "    ?valueContainerTemplateUri access:relatedCheck ?relatedCheck .\n"
             + "    ?valueContainerTemplateUri access:containerTypeTemplate ?containerType .\n"
             + "    OPTIONAL {\n"
             + "      ?valueContainerTemplateUri access:defaultValue ?dataValue .\n"
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index 91fe0d3b81..2dff884e51 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -34,11 +34,11 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleValueContainerTemplate1 a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedCheck :RoleValueSet;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePermissionValueContainerTemplate1 a access:ValueContainerTemplate ;
-    access:relatedValueSet :TypeValueSet;
+    access:relatedCheck :TypeValueSet;
     access:defaultValue simplePermission:PageViewablePublic;
     access:defaultValue simplePermission:QueryFullModel ;
     access:containerTypeTemplate access-individual:NamedObject .
@@ -58,11 +58,11 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleValueContainerTemplate2 a access:ValueContainerTemplate ;
-    access:relatedValueSet :RoleValueSet;
+    access:relatedCheck :RoleValueSet;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePermissionValueContainerTemplate2 a access:ValueContainerTemplate ;
-    access:relatedValueSet :TypeValueSet;
+    access:relatedCheck :TypeValueSet;
     access:containerTypeTemplate access-individual:NamedObject .
 
 :PublicDataSet a access:PolicyDataSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 52a5e21682..a7c9c603f3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -49,11 +49,11 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayClassRoleValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleCheck;
+    access:relatedCheck :SubjectRoleCheck;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDisplayClassValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriCheck ;
+    access:relatedCheck :AccessObjectUriCheck ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:Class .
 
@@ -76,11 +76,11 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleUpdateClassRoleValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleCheck;
+    access:relatedCheck :SubjectRoleCheck;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleUpdateClassValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriCheck ;
+    access:relatedCheck :AccessObjectUriCheck ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:Class .
 
@@ -103,11 +103,11 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishClassRoleValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleCheck;
+    access:relatedCheck :SubjectRoleCheck;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePublishClassValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriCheck ;
+    access:relatedCheck :AccessObjectUriCheck ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:Class .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 61bf93239a..a53ade2e25 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -153,12 +153,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDisplayObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
@@ -182,12 +182,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePublishObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
@@ -211,12 +211,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleAddObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleAddObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
@@ -240,12 +240,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDropObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDropObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
@@ -269,12 +269,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleEditObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleEditObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
@@ -298,12 +298,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDisplayDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
@@ -327,12 +327,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePublishDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
@@ -356,12 +356,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleAddDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleAddDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
@@ -385,12 +385,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDropDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDropDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
@@ -414,12 +414,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleEditDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleEditDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
@@ -443,12 +443,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDisplayFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
@@ -472,12 +472,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePublishFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
@@ -501,12 +501,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleAddFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleAddFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
@@ -530,12 +530,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDropFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDropFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
@@ -559,12 +559,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleEditFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleEditFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
@@ -588,12 +588,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDisplayFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
@@ -617,12 +617,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePublishFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
@@ -646,12 +646,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleAddFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleAddFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
@@ -675,12 +675,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleDropFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleDropFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
@@ -704,12 +704,12 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleEditFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRoleAttribute;
+    access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RoleEditFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :AccessObjectUriContainsInDataSet ;
-    access:relatedValueSet :StatementPredicateEquals ;
+    access:relatedCheck :AccessObjectUriContainsInDataSet ;
+    access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 36cd1bb65b..dd7575ec49 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -33,11 +33,11 @@
     access:keyComponentTemplate access-individual:SubjectRole .
 
 :RoleValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :SubjectRoleEqualsDataSetRole;
+    access:relatedCheck :SubjectRoleEqualsDataSetRole;
     access:containerTypeTemplate access-individual:SubjectRole .
 
 :RolePermissionValueContainerTemplate a access:ValueContainerTemplate ;
-    access:relatedValueSet :PermissionNameAllowed;
+    access:relatedCheck :PermissionNameAllowed;
     access:defaultValue simplePermission:PageViewablePublic;
     access:defaultValue simplePermission:QueryFullModel ;
     access:containerTypeTemplate access-individual:NamedObject .
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 073312a689..9583a85565 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -149,9 +149,9 @@
     rdfs:domain :Check ;
     rdfs:range :ValueContainer .
 
-:relatedValueSet a owl:ObjectProperty ;
-    rdfs:comment "Specify :Check into which new ValueContainer should be added";
-    rdfs:label "related value set"@en-US ;
+:relatedCheck a owl:ObjectProperty ;
+    rdfs:comment "Specifies :Check into which new ValueContainer should be added";
+    rdfs:label "related check"@en-US ;
     rdfs:domain :ValueContainerTemplate ;
     rdfs:range :Check .
 

From b34dbe07eeb0b787bdcd3d053ea62c69903048c8 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 22 Nov 2023 19:31:41 +0100
Subject: [PATCH 112/148] renamed ValueContainer to ValueSet

---
 .../AttributeValueContainerRegistry.java      |   30 -
 .../auth/attributes/AttributeValueKey.java    |   20 +-
 ...eContainer.java => AttributeValueSet.java} |    8 +-
 .../attributes/AttributeValueSetRegistry.java |   30 +
 ...ner.java => MutableAttributeValueSet.java} |   18 +-
 .../attributes/ValueContainerFactory.java     |   84 -
 .../auth/attributes/ValueSetFactory.java      |   84 +
 .../webapp/auth/checks/AbstractCheck.java     |    8 +-
 .../auth/checks/AccessObjectTypeCheck.java    |    4 +-
 .../auth/checks/AccessObjectUriCheck.java     |    6 +-
 .../auth/checks/AttributeValueChecker.java    |   10 +-
 .../vitro/webapp/auth/checks/Check.java       |    4 +-
 .../webapp/auth/checks/CheckFactory.java      |   22 +-
 .../webapp/auth/checks/OperationCheck.java    |    4 +-
 .../auth/checks/StatementObjectUriCheck.java  |    4 +-
 .../checks/StatementPredicateUriCheck.java    |    4 +-
 .../auth/checks/StatementSubjectUriCheck.java |    4 +-
 .../webapp/auth/checks/SubjectRoleCheck.java  |    4 +-
 .../webapp/auth/checks/SubjectTypeCheck.java  |    4 +-
 .../auth/policy/EntityPolicyController.java   |   60 +-
 .../webapp/auth/policy/PolicyLoader.java      |   98 +-
 .../auth/policy/PolicyTemplateController.java |   20 +-
 .../attributes/AttributeValueKeyTest.java     |    4 +-
 .../webapp/auth/policy/PolicyLoaderTest.java  |    2 +-
 .../vitro/webapp/auth/policy/PolicyTest.java  |    6 +-
 .../webapp/auth/rules/AccessRuleTest.java     |   10 +-
 .../migration/auth/AuthMigratorTest.java      |    4 +-
 .../webapp/auth/rules/data_set_templates.n3   |   24 +-
 .../auth/rules/proximity_test_policy.n3       |    2 +-
 .../webapp/auth/rules/test_policy_broken5.n3  |    2 +-
 .../auth/rules/test_policy_broken_set.n3      |    4 +-
 .../auth/rules/test_policy_valid_set.n3       |    8 +-
 ...owed_entities_admin_add_object_property.n3 |    2 +-
 ..._entities_admin_display_object_property.n3 |    2 +-
 ...wed_entities_admin_drop_object_property.n3 |    2 +-
 ...wed_entities_admin_edit_object_property.n3 |    2 +-
 ..._entities_admin_publish_object_property.n3 |    2 +-
 ...ed_entities_curator_add_object_property.n3 |    2 +-
 ...ntities_curator_display_object_property.n3 |    2 +-
 ...d_entities_curator_drop_object_property.n3 |    2 +-
 ...d_entities_curator_edit_object_property.n3 |    2 +-
 ...ntities_curator_publish_object_property.n3 |    2 +-
 ...wed_entities_editor_add_object_property.n3 |    2 +-
 ...entities_editor_display_object_property.n3 |    2 +-
 ...ed_entities_editor_drop_object_property.n3 |    2 +-
 ...ed_entities_editor_edit_object_property.n3 |    2 +-
 ...entities_editor_publish_object_property.n3 |    2 +-
 ...entities_public_display_object_property.n3 |    2 +-
 ...ntities_self_editor_add_object_property.n3 |    2 +-
 ...ies_self_editor_display_object_property.n3 |    2 +-
 ...tities_self_editor_drop_object_property.n3 |    2 +-
 ...tities_self_editor_edit_object_property.n3 |    2 +-
 ...ies_self_editor_publish_object_property.n3 |    2 +-
 .../accessControl/firsttime/object_types.n3   |   18 +-
 .../rdf/accessControl/firsttime/operations.n3 |   14 +-
 .../rdf/accessControl/firsttime/roles.n3      |   10 +-
 .../firsttime/simple_permissions_admin.n3     |    2 +-
 .../firsttime/simple_permissions_curator.n3   |    2 +-
 .../firsttime/simple_permissions_editor.n3    |    2 +-
 .../firsttime/simple_permissions_public.n3    |    2 +-
 .../simple_permissions_self_editor.n3         |    2 +-
 .../template_access_allowed_class.n3          |  222 +--
 .../template_access_allowed_property.n3       | 1606 ++++++++---------
 ...emplate_access_related_allowed_property.n3 |  150 +-
 .../template_not_modifiable_statements.n3     |   24 +-
 .../firsttime/template_simple_permissions.n3  |   58 +-
 ...emplate_update_related_allowed_property.n3 |  224 +--
 .../vitro-access-control-ontology.n3          |   50 +-
 68 files changed, 1512 insertions(+), 1512 deletions(-)
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerRegistry.java
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{AttributeValueContainer.java => AttributeValueSet.java} (69%)
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueSetRegistry.java
 rename api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/{MutableAttributeValueContainer.java => MutableAttributeValueSet.java} (77%)
 delete mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
 create mode 100644 api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueSetFactory.java

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerRegistry.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerRegistry.java
deleted file mode 100644
index bd0eb3e2c7..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainerRegistry.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
-
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-public class AttributeValueContainerRegistry {
-
-    private static AttributeValueContainerRegistry INSTANCE = new AttributeValueContainerRegistry();
-    private Map<AttributeValueKey, AttributeValueContainer> valuesMap = new ConcurrentHashMap<>();
-
-    private AttributeValueContainerRegistry() {
-        INSTANCE = this;
-    }
-
-    public static AttributeValueContainerRegistry getInstance() {
-        return INSTANCE;
-    }
-
-    public AttributeValueContainer get(AttributeValueKey key) {
-        return valuesMap.get(key);
-    }
-
-    public void put(AttributeValueKey key, AttributeValueContainer values) {
-        valuesMap.put(key, values);
-    }
-
-    public void clear() {
-        valuesMap.clear();
-    }
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKey.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKey.java
index acbe74ce9c..02dd77b623 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKey.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKey.java
@@ -8,16 +8,16 @@ public class AttributeValueKey {
     private AccessOperation ao;
     private AccessObjectType aot;
     private String role;
-    private String containerType;
+    private String type;
 
     public AttributeValueKey() {
     }
 
-    public AttributeValueKey(AccessOperation ao, AccessObjectType aot, String role, String containerType) {
+    public AttributeValueKey(AccessOperation ao, AccessObjectType aot, String role, String type) {
         this.ao = ao;
         this.aot = aot;
         this.role = role;
-        this.containerType = containerType;
+        this.type = type;
     }
 
     public AccessOperation getAccessOperation() {
@@ -44,16 +44,16 @@ public void setRole(String role) {
         this.role = role;
     }
 
-    public String getContainerType() {
-        return containerType;
+    public String getType() {
+        return type;
     }
 
-    public void setContainerType(String containerType) {
-        this.containerType = containerType;
+    public void setType(String type) {
+        this.type = type;
     }
 
     public AttributeValueKey clone() {
-        return new AttributeValueKey(ao, aot, role, containerType);
+        return new AttributeValueKey(ao, aot, role, type);
     }
 
     @Override
@@ -70,7 +70,7 @@ public boolean equals(Object object) {
                 .append(getAccessOperation(), compared.getAccessOperation())
                 .append(getObjectType(), compared.getObjectType())
                 .append(getRole(), compared.getRole())
-                .append(getContainerType(), compared.getContainerType())
+                .append(getType(), compared.getType())
                 .isEquals();
     }
 
@@ -80,7 +80,7 @@ public int hashCode() {
                 .append(getAccessOperation())
                 .append(getObjectType())
                 .append(getRole())
-                .append(getContainerType())
+                .append(getType())
                 .toHashCode();
     }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainer.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueSet.java
similarity index 69%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainer.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueSet.java
index c05089096e..d8902b2509 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueContainer.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueSet.java
@@ -1,6 +1,6 @@
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
-public interface AttributeValueContainer {
+public interface AttributeValueSet {
 
     void add(String value);
 
@@ -16,11 +16,11 @@ public interface AttributeValueContainer {
 
     boolean isEmpty();
 
-    void setContainerUri(String containerUri);
+    void setValueSetUri(String valueSetUri);
 
-    String getContainerUri();
+    String getValueSetUri();
 
-    void setType(String containerType);
+    void setType(String type);
 
     void setDataSetUri(String dataSetUri);
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueSetRegistry.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueSetRegistry.java
new file mode 100644
index 0000000000..2ba0f0c00a
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueSetRegistry.java
@@ -0,0 +1,30 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class AttributeValueSetRegistry {
+
+    private static AttributeValueSetRegistry INSTANCE = new AttributeValueSetRegistry();
+    private Map<AttributeValueKey, AttributeValueSet> valuesMap = new ConcurrentHashMap<>();
+
+    private AttributeValueSetRegistry() {
+        INSTANCE = this;
+    }
+
+    public static AttributeValueSetRegistry getInstance() {
+        return INSTANCE;
+    }
+
+    public AttributeValueSet get(AttributeValueKey key) {
+        return valuesMap.get(key);
+    }
+
+    public void put(AttributeValueKey key, AttributeValueSet values) {
+        valuesMap.put(key, values);
+    }
+
+    public void clear() {
+        valuesMap.clear();
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/MutableAttributeValueContainer.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/MutableAttributeValueSet.java
similarity index 77%
rename from api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/MutableAttributeValueContainer.java
rename to api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/MutableAttributeValueSet.java
index 7d5dc773df..e00b670632 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/MutableAttributeValueContainer.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/MutableAttributeValueSet.java
@@ -4,25 +4,25 @@
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 
-public class MutableAttributeValueContainer implements AttributeValueContainer {
+public class MutableAttributeValueSet implements AttributeValueSet {
 
     private Set<String> values = ConcurrentHashMap.newKeySet();
-    private String containerUri;
+    private String valueSetUri;
     private String type;
     private AttributeValueKey key;
     private String dataSetUri;
 
-    public void setContainerUri(String valueContainerUri) {
-        this.containerUri = valueContainerUri;
+    public void setValueSetUri(String valueSetUri) {
+        this.valueSetUri = valueSetUri;
     }
 
-    public MutableAttributeValueContainer(String value) {
+    public MutableAttributeValueSet(String value) {
         values.add(value);
     }
 
     @Override
-    public String getContainerUri() {
-        return containerUri;
+    public String getValueSetUri() {
+        return valueSetUri;
     }
 
     @Override
@@ -80,8 +80,8 @@ public void clear() {
     }
 
     @Override
-    public void setKey(AttributeValueKey valueContainerKey) {
-        this.key = valueContainerKey;
+    public void setKey(AttributeValueKey valueSetKey) {
+        this.key = valueSetKey;
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
deleted file mode 100644
index 3079e7bb66..0000000000
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueContainerFactory.java
+++ /dev/null
@@ -1,84 +0,0 @@
-package edu.cornell.mannlib.vitro.webapp.auth.attributes;
-
-import java.util.Optional;
-
-import org.apache.jena.query.QuerySolution;
-
-public class ValueContainerFactory {
-
-    public static AttributeValueContainer create(String value, QuerySolution qs, AttributeValueKey dataSetKey) {
-        Optional<String> type = getContainerType(qs);
-        if (!type.isPresent() || dataSetKey == null) {
-            return new MutableAttributeValueContainer(value);
-        } else {
-            AttributeValueKey avcKey = getAttributeValueContainerKey(dataSetKey, type.get());
-            AttributeValueContainer avc = AttributeValueContainerRegistry.getInstance().get(avcKey);
-            if (avc == null) {
-                return createNew(value, qs, dataSetKey, avcKey);
-            } else {
-                return returnFromRegistry(value, avc);
-            }
-        }
-    }
-
-    private static AttributeValueContainer returnFromRegistry(String value, AttributeValueContainer avc) {
-        avc.clear();
-        avc.add(value);
-        return avc;
-    }
-
-    private static AttributeValueContainer createNew(String value, QuerySolution qs, AttributeValueKey dataSetKey,
-            AttributeValueKey avcKey) {
-        AttributeValueContainer avc;
-        avc = new MutableAttributeValueContainer(value);
-        Optional<String> containerUri = getContainerUri(qs);
-        if (containerUri.isPresent()) {
-            avc.setContainerUri(containerUri.get());
-        }
-        Optional<String> type = getContainerType(qs);
-        if (type.isPresent()) {
-            avc.setType(type.get());
-        }
-        Optional<String> dataSetUri = getDataSetUri(qs);
-        if (dataSetUri.isPresent()) {
-            avc.setDataSetUri(dataSetUri.get());
-        }
-        avc.setKey(dataSetKey);
-        register(avc, avcKey);
-        return avc;
-    }
-
-    private static AttributeValueKey getAttributeValueContainerKey(AttributeValueKey dataSetKey, String type) {
-        AttributeValueKey avcKey = dataSetKey.clone();
-        avcKey.setContainerType(type);
-        return avcKey;
-    }
-
-    private static void register(AttributeValueContainer avc, AttributeValueKey key) {
-        AttributeValueContainerRegistry.getInstance().put(key, avc);
-    }
-
-    private static Optional<String> getContainerUri(QuerySolution qs) {
-        if (qs.contains("attributeValue") && qs.get("attributeValue").isResource()) {
-            String uri = qs.getResource("attributeValue").getURI();
-            return Optional.of(uri);
-        }
-        return Optional.empty();
-    }
-
-    private static Optional<String> getContainerType(QuerySolution qs) {
-        if (qs.contains("containerType") && qs.get("containerType").isLiteral()) {
-            String containerType = qs.getLiteral("containerType").getString();
-            return Optional.of(containerType);
-        }
-        return Optional.empty();
-    }
-
-    private static Optional<String> getDataSetUri(QuerySolution qs) {
-        if (qs.contains("dataSetUri") && qs.get("dataSetUri").isResource()) {
-            String dataSetUri = qs.getResource("dataSetUri").getURI();
-            return Optional.of(dataSetUri);
-        }
-        return Optional.empty();
-    }
-}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueSetFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueSetFactory.java
new file mode 100644
index 0000000000..a7a12136c0
--- /dev/null
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/ValueSetFactory.java
@@ -0,0 +1,84 @@
+package edu.cornell.mannlib.vitro.webapp.auth.attributes;
+
+import java.util.Optional;
+
+import org.apache.jena.query.QuerySolution;
+
+public class ValueSetFactory {
+
+    public static AttributeValueSet create(String value, QuerySolution qs, AttributeValueKey dataSetKey) {
+        Optional<String> type = getSetElementsType(qs);
+        if (!type.isPresent() || dataSetKey == null) {
+            return new MutableAttributeValueSet(value);
+        } else {
+            AttributeValueKey avcKey = getAttributeValueSetKey(dataSetKey, type.get());
+            AttributeValueSet avc = AttributeValueSetRegistry.getInstance().get(avcKey);
+            if (avc == null) {
+                return createNew(value, qs, dataSetKey, avcKey);
+            } else {
+                return returnFromRegistry(value, avc);
+            }
+        }
+    }
+
+    private static AttributeValueSet returnFromRegistry(String value, AttributeValueSet avc) {
+        avc.clear();
+        avc.add(value);
+        return avc;
+    }
+
+    private static AttributeValueSet createNew(String value, QuerySolution qs, AttributeValueKey dataSetKey,
+            AttributeValueKey avcKey) {
+        AttributeValueSet avc;
+        avc = new MutableAttributeValueSet(value);
+        Optional<String> setUri = getSetUri(qs);
+        if (setUri.isPresent()) {
+            avc.setValueSetUri(setUri.get());
+        }
+        Optional<String> type = getSetElementsType(qs);
+        if (type.isPresent()) {
+            avc.setType(type.get());
+        }
+        Optional<String> dataSetUri = getDataSetUri(qs);
+        if (dataSetUri.isPresent()) {
+            avc.setDataSetUri(dataSetUri.get());
+        }
+        avc.setKey(dataSetKey);
+        register(avc, avcKey);
+        return avc;
+    }
+
+    private static AttributeValueKey getAttributeValueSetKey(AttributeValueKey dataSetKey, String type) {
+        AttributeValueKey avcKey = dataSetKey.clone();
+        avcKey.setType(type);
+        return avcKey;
+    }
+
+    private static void register(AttributeValueSet avc, AttributeValueKey key) {
+        AttributeValueSetRegistry.getInstance().put(key, avc);
+    }
+
+    private static Optional<String> getSetUri(QuerySolution qs) {
+        if (qs.contains("attributeValue") && qs.get("attributeValue").isResource()) {
+            String uri = qs.getResource("attributeValue").getURI();
+            return Optional.of(uri);
+        }
+        return Optional.empty();
+    }
+
+    private static Optional<String> getSetElementsType(QuerySolution qs) {
+        if (qs.contains("setElementsType") && qs.get("setElementsType").isLiteral()) {
+            String setElementsType = qs.getLiteral("setElementsType").getString();
+            return Optional.of(setElementsType);
+        }
+        return Optional.empty();
+    }
+
+    private static Optional<String> getDataSetUri(QuerySolution qs) {
+        if (qs.contains("dataSetUri") && qs.get("dataSetUri").isResource()) {
+            String dataSetUri = qs.getResource("dataSetUri").getURI();
+            return Optional.of(dataSetUri);
+        }
+        return Optional.empty();
+    }
+}
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AbstractCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AbstractCheck.java
index c28ef7a26f..200da329c1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AbstractCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AbstractCheck.java
@@ -2,19 +2,19 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
 
 public abstract class AbstractCheck implements Check {
 
-    private AttributeValueContainer values;
+    private AttributeValueSet values;
     private String uri;
     private long computationalCost;
 
     private CheckType testType = CheckType.EQUALS;
 
-    public AbstractCheck(String uri, AttributeValueContainer values) {
+    public AbstractCheck(String uri, AttributeValueSet values) {
         this.uri = uri;
         this.values = values;
     }
@@ -42,7 +42,7 @@ public void addValue(String value) {
     }
 
     @Override
-    public AttributeValueContainer getValues() {
+    public AttributeValueSet getValues() {
         return values;
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectTypeCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectTypeCheck.java
index f0cfaf30ef..052793d798 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectTypeCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectTypeCheck.java
@@ -3,7 +3,7 @@
 package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
@@ -13,7 +13,7 @@ public class AccessObjectTypeCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(AccessObjectTypeCheck.class);
 
-    public AccessObjectTypeCheck(String uri, AttributeValueContainer values) {
+    public AccessObjectTypeCheck(String uri, AttributeValueSet values) {
         super(uri, values);
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectUriCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectUriCheck.java
index 72f243d746..a814f76b64 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectUriCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AccessObjectUriCheck.java
@@ -5,7 +5,7 @@
 import java.util.Optional;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
@@ -15,8 +15,8 @@ public class AccessObjectUriCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(AccessObjectUriCheck.class);
 
-    public AccessObjectUriCheck(String uri, AttributeValueContainer container) {
-        super(uri, container);
+    public AccessObjectUriCheck(String uri, AttributeValueSet set) {
+        super(uri, set);
     }
 
     @Override
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AttributeValueChecker.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AttributeValueChecker.java
index 1f0899dad4..b374015904 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AttributeValueChecker.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/AttributeValueChecker.java
@@ -5,7 +5,7 @@
 import java.util.Arrays;
 import java.util.List;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.lang3.StringUtils;
@@ -37,7 +37,7 @@ static boolean test(Check attr, AuthorizationRequest ar, String... values) {
     }
 
     private static boolean sparqlQueryContains(Check attr, AuthorizationRequest ar, String[] inputValues) {
-        AttributeValueContainer values = attr.getValues();
+        AttributeValueSet values = attr.getValues();
         if (!values.containsSingleValue()) {
             log.error("SparqlQueryContains more than  one value");
             return false;
@@ -67,7 +67,7 @@ private static boolean sparqlQueryContains(Check attr, AuthorizationRequest ar,
     }
 
     private static boolean contains(Check attr, String... inputValues) {
-        AttributeValueContainer values = attr.getValues();
+        AttributeValueSet values = attr.getValues();
         for (String inputValue : inputValues) {
             if (values.contains(inputValue)) {
                 return true;
@@ -77,7 +77,7 @@ private static boolean contains(Check attr, String... inputValues) {
     }
 
     private static boolean equals(Check attr, String... inputValues) {
-        AttributeValueContainer values = attr.getValues();
+        AttributeValueSet values = attr.getValues();
         if (!values.containsSingleValue()) {
             return false;
         }
@@ -90,7 +90,7 @@ private static boolean equals(Check attr, String... inputValues) {
     }
 
     private static boolean startsWith(Check attr, String... inputValues) {
-        AttributeValueContainer values = attr.getValues();
+        AttributeValueSet values = attr.getValues();
         if (!values.containsSingleValue()) {
             return false;
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/Check.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/Check.java
index 522f676828..99a06bc020 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/Check.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/Check.java
@@ -3,7 +3,7 @@
 package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 
 public interface Check {
@@ -18,7 +18,7 @@ public interface Check {
 
     CheckType getType();
 
-    AttributeValueContainer getValues();
+    AttributeValueSet getValues();
 
     void addValue(String value);
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java
index b29342f4f1..d6b50f5b54 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java
@@ -3,9 +3,9 @@
 package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueKey;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.ValueContainerFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.ValueSetFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import org.apache.jena.query.QuerySolution;
 
@@ -17,32 +17,32 @@ public static Check createCheck(QuerySolution qs, AttributeValueKey dataSetKey)
         Attribute type = Attribute.valueOf(typeId);
         String testId = qs.getLiteral("testId").getString();
         String value = getValue(qs);
-        AttributeValueContainer container = ValueContainerFactory.create(value, qs, dataSetKey);
+        AttributeValueSet set = ValueSetFactory.create(value, qs, dataSetKey);
         Check check = null;
         switch (type) {
             case SUBJECT_ROLE_URI:
-                check = new SubjectRoleCheck(checkUri, container);
+                check = new SubjectRoleCheck(checkUri, set);
                 break;
             case OPERATION:
-                check = new OperationCheck(checkUri, container);
+                check = new OperationCheck(checkUri, set);
                 break;
             case ACCESS_OBJECT_URI:
-                check = new AccessObjectUriCheck(checkUri, container);
+                check = new AccessObjectUriCheck(checkUri, set);
                 break;
             case ACCESS_OBJECT_TYPE:
-                check = new AccessObjectTypeCheck(checkUri, container);
+                check = new AccessObjectTypeCheck(checkUri, set);
                 break;
             case SUBJECT_TYPE:
-                check = new SubjectTypeCheck(checkUri, container);
+                check = new SubjectTypeCheck(checkUri, set);
                 break;
             case STATEMENT_PREDICATE_URI:
-                check = new StatementPredicateUriCheck(checkUri, container);
+                check = new StatementPredicateUriCheck(checkUri, set);
                 break;
             case STATEMENT_SUBJECT_URI:
-                check = new StatementSubjectUriCheck(checkUri, container);
+                check = new StatementSubjectUriCheck(checkUri, set);
                 break;
             case STATEMENT_OBJECT_URI:
-                check = new StatementObjectUriCheck(checkUri, container);
+                check = new StatementObjectUriCheck(checkUri, set);
                 break;
             default:
                 check = null;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/OperationCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/OperationCheck.java
index 1d69156113..7aaeff8a91 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/OperationCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/OperationCheck.java
@@ -4,7 +4,7 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -13,7 +13,7 @@ public class OperationCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(OperationCheck.class);
 
-    public OperationCheck(String uri, AttributeValueContainer values) {
+    public OperationCheck(String uri, AttributeValueSet values) {
         super(uri, values);
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementObjectUriCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementObjectUriCheck.java
index 36a3342797..6c5e9f39d8 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementObjectUriCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementObjectUriCheck.java
@@ -3,7 +3,7 @@
 package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
@@ -13,7 +13,7 @@ public class StatementObjectUriCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(StatementObjectUriCheck.class);
 
-    public StatementObjectUriCheck(String uri, AttributeValueContainer values) {
+    public StatementObjectUriCheck(String uri, AttributeValueSet values) {
         super(uri, values);
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementPredicateUriCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementPredicateUriCheck.java
index 83d0e3cc54..002697eea3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementPredicateUriCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementPredicateUriCheck.java
@@ -3,7 +3,7 @@
 package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
@@ -13,7 +13,7 @@ public class StatementPredicateUriCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(StatementPredicateUriCheck.class);
 
-    public StatementPredicateUriCheck(String uri, AttributeValueContainer values) {
+    public StatementPredicateUriCheck(String uri, AttributeValueSet values) {
         super(uri, values);
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementSubjectUriCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementSubjectUriCheck.java
index a2317d9f19..e181043f9f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementSubjectUriCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/StatementSubjectUriCheck.java
@@ -3,7 +3,7 @@
 package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
@@ -13,7 +13,7 @@ public class StatementSubjectUriCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(StatementSubjectUriCheck.class);
 
-    public StatementSubjectUriCheck(String uri, AttributeValueContainer values) {
+    public StatementSubjectUriCheck(String uri, AttributeValueSet values) {
         super(uri, values);
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectRoleCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectRoleCheck.java
index 3316fd8b45..ca5cd89ac1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectRoleCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectRoleCheck.java
@@ -5,7 +5,7 @@
 import java.util.List;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -14,7 +14,7 @@ public class SubjectRoleCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(SubjectRoleCheck.class);
 
-    public SubjectRoleCheck(String uri, AttributeValueContainer values) {
+    public SubjectRoleCheck(String uri, AttributeValueSet values) {
         super(uri, values);
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectTypeCheck.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectTypeCheck.java
index 53c3e3b8f3..8cada0556d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectTypeCheck.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/SubjectTypeCheck.java
@@ -3,7 +3,7 @@
 package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsRootUser;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
@@ -14,7 +14,7 @@ public class SubjectTypeCheck extends AbstractCheck {
 
     private static final Log log = LogFactory.getLog(SubjectTypeCheck.class);
 
-    public SubjectTypeCheck(String uri, AttributeValueContainer values) {
+    public SubjectTypeCheck(String uri, AttributeValueSet values) {
         super(uri, values);
     }
 
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index cda5bf39a0..c7b4be9e91 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -14,8 +14,8 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainerRegistry;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSetRegistry;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueKey;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import org.apache.commons.lang3.StringUtils;
@@ -48,21 +48,21 @@ public static void updateEntityDataSet(String entityUri, AccessObjectType aot, A
         }
     }
 
-    private static AttributeValueContainerRegistry getRegistry() {
-        return AttributeValueContainerRegistry.getInstance();
+    private static AttributeValueSetRegistry getRegistry() {
+        return AttributeValueSetRegistry.getInstance();
     }
 
     public static void revokeAccess(String entityUri, AccessObjectType aot, AccessOperation ao, String role) {
         AttributeValueKey key = new AttributeValueKey(ao, aot, role, aot.toString());
-        AttributeValueContainer container = getRegistry().get(key);
-        if (container != null) {
-            if (container.contains(entityUri)) {
-                container.remove(entityUri);
-                String toRemove = getValueStatementString(entityUri, container.getContainerUri());
+        AttributeValueSet set = getRegistry().get(key);
+        if (set != null) {
+            if (set.contains(entityUri)) {
+                set.remove(entityUri);
+                String toRemove = getValueStatementString(entityUri, set.getValueSetUri());
                 getLoader().updateAccessControlModel(toRemove, false);
             }
         } else {
-            reduceInactiveValueContainer(entityUri, aot, ao, role);
+            reduceInactiveValueSet(entityUri, aot, ao, role);
         }
     }
 
@@ -70,7 +70,7 @@ private static PolicyLoader getLoader() {
         return PolicyLoader.getInstance();
     }
 
-    private static void reduceInactiveValueContainer(String entityUri, AccessObjectType aot, AccessOperation ao,
+    private static void reduceInactiveValueSet(String entityUri, AccessObjectType aot, AccessOperation ao,
             String role) {
         StringBuilder removals = new StringBuilder();
         getDataValueStatements(entityUri, aot, ao, Collections.singleton(role), removals);
@@ -79,15 +79,15 @@ private static void reduceInactiveValueContainer(String entityUri, AccessObjectT
 
     public static void grantAccess(String entityUri, AccessObjectType aot, AccessOperation ao, String role) {
         AttributeValueKey key = new AttributeValueKey(ao, aot, role, aot.toString());
-        AttributeValueContainer container = getRegistry().get(key);
-        if (container != null) {
-            if (!container.contains(entityUri)) {
-                container.add(entityUri);
-                String toAdd = getValueStatementString(entityUri, container.getContainerUri());
+        AttributeValueSet set = getRegistry().get(key);
+        if (set != null) {
+            if (!set.contains(entityUri)) {
+                set.add(entityUri);
+                String toAdd = getValueStatementString(entityUri, set.getValueSetUri());
                 getLoader().updateAccessControlModel(toAdd, true);
             }
         } else {
-            extendInactiveValueContainer(entityUri, aot, ao, role);
+            extendInactiveValueSet(entityUri, aot, ao, role);
             loadPolicy(aot, ao, role);
         }
     }
@@ -103,7 +103,7 @@ private static void loadPolicy(AccessObjectType aot, AccessOperation ao, String
         }
     }
 
-    private static void extendInactiveValueContainer(String entityUri, AccessObjectType aot, AccessOperation ao,
+    private static void extendInactiveValueSet(String entityUri, AccessObjectType aot, AccessOperation ao,
             String role) {
         StringBuilder additions = new StringBuilder();
         getDataValueStatements(entityUri, aot, ao, Collections.singleton(role), additions);
@@ -114,13 +114,13 @@ public static boolean isGranted(String entityUri, AccessObjectType aot, AccessOp
         if (StringUtils.isBlank(entityUri)) {
             return false;
         }
-        AttributeValueContainerRegistry registry = getRegistry();
+        AttributeValueSetRegistry registry = getRegistry();
         AttributeValueKey key = new AttributeValueKey(ao, aot, role, aot.toString());
-        AttributeValueContainer container = registry.get(key);
-        if (container == null) {
+        AttributeValueSet set = registry.get(key);
+        if (set == null) {
             return false;
         }
-        return container.contains(entityUri);
+        return set.contains(entityUri);
     }
 
     public static List<String> getGrantedRoles(String entityUri, AccessOperation ao, AccessObjectType aot,
@@ -143,17 +143,17 @@ public static void getDataValueStatements(String entityUri, AccessObjectType aot
             return;
         }
         for (String role : selectedRoles) {
-            String valueContainerUri = getValueContainerUri(aot, ao, role);
-            if (valueContainerUri == null) {
-                log.debug(String.format("Policy value container wasn't found by key:\n%s\n%s\n%s", ao, aot, role));
+            String valueSetUri = getValueSetUri(aot, ao, role);
+            if (valueSetUri == null) {
+                log.debug(String.format("Policy value set wasn't found by key:\n%s\n%s\n%s", ao, aot, role));
                 continue;
             }
-            sb.append(getValueStatementString(entityUri, valueContainerUri));
+            sb.append(getValueStatementString(entityUri, valueSetUri));
         }
     }
 
-    private static String getValueStatementString(String entityUri, String valueContainerUri) {
-        return "<" + valueContainerUri + "> <" + AUTH_VOCABULARY_PREFIX + "value> <" + entityUri + "> .\n";
+    private static String getValueStatementString(String entityUri, String valueSetUri) {
+        return "<" + valueSetUri + "> <" + AUTH_VOCABULARY_PREFIX + "value> <" + entityUri + "> .\n";
     }
 
     public static void deletedEntityEvent(Property oldObj) {
@@ -175,12 +175,12 @@ private static boolean isUriInTestDataset(String entityUri, AccessOperation ao,
         return values.contains(entityUri);
     }
 
-    private static String getValueContainerUri(AccessObjectType aot, AccessOperation ao, String role) {
+    private static String getValueSetUri(AccessObjectType aot, AccessOperation ao, String role) {
         String key = aot.toString() + "." + ao.toString() + "." + role;
         if (policyKeyToDataValueMap.containsKey(key)) {
             return policyKeyToDataValueMap.get(key);
         }
-        String uri = getLoader().getEntityValueContainerUri(ao, aot, role);
+        String uri = getLoader().getEntityValueSetUri(ao, aot, role);
         policyKeyToDataValueMap.put(key, uri);
         return uri;
     }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 2a0da8e6c0..4a4767b90c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -127,7 +127,7 @@ public class PolicyLoader {
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?policyUri ?rule ?check ?testId ?typeId ?value ?lit_value ?decision_id "
-            + " ?dataSetUri ?attributeValue ?containerType \n"
+            + " ?dataSetUri ?attributeValue ?setElementsType \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?policy a access:PolicyTemplate .\n"
@@ -156,8 +156,8 @@ public class PolicyLoader {
             + "      ?attributeValue access:value ?value .\n"
             + "      ?dataSet access:dataSetValues ?attributeValue .\n"
             + "      OPTIONAL {\n"
-            + "        ?attributeValue access:containerType ?containerTypeUri .\n"
-            + "        ?containerTypeUri access:id ?containerType ."
+            + "        ?attributeValue access:containerType ?setElementsTypeUri .\n"
+            + "        ?setElementsTypeUri access:id ?setElementsType ."
             + "      }\n"
             + "      OPTIONAL {?value access:id ?lit_value . }\n"
             + "    }\n"
@@ -174,35 +174,35 @@ public class PolicyLoader {
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT DISTINCT ?"
-            + POLICY + " ?dataSet ?testData ?value ?valueId ?valueContainer ( COUNT(?key) AS ?keySize ) \n"
+            + POLICY + " ?dataSet ?testData ?value ?valueId ?valueSet ( COUNT(?key) AS ?keySize ) \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "  ?" + POLICY + " access:policyDataSet ?dataSet .\n"
             + "  ?dataSet access:dataSetKey ?dataSetKeyUri .\n"
-            + "  ?dataSet access:dataSetValues ?valueContainer .\n"
-            + "  ?valueContainer access:containerType ?containerType .\n"
-            + "  ?containerType access:id ?containerId .\n"
-            + "  OPTIONAL { ?valueContainer access:value ?value .\n"
+            + "  ?dataSet access:dataSetValues ?valueSet .\n"
+            + "  ?valueSet access:containerType ?setElementsType .\n"
+            + "  ?setElementsType access:id ?setElementsId .\n"
+            + "  OPTIONAL { ?valueSet access:value ?value .\n"
             + "    OPTIONAL { ?value access:id ?valueId . }\n"
             + "  }\n"
             + "  ?dataSetKeyUri access:keyComponent ?key .\n";
 
     private static final String policyKeyTemplateSuffix =
-            "}} GROUP BY ?" + POLICY + " ?dataSet ?value ?valueId ?testData ?valueContainer";
+            "}} GROUP BY ?" + POLICY + " ?dataSet ?value ?valueId ?testData ?valueSet";
 
     private static final String policyStatementByKeyTemplatePrefix = ""
             + "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "CONSTRUCT { \n"
-            + "  ?valueContainer access:value <%s> .\n"
+            + "  ?valueSet access:value <%s> .\n"
             + "}\n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "  ?dataSet access:dataSetKey ?dataSetKeyUri .\n"
             + "  ?" + POLICY + " access:policyDataSet ?dataSet . \n"
-            + "  ?dataSet access:dataSetValues ?valueContainer . \n"
-            + "  ?valueContainer access:containerType ?containerTypeUri . \n"
-            + "  ?containerTypeUri access:id ?containerType . \n";
+            + "  ?dataSet access:dataSetValues ?valueSet . \n"
+            + "  ?valueSet access:containerType ?setElementsTypeUri . \n"
+            + "  ?setElementsTypeUri access:id ?setElementsType . \n";
 
     private static final String policyStatementByKeyTemplateSuffix = "}}";
 
@@ -263,40 +263,40 @@ public class PolicyLoader {
 
     public static final String DATA_SET_VALUE_TEMPLATE_QUERY = ""
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "SELECT ?valueContainer \n"
+            + "SELECT ?valueSet \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSetTemplate access:dataSetValues ?valueContainer .\n"
+            + "    ?dataSetTemplate access:dataSetValues ?valueSet .\n"
             + "  }\n"
             + "}\n";
 
-    public static final String DATA_SET_VALUE_CONTAINER_TEMPLATES_TEMPLATE_QUERY = ""
+    public static final String DATA_SET_VALUE_SET_TEMPLATES_TEMPLATE_QUERY = ""
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
-            + "SELECT ?valueContainerTemplate \n"
+            + "SELECT ?valueSetTemplate \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSetTemplate access:dataSetValueTemplate ?valueContainerTemplate .\n"
+            + "    ?dataSetTemplate access:dataSetValueTemplate ?valueSetTemplate .\n"
             + "  }\n"
             + "}\n";
 
-    public static final String CONSTRUCT_VALUE_CONTAINER_QUERY = ""
+    public static final String CONSTRUCT_VALUE_SET_QUERY = ""
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "CONSTRUCT {\n"
-            + "  ?relatedCheck access:attributeValue ?valueContainer .\n"
-            + "  ?valueContainer a access:ValueContainer .\n"
-            + "  ?valueContainer access:containerType ?containerType .\n"
-            + "  ?valueContainer access:value ?newRoleUri .\n"
-            + "  ?valueContainer access:value ?dataValue ."
+            + "  ?relatedCheck access:attributeValue ?valueSet .\n"
+            + "  ?valueSet a access:ValueSet .\n"
+            + "  ?valueSet access:containerType ?setElementsType .\n"
+            + "  ?valueSet access:value ?newRoleUri .\n"
+            + "  ?valueSet access:value ?dataValue ."
             + "}\n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?valueContainerTemplateUri access:relatedCheck ?relatedCheck .\n"
-            + "    ?valueContainerTemplateUri access:containerTypeTemplate ?containerType .\n"
+            + "    ?valueSetTemplateUri access:relatedCheck ?relatedCheck .\n"
+            + "    ?valueSetTemplateUri access:containerTypeTemplate ?setElementsType .\n"
             + "    OPTIONAL {\n"
-            + "      ?valueContainerTemplateUri access:defaultValue ?dataValue .\n"
+            + "      ?valueSetTemplateUri access:defaultValue ?dataValue .\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      FILTER ( str(?containerType) = 'https://vivoweb.org/ontology/vitro-application/auth/individual/SubjectRole' )\n"
+            + "      FILTER ( str(?setElementsType) = 'https://vivoweb.org/ontology/vitro-application/auth/individual/SubjectRole' )\n"
             + "      BIND(?role as ?newRoleUri)\n"
             + "    }"
             + "  }"
@@ -432,7 +432,7 @@ public Set<String> getDataSetValues(AccessOperation ao, AccessObjectType aot, St
         String queryText = getDataSetByKeyQuery(new String[] { role },
                 new String[] { ao.toString(), aot.toString() });
         ParameterizedSparqlString pss = new ParameterizedSparqlString(queryText);
-        pss.setLiteral("containerId", aot.toString());
+        pss.setLiteral("setElementsId", aot.toString());
         queryText = pss.toString();
         debug("SPARQL Query to get policy data set values:\n %s", queryText);
         try {
@@ -464,13 +464,13 @@ protected void processQuerySolution(QuerySolution qs) {
         return values;
     }
 
-    public String getEntityValueContainerUri(AccessOperation ao, AccessObjectType aot, String role) {
+    public String getEntityValueSetUri(AccessOperation ao, AccessObjectType aot, String role) {
         long expectedSize = 3;
         String queryText = getDataSetByKeyQuery(new String[] { role }, new String[] { ao.toString(), aot.toString() });
         ParameterizedSparqlString pss = new ParameterizedSparqlString(queryText);
-        pss.setLiteral("containerId", aot.toString());
+        pss.setLiteral("setElementsId", aot.toString());
         queryText = pss.toString();
-        debug("SPARQL Query to get entity value container uri:\n %s", queryText);
+        debug("SPARQL Query to get entity value set uri:\n %s", queryText);
         String[] uri = new String[1];
         try {
             rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
@@ -485,7 +485,7 @@ protected void processQuerySolution(QuerySolution qs) {
                         log.error("wrong key size. Expected " + expectedSize + ". Actual " + keySize );
                         return;
                     }
-                    uri[0] = qs.getResource("valueContainer").getURI();
+                    uri[0] = qs.getResource("valueSet").getURI();
                 }
             });
         } catch (RDFServiceException e) {
@@ -499,7 +499,7 @@ public void modifyPolicyDataSetValue(String entityUri, AccessOperation ao, Acces
         String queryText = getPolicyDataSetValueStatementByKeyQuery(entityUri, new String[] { role },
                 new String[] { ao.toString(), aot.toString() });
         ParameterizedSparqlString pss = new ParameterizedSparqlString(queryText);
-        pss.setLiteral("containerType", aot.toString());
+        pss.setLiteral("setElementsType", aot.toString());
         queryText = pss.toString();
         debug("SPARQL Query to get policy data set values:\n %s", queryText);
         Model m = VitroModelFactory.createModel();
@@ -922,7 +922,7 @@ protected void processQuerySolution(QuerySolution qs) {
     }
 
     public List<String> getDataSetValuesFromTemplate(String templateUri) {
-        List<String> valueContainers = new LinkedList<>();
+        List<String> valueSets = new LinkedList<>();
         ParameterizedSparqlString pss = new ParameterizedSparqlString(DATA_SET_VALUE_TEMPLATE_QUERY);
         pss.setIri("dataSetTemplate", templateUri);
         final String queryText = pss.toString();
@@ -931,46 +931,46 @@ public List<String> getDataSetValuesFromTemplate(String templateUri) {
             rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
                 @Override
                 protected void processQuerySolution(QuerySolution qs) {
-                    if (qs.contains("valueContainer") && qs.get("valueContainer").isResource()) {
-                        valueContainers.add(qs.getResource("valueContainer").getURI());
+                    if (qs.contains("valueSet") && qs.get("valueSet").isResource()) {
+                        valueSets.add(qs.getResource("valueSet").getURI());
                     }
                 }
             });
         } catch (RDFServiceException e) {
             log.error(e, e);
         }
-        return valueContainers;
+        return valueSets;
     }
 
     public List<String> getDataSetValueTemplatesFromTemplate(String templateUri) {
-        List<String> valueContainerTemplates = new LinkedList<>();
+        List<String> valueSetTemplates = new LinkedList<>();
         ParameterizedSparqlString pss =
-                new ParameterizedSparqlString(DATA_SET_VALUE_CONTAINER_TEMPLATES_TEMPLATE_QUERY);
+                new ParameterizedSparqlString(DATA_SET_VALUE_SET_TEMPLATES_TEMPLATE_QUERY);
         pss.setIri("dataSetTemplate", templateUri);
         final String queryText = pss.toString();
-        debug("SPARQL Query to get data set value container templates from data set template:\n %s", queryText);
+        debug("SPARQL Query to get data set value set templates from data set template:\n %s", queryText);
         try {
             rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
                 @Override
                 protected void processQuerySolution(QuerySolution qs) {
-                    if (qs.contains("valueContainerTemplate") && qs.get("valueContainerTemplate").isResource()) {
-                        valueContainerTemplates.add(qs.getResource("valueContainerTemplate").getURI());
+                    if (qs.contains("valueSetTemplate") && qs.get("valueSetTemplate").isResource()) {
+                        valueSetTemplates.add(qs.getResource("valueSetTemplate").getURI());
                     }
                 }
             });
         } catch (RDFServiceException e) {
             log.error(e, e);
         }
-        return valueContainerTemplates;
+        return valueSetTemplates;
     }
 
-    public void constructValueContainer(String valueContainerTemplateUri, String valueContainer, String role,
+    public void constructValueSet(String valueSetTemplateUri, String valueSet, String role,
             Model dataSetModel) {
-        ParameterizedSparqlString pss = new ParameterizedSparqlString(CONSTRUCT_VALUE_CONTAINER_QUERY);
-        pss.setIri("valueContainerTemplateUri", valueContainerTemplateUri);
-        pss.setIri("valueContainer", valueContainer);
+        ParameterizedSparqlString pss = new ParameterizedSparqlString(CONSTRUCT_VALUE_SET_QUERY);
+        pss.setIri("valueSetTemplateUri", valueSetTemplateUri);
+        pss.setIri("valueSet", valueSet);
         pss.setIri("role", role);
-        debug("SPARQL Construct Query to create value container \n %s", pss.toString());
+        debug("SPARQL Construct Query to create value set \n %s", pss.toString());
         try {
             rdfService.sparqlConstructQuery(pss.toString(), dataSetModel);
         } catch (RDFServiceException e) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
index af469f3678..d649e22685 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -56,25 +56,25 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
                     dataSetModel.createProperty(PREFIX_AO + "keyComponent"), dataSetModel.createResource(key)));
         }
 
-        List<String> valueContainerUris = policyLoader.getDataSetValuesFromTemplate(dataSetTemplateUri);
-        for (String valueContainerUri : valueContainerUris) {
-            // Add ?dataSetUri ao:dataSetValues ?valueContainerUri .
+        List<String> valueSetUris = policyLoader.getDataSetValuesFromTemplate(dataSetTemplateUri);
+        for (String valueSetUri : valueSetUris) {
+            // Add ?dataSetUri ao:dataSetValues ?valueSetUri .
             dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
                     dataSetModel.createProperty(PREFIX_AO + "dataSetValues"),
-                    dataSetModel.createResource(valueContainerUri)));
+                    dataSetModel.createResource(valueSetUri)));
         }
 
-        List<String> valueContainerTemplateUris = policyLoader.getDataSetValueTemplatesFromTemplate(dataSetTemplateUri);
+        List<String> valueSetTemplateUris = policyLoader.getDataSetValueTemplatesFromTemplate(dataSetTemplateUri);
 
-        for (String valueContainerTemplateUri : valueContainerTemplateUris) {
-            String valueContainerUri = getUriFromTemplate(valueContainerTemplateUri, role);
+        for (String valueSetTemplateUri : valueSetTemplateUris) {
+            String valueSetUri = getUriFromTemplate(valueSetTemplateUri, role);
             dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
                     dataSetModel.createProperty(PREFIX_AO + "dataSetValues"),
-                    dataSetModel.createResource(valueContainerUri)));
+                    dataSetModel.createResource(valueSetUri)));
 
-            policyLoader.constructValueContainer(valueContainerTemplateUri, valueContainerUri, roleUri, dataSetModel);
+            policyLoader.constructValueSet(valueSetTemplateUri, valueSetUri, roleUri, dataSetModel);
             // TODO: Check uri doesn't exists in access control graph
-            // If value container template is subject role, then role uri should be added to the container
+            // If value set template is subject role, then role uri should be added to the set
         }
         policyLoader.updateAccessControlModel(dataSetModel, true);
     }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKeyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKeyTest.java
index 07252e9ef2..e9d2f078de 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKeyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AttributeValueKeyTest.java
@@ -15,12 +15,12 @@ public void equalityTest() {
         AttributeValueKey key1 = new AttributeValueKey();
         key1.setObjectType(AccessObjectType.FAUX_DATA_PROPERTY);
         key1.setOperation(AccessOperation.DISPLAY);
-        key1.setContainerType(AccessObjectType.FAUX_DATA_PROPERTY.toString());
+        key1.setType(AccessObjectType.FAUX_DATA_PROPERTY.toString());
         key1.setRole(PolicyTest.ADMIN);
         AttributeValueKey key2 = new AttributeValueKey();
         key2.setObjectType(AccessObjectType.FAUX_DATA_PROPERTY);
         key2.setOperation(AccessOperation.DISPLAY);
-        key2.setContainerType("FAUX_DATA_PROPERTY");
+        key2.setType("FAUX_DATA_PROPERTY");
         key2.setRole(PolicyTest.ADMIN);
         assertEquals(key1, key2);
         Map<AttributeValueKey, String> map = new HashedMap<>();
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
index 977c2fb126..4d7abed550 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
@@ -60,7 +60,7 @@ public void getRoleDataSetValuesTemplateTest() {
         load(DATA_SET);
         List<String> values = PolicyLoader.getInstance().getDataSetValuesFromTemplate(PREFIX + "RoleDataSetTemplate1");
         assertEquals(1, values.size());
-        assertEquals(values.get(0), AUTH_INDIVIDUAL_PREFIX + "PublicRoleValueContainer");
+        assertEquals(values.get(0), AUTH_INDIVIDUAL_PREFIX + "PublicRoleValueSet");
     }
 
     @Test
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 7e3a5028f8..27e0a8aa67 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -9,7 +9,7 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainerRegistry;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSetRegistry;
 import edu.cornell.mannlib.vitro.webapp.auth.checks.Check;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
@@ -93,7 +93,7 @@ public void init() {
         load(PROFILE_PROXIMITY_QUERY);
         load(TEST_DECISIONS);
         RDFServiceModel rdfService = new RDFServiceModel(configurationDataSet);
-        AttributeValueContainerRegistry.getInstance().clear();
+        AttributeValueSetRegistry.getInstance().clear();
         PolicyLoader.initialize(rdfService);
         loader = PolicyLoader.getInstance();
         Logger logger = LogManager.getLogger(PolicyLoader.class);
@@ -102,7 +102,7 @@ public void init() {
 
     @After
     public void finish() {
-        AttributeValueContainerRegistry.getInstance().clear();
+        AttributeValueSetRegistry.getInstance().clear();
     }
 
     protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<Integer> attrCount) {
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
index e52313a2f6..9e75b68681 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/rules/AccessRuleTest.java
@@ -7,8 +7,8 @@
 
 import java.util.List;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainer;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.MutableAttributeValueContainer;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.MutableAttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.checks.AccessObjectUriCheck;
 import edu.cornell.mannlib.vitro.webapp.auth.checks.Check;
 import org.junit.Test;
@@ -33,11 +33,11 @@ public void testAttributeOrderByComputationalCost() {
         assertEquals(expensiveAttribute.getUri(), list.get(2).getUri());
     }
 
-    private AttributeValueContainer value(String value) {
-        return new MutableAttributeValueContainer(value);
+    private AttributeValueSet value(String value) {
+        return new MutableAttributeValueSet(value);
     }
 
-    private Check uriCheck(String uri, AttributeValueContainer avc) {
+    private Check uriCheck(String uri, AttributeValueSet avc) {
         return new AccessObjectUriCheck(uri, avc);
     }
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
index 8d8f684699..fde4eba7ed 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigratorTest.java
@@ -1,6 +1,6 @@
 package edu.cornell.mannlib.vitro.webapp.migration.auth;
 
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueContainerRegistry;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSetRegistry;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTest;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.jena.model.RDFServiceModel;
@@ -32,7 +32,7 @@ public void initAuthMigration() {
         load(configurationModel, CONFIGURATION);
         configurationDataSet.replaceNamedModel(ModelNames.DISPLAY, configurationModel);
         load(contentModel, CONTENT);
-        AttributeValueContainerRegistry.getInstance().clear();
+        AttributeValueSetRegistry.getInstance().clear();
         LogManager.getLogger(AnnotationMigrator.class).setLevel(Level.ERROR);
         LogManager.getLogger(ArmMigrator.class).setLevel(Level.ERROR);
     }
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index 2dff884e51..1416a1a897 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -21,9 +21,9 @@
 :RoleDataSetTemplate1 a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleDataSetTemplateKey1 ;
     access:dataSetKeyTemplate :RoleDataSetKeyTemplate1 ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValueTemplate :RoleValueContainerTemplate1 ;
-    access:dataSetValueTemplate :RolePermissionValueContainerTemplate1 .  
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValueTemplate :RoleValueSetTemplate1 ;
+    access:dataSetValueTemplate :RolePermissionValueSetTemplate1 .  
 
 :RoleDataSetTemplateKey1 a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -33,11 +33,11 @@
     access:keyComponent access-individual:ExecuteOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleValueContainerTemplate1 a access:ValueContainerTemplate ;
+:RoleValueSetTemplate1 a access:ValueSetTemplate ;
     access:relatedCheck :RoleValueSet;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePermissionValueContainerTemplate1 a access:ValueContainerTemplate ;
+:RolePermissionValueSetTemplate1 a access:ValueSetTemplate ;
     access:relatedCheck :TypeValueSet;
     access:defaultValue simplePermission:PageViewablePublic;
     access:defaultValue simplePermission:QueryFullModel ;
@@ -47,8 +47,8 @@
 :RoleDataSetTemplate2 a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleDataSetTemplateKey2 ;
     access:dataSetKeyTemplate :RoleDataSetKeyTemplate2 ;
-    access:dataSetValueTemplate :RoleValueContainerTemplate2 ;
-    access:dataSetValueTemplate :RolePermissionValueContainerTemplate2 .  
+    access:dataSetValueTemplate :RoleValueSetTemplate2 ;
+    access:dataSetValueTemplate :RolePermissionValueSetTemplate2 .  
 
 :RoleDataSetTemplateKey2 a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -57,23 +57,23 @@
     access:keyComponent access-individual:ObjectPropertyAccesObject ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleValueContainerTemplate2 a access:ValueContainerTemplate ;
+:RoleValueSetTemplate2 a access:ValueSetTemplate ;
     access:relatedCheck :RoleValueSet;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePermissionValueContainerTemplate2 a access:ValueContainerTemplate ;
+:RolePermissionValueSetTemplate2 a access:ValueSetTemplate ;
     access:relatedCheck :TypeValueSet;
     access:containerTypeTemplate access-individual:NamedObject .
 
 :PublicDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:PublicSimplePermissionValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:PublicSimplePermissionValueSet .
 
 :PublicDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:NamedObject ;
     access:keyComponent access-individual:ExecuteOperation ;
     access:keyComponent auth:PUBLIC .
 
-access-individual:PublicSimplePermissionValueContainer a access:ValueContainer ;
+access-individual:PublicSimplePermissionValueSet a access:ValueSet ;
     access:containerType access-individual:NamedObject .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
index 7c1c214ef3..bc0beb2050 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
@@ -19,7 +19,7 @@ access-individual:PublicationInProximityAttribute rdf:type access:Check ;
     access:attribute access-individual:StatementSubjectUri ;
     access:singleValue access-individual:PublicationProximityToPerson .
 
-access-individual:PublicationProximityToPerson rdf:type access:ValueContainer ;
+access-individual:PublicationProximityToPerson rdf:type access:ValueSet ;
     access:id """
     SELECT ?resourceUri WHERE {
               ?personUri <test:has_publication> ?resourceUri .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index 352d91b84e..7b88ad1bcc 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -29,7 +29,7 @@ access-individual:BrokenAttribute2 rdf:type access:Check ;
 access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
     access:dataSetValues access-individual:valueSet1 .
 
-access-individual:valueSet1 rdf:type access:ValueContainer ;
+access-individual:valueSet1 rdf:type access:ValueSet ;
     access:value <test:value1> ;
     access:value <test:value2> ;
     .    
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index 4f77de0c55..ab5d6ebade 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -35,12 +35,12 @@ access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
 access-individual:testDataSet2 rdf:type access:PolicyDataSet ;
     access:dataSetValues access-individual:valueSet2 .
 
-access-individual:valueSet1 rdf:type access:ValueContainer ;
+access-individual:valueSet1 rdf:type access:ValueSet ;
     access:value <test:value1> ;
     access:value <test:value2> ;
     .
     
-access-individual:valueSet2 rdf:type access:ValueContainer ;
+access-individual:valueSet2 rdf:type access:ValueSet ;
     access:value <test:value3> ;
     access:value <test:value4> ;
     .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index c319f1d6d4..6d9259e7c5 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -39,18 +39,18 @@ access-individual:testDataSet2 rdf:type access:PolicyDataSet ;
     access:dataSetValues access-individual:valueSet3 ;
     access:dataSetValues access-individual:valueSet4 .
 
-access-individual:valueSet1 rdf:type access:ValueContainer ;
+access-individual:valueSet1 rdf:type access:ValueSet ;
     access:value <test:value1> ;
     .
     
-access-individual:valueSet2 rdf:type access:ValueContainer ;
+access-individual:valueSet2 rdf:type access:ValueSet ;
     access:value <test:value2> ;
     .
     
-access-individual:valueSet3 rdf:type access:ValueContainer ;
+access-individual:valueSet3 rdf:type access:ValueSet ;
     access:value <test:value3> ;
     .
     
-access-individual:valueSet4 rdf:type access:ValueContainer ;
+access-individual:valueSet4 rdf:type access:ValueSet ;
     access:value <test:value4> ;
     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_object_property.n3
index bba9b630f3..8586660272 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_object_property.n3
@@ -3,7 +3,7 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:AdminAddObjectPropertyValueContainer access:value
+:AdminAddObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
 
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_object_property.n3
index 839f2c3d37..d28758ba84 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_object_property.n3
@@ -3,5 +3,5 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 
-:AdminDisplayObjectPropertyValueContainer access:value
+:AdminDisplayObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_object_property.n3
index b43961b01f..325e0322f6 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_object_property.n3
@@ -3,5 +3,5 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 
-:AdminDropObjectPropertyValueContainer access:value
+:AdminDropObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_object_property.n3
index 95b173b5a6..0ed4d77ea2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_object_property.n3
@@ -3,5 +3,5 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 
-:AdminEditObjectPropertyValueContainer access:value
+:AdminEditObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_object_property.n3
index 292170fa7f..22da5710e7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_object_property.n3
@@ -3,5 +3,5 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 
-:AdminPublishObjectPropertyValueContainer access:value
+:AdminPublishObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_object_property.n3
index 537f447048..5d0591b742 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:CuratorAddObjectPropertyValueContainer access:value
+:CuratorAddObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_object_property.n3
index 61fa1f5cac..9088fcf843 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
     
-:CuratorDisplayObjectPropertyValueContainer access:value
+:CuratorDisplayObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_object_property.n3
index faafcbde81..0cf0edc6ae 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:CuratorDropObjectPropertyValueContainer access:value
+:CuratorDropObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_object_property.n3
index 32a93eb41a..16a68bfb28 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:CuratorEditObjectPropertyValueContainer access:value
+:CuratorEditObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_object_property.n3
index 94591949b7..b1c6ba8c4e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:CuratorPublishObjectPropertyValueContainer access:value
+:CuratorPublishObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_object_property.n3
index e3129f18b5..0c8ea82c58 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:EditorAddObjectPropertyValueContainer access:value
+:EditorAddObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_object_property.n3
index 3630cd36d5..6137c3c9f7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:EditorDisplayObjectPropertyValueContainer access:value
+:EditorDisplayObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_object_property.n3
index 67cd460a52..76fcfffedd 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:EditorDropObjectPropertyValueContainer access:value
+:EditorDropObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_object_property.n3
index b06fafb882..f1e2df8923 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:EditorEditObjectPropertyValueContainer access:value
+:EditorEditObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_object_property.n3
index 9f8afae4d6..1ca5d1c061 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:EditorPublishObjectPropertyValueContainer access:value
+:EditorPublishObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_object_property.n3
index c4875d1efd..70d9c29964 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:PublicDisplayObjectPropertyValueContainer access:value
+:PublicDisplayObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_object_property.n3
index 9640b0e255..9530d47713 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/update-related-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:SelfEditorAddObjectPropertyValueContainer access:value
+:SelfEditorAddObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_object_property.n3
index 106cd509d8..04bc5b74b6 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/related-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:SelfEditorDisplayObjectPropertyValueContainer access:value
+:SelfEditorDisplayObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_object_property.n3
index aabd218ab2..77d8140f2f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/update-related-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:SelfEditorDropObjectPropertyValueContainer access:value
+:SelfEditorDropObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_object_property.n3
index 0203501db1..a9829a894f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/update-related-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:SelfEditorEditObjectPropertyValueContainer access:value
+:SelfEditorEditObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_object_property.n3
index 01db9a3c64..00cf71b856 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_object_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/related-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:SelfEditorPublishObjectPropertyValueContainer access:value
+:SelfEditorPublishObjectPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3 b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
index be53dcc3ec..1e7a953583 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/object_types.n3
@@ -35,29 +35,29 @@ access-individual:NamedObject a access:ObjectType ;
 
 #Object type value containers
 
-access-individual:ObjectPropertyValueContainer a access:ValueContainer ;
+access-individual:ObjectPropertyValueSet a access:ValueSet ;
     access:value access-individual:ObjectProperty .
 
-access-individual:DataPropertyValueContainer a access:ValueContainer ;
+access-individual:DataPropertyValueSet a access:ValueSet ;
     access:value access-individual:DataProperty .
 
-access-individual:FauxObjectPropertyValueContainer a access:ValueContainer ;
+access-individual:FauxObjectPropertyValueSet a access:ValueSet ;
     access:value access-individual:FauxObjectProperty .
 
-access-individual:FauxDataPropertyValueContainer a access:ValueContainer ;
+access-individual:FauxDataPropertyValueSet a access:ValueSet ;
     access:value access-individual:FauxDataProperty .
 
-access-individual:ObjectPropertyStatementValueContainer a access:ValueContainer ;
+access-individual:ObjectPropertyStatementValueSet a access:ValueSet ;
     access:value access-individual:ObjectPropertyStatement .
 
-access-individual:DataPropertyStatementValueContainer a access:ValueContainer ;
+access-individual:DataPropertyStatementValueSet a access:ValueSet ;
     access:value access-individual:DataPropertyStatement .
 
-access-individual:FauxObjectPropertyStatementValueContainer a access:ValueContainer ;
+access-individual:FauxObjectPropertyStatementValueSet a access:ValueSet ;
     access:value access-individual:FauxObjectPropertyStatement .
 
-access-individual:FauxDataPropertyStatementValueContainer a access:ValueContainer ;
+access-individual:FauxDataPropertyStatementValueSet a access:ValueSet ;
     access:value access-individual:FauxDataPropertyStatement .
 
-access-individual:ClassValueContainer a access:ValueContainer ;
+access-individual:ClassValueSet a access:ValueSet ;
     access:value access-individual:Class .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/operations.n3 b/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
index 714cc06259..1b260ec9a5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/operations.n3
@@ -24,23 +24,23 @@ access-individual:EditOperation a access:Operation ;
 access-individual:ExecuteOperation a access:Operation ;
     access:id "EXECUTE" .
 
-access-individual:DisplayOperationValueContainer a access:ValueContainer ;
+access-individual:DisplayOperationValueSet a access:ValueSet ;
     access:value access-individual:DisplayOperation .
 
-access-individual:UpdateOperationValueContainer a access:ValueContainer ;
+access-individual:UpdateOperationValueSet a access:ValueSet ;
     access:value access-individual:UpdateOperation .
 
-access-individual:PublishOperationValueContainer a access:ValueContainer ;
+access-individual:PublishOperationValueSet a access:ValueSet ;
     access:value access-individual:PublishOperation .
 
-access-individual:AddOperationValueContainer a access:ValueContainer ;
+access-individual:AddOperationValueSet a access:ValueSet ;
     access:value access-individual:AddOperation .
 
-access-individual:DropOperationValueContainer a access:ValueContainer ;
+access-individual:DropOperationValueSet a access:ValueSet ;
     access:value access-individual:DropOperation .
 
-access-individual:EditOperationValueContainer a access:ValueContainer ;
+access-individual:EditOperationValueSet a access:ValueSet ;
     access:value access-individual:EditOperation .
 
-access-individual:ExecuteOperationValueContainer a access:ValueContainer ;
+access-individual:ExecuteOperationValueSet a access:ValueSet ;
     access:value access-individual:ExecuteOperation .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/roles.n3 b/home/src/main/resources/rdf/accessControl/firsttime/roles.n3
index b035af5bb8..8e8cbb2184 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/roles.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/roles.n3
@@ -4,17 +4,17 @@
 @prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-access-individual:PublicRoleValueContainer a access:ValueContainer ;
+access-individual:PublicRoleValueSet a access:ValueSet ;
     access:value auth:PUBLIC .
 
-access-individual:SelfEditorRoleValueContainer a access:ValueContainer ;
+access-individual:SelfEditorRoleValueSet a access:ValueSet ;
     access:value auth:SELF_EDITOR .
 
-access-individual:EditorRoleValueContainer a access:ValueContainer ;
+access-individual:EditorRoleValueSet a access:ValueSet ;
     access:value auth:EDITOR .
 
-access-individual:CuratorRoleValueContainer a access:ValueContainer ;
+access-individual:CuratorRoleValueSet a access:ValueSet ;
     access:value auth:CURATOR .
 
-access-individual:AdminRoleValueContainer a access:ValueContainer ;
+access-individual:AdminRoleValueSet a access:ValueSet ;
     access:value auth:ADMIN .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3
index cae7525c3c..d22823672d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_admin.n3
@@ -4,7 +4,7 @@
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/> .
 
-:AdminSimplePermissionValueContainer
+:AdminSimplePermissionValueSet
     access:value simplePermission:AccessSpecialDataModels ;
     access:value simplePermission:EnableDeveloperPanel ;
     access:value simplePermission:LoginDuringMaintenance ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3
index 9d0277c8ca..d488b8e54f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_curator.n3
@@ -4,7 +4,7 @@
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/> .
 
-:CuratorSimplePermissionValueContainer
+:CuratorSimplePermissionValueSet
     access:value simplePermission:EditOntology ;
     access:value simplePermission:EditSiteInformation ;
     access:value simplePermission:SeeVerbosePropertyInformation ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_editor.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_editor.n3
index 6f8cfb19f7..ec155b9fdf 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_editor.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_editor.n3
@@ -4,7 +4,7 @@
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/> .
 
-:EditorSimplePermissionValueContainer
+:EditorSimplePermissionValueSet
     # permissions for EDITOR and above.
     access:value simplePermission:DoBackEndEditing ;
     access:value simplePermission:SeeIndividualEditingPanel ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3
index 20459c10d4..ac7759568e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_public.n3
@@ -4,7 +4,7 @@
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/> .
 
-:PublicSimplePermissionValueContainer  
+:PublicSimplePermissionValueSet  
     # permissions for ANY user, even if they are not logged in.
     access:value simplePermission:QueryFullModel ;
     access:value simplePermission:PageViewablePublic ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3 b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3
index 865fd486d3..217a729d3a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/simple_permissions_self_editor.n3
@@ -4,7 +4,7 @@
 @prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/simple-permissions/> .
 
-:SelfEditorSimplePermissionValueContainer
+:SelfEditorSimplePermissionValueSet
     # permissions for ANY logged-in user.
     access:value simplePermission:DoFrontEndEditing ;
     access:value simplePermission:EditOwnAccount ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index a7c9c603f3..5d8d1e1233 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -35,10 +35,10 @@
 :RoleDisplayClassDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleDisplayClassDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDisplayClassDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValueTemplate :RoleDisplayClassRoleValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleDisplayClassValueContainerTemplate .  
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValueTemplate :RoleDisplayClassRoleValueSetTemplate ;
+    access:dataSetValueTemplate :RoleDisplayClassValueSetTemplate .  
 
 :RoleDisplayClassDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -48,11 +48,11 @@
     access:keyComponent access-individual:DisplayOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDisplayClassRoleValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDisplayClassRoleValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleCheck;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDisplayClassValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDisplayClassValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriCheck ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:Class .
@@ -62,10 +62,10 @@
 :RoleUpdateClassDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleUpdateClassDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleUpdateClassDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:UpdateOperationValueContainer ;
-    access:dataSetValueTemplate :RoleUpdateClassRoleValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleUpdateClassValueContainerTemplate .  
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:UpdateOperationValueSet ;
+    access:dataSetValueTemplate :RoleUpdateClassRoleValueSetTemplate ;
+    access:dataSetValueTemplate :RoleUpdateClassValueSetTemplate .  
 
 :RoleUpdateClassDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -75,11 +75,11 @@
     access:keyComponent access-individual:UpdateOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleUpdateClassRoleValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleUpdateClassRoleValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleCheck;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleUpdateClassValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleUpdateClassValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriCheck ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:Class .
@@ -89,10 +89,10 @@
 :RolePublishClassDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RolePublishClassDataSetTemplateKey ;
     access:dataSetKeyTemplate :RolePublishClassDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValueTemplate :RolePublishClassRoleValueContainerTemplate ;
-    access:dataSetValueTemplate :RolePublishClassValueContainerTemplate .  
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValueTemplate :RolePublishClassRoleValueSetTemplate ;
+    access:dataSetValueTemplate :RolePublishClassValueSetTemplate .  
 
 :RolePublishClassDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -102,11 +102,11 @@
     access:keyComponent access-individual:PublishOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RolePublishClassRoleValueContainerTemplate a access:ValueContainerTemplate ;
+:RolePublishClassRoleValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleCheck;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePublishClassValueContainerTemplate a access:ValueContainerTemplate ;
+:RolePublishClassValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriCheck ;
 #    access:defaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:Class .
@@ -115,10 +115,10 @@
 
 :PublicDisplayClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicDisplayClassDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :PublicDisplayClassValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :PublicDisplayClassValueSet .
 
 :PublicDisplayClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -129,10 +129,10 @@
 
 :SelfEditorDisplayClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorDisplayClassDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :SelfEditorDisplayClassValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :SelfEditorDisplayClassValueSet .
 
 :SelfEditorDisplayClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -143,10 +143,10 @@
 
 :EditorDisplayClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorDisplayClassDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :EditorDisplayClassValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :EditorDisplayClassValueSet .
 
 :EditorDisplayClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -157,10 +157,10 @@
 
 :CuratorDisplayClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorDisplayClassDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :CuratorDisplayClassValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :CuratorDisplayClassValueSet .
 
 :CuratorDisplayClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -171,10 +171,10 @@
 
 :AdminDisplayClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminDisplayClassDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :AdminDisplayClassValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :AdminDisplayClassValueSet .
 
 :AdminDisplayClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -185,10 +185,10 @@
 
 :PublicUpdateClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicUpdateClassDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:UpdateOperationValueContainer ;
-    access:dataSetValues :PublicUpdateClassValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:UpdateOperationValueSet ;
+    access:dataSetValues :PublicUpdateClassValueSet .
 
 :PublicUpdateClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -199,10 +199,10 @@
 
 :SelfEditorUpdateClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorUpdateClassDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:UpdateOperationValueContainer ;
-    access:dataSetValues :SelfEditorUpdateClassValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:UpdateOperationValueSet ;
+    access:dataSetValues :SelfEditorUpdateClassValueSet .
 
 :SelfEditorUpdateClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -213,10 +213,10 @@
 
 :EditorUpdateClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorUpdateClassDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:UpdateOperationValueContainer ;
-    access:dataSetValues :EditorUpdateClassValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:UpdateOperationValueSet ;
+    access:dataSetValues :EditorUpdateClassValueSet .
 
 :EditorUpdateClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -227,10 +227,10 @@
 
 :CuratorUpdateClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorUpdateClassDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:UpdateOperationValueContainer ;
-    access:dataSetValues :CuratorUpdateClassValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:UpdateOperationValueSet ;
+    access:dataSetValues :CuratorUpdateClassValueSet .
 
 :CuratorUpdateClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -241,10 +241,10 @@
 
 :AdminUpdateClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminUpdateClassDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:UpdateOperationValueContainer ;
-    access:dataSetValues :AdminUpdateClassValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:UpdateOperationValueSet ;
+    access:dataSetValues :AdminUpdateClassValueSet .
 
 :AdminUpdateClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -255,10 +255,10 @@
 
 :SelfEditorPublishClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorPublishClassDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :SelfEditorPublishClassValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :SelfEditorPublishClassValueSet .
 
 :SelfEditorPublishClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -269,10 +269,10 @@
 
 :EditorPublishClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorPublishClassDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :EditorPublishClassValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :EditorPublishClassValueSet .
 
 :EditorPublishClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -283,10 +283,10 @@
 
 :CuratorPublishClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorPublishClassDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :CuratorPublishClassValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :CuratorPublishClassValueSet .
 
 :CuratorPublishClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -297,10 +297,10 @@
 
 :AdminPublishClassDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminPublishClassDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:ClassValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :AdminPublishClassValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:ClassValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :AdminPublishClassValueSet .
 
 :AdminPublishClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
@@ -316,83 +316,83 @@
 :AccessObjectTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ClassValueContainer ;
+    access:attributeValue access-individual:ClassValueSet ;
     .
 
 :OperationCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:attributeValue access-individual:DisplayOperationValueContainer ;
-    access:attributeValue access-individual:PublishOperationValueContainer ;
-    access:attributeValue access-individual:UpdateOperationValueContainer ;
+    access:attributeValue access-individual:DisplayOperationValueSet ;
+    access:attributeValue access-individual:PublishOperationValueSet ;
+    access:attributeValue access-individual:UpdateOperationValueSet ;
     .
 
 :SubjectRoleCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:attributeValue access-individual:PublicRoleValueContainer ;
-    access:attributeValue access-individual:SelfEditorRoleValueContainer ;
-    access:attributeValue access-individual:EditorRoleValueContainer ;
-    access:attributeValue access-individual:CuratorRoleValueContainer ;
-    access:attributeValue access-individual:AdminRoleValueContainer .
+    access:attributeValue access-individual:PublicRoleValueSet ;
+    access:attributeValue access-individual:SelfEditorRoleValueSet ;
+    access:attributeValue access-individual:EditorRoleValueSet ;
+    access:attributeValue access-individual:CuratorRoleValueSet ;
+    access:attributeValue access-individual:AdminRoleValueSet .
 
 :AccessObjectUriCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:attributeValue :AdminPublishClassValueContainer ;
-    access:attributeValue :AdminDisplayClassValueContainer ;
-    access:attributeValue :AdminUpdateClassValueContainer ;
-    access:attributeValue :CuratorPublishClassValueContainer ;
-    access:attributeValue :CuratorDisplayClassValueContainer ;
-    access:attributeValue :CuratorUpdateClassValueContainer ;
-    access:attributeValue :EditorPublishClassValueContainer ;
-    access:attributeValue :EditorDisplayClassValueContainer ;
-    access:attributeValue :EditorUpdateClassValueContainer ;
-    access:attributeValue :SelfEditorPublishClassValueContainer ;
-    access:attributeValue :SelfEditorDisplayClassValueContainer ;
-    access:attributeValue :SelfEditorUpdateClassValueContainer ;
-    access:attributeValue :PublicDisplayClassValueContainer ;
-    access:attributeValue :PublicUpdateClassValueContainer ;
+    access:attributeValue :AdminPublishClassValueSet ;
+    access:attributeValue :AdminDisplayClassValueSet ;
+    access:attributeValue :AdminUpdateClassValueSet ;
+    access:attributeValue :CuratorPublishClassValueSet ;
+    access:attributeValue :CuratorDisplayClassValueSet ;
+    access:attributeValue :CuratorUpdateClassValueSet ;
+    access:attributeValue :EditorPublishClassValueSet ;
+    access:attributeValue :EditorDisplayClassValueSet ;
+    access:attributeValue :EditorUpdateClassValueSet ;
+    access:attributeValue :SelfEditorPublishClassValueSet ;
+    access:attributeValue :SelfEditorDisplayClassValueSet ;
+    access:attributeValue :SelfEditorUpdateClassValueSet ;
+    access:attributeValue :PublicDisplayClassValueSet ;
+    access:attributeValue :PublicUpdateClassValueSet ;
     .
 
-:AdminPublishClassValueContainer a access:ValueContainer ;
+:AdminPublishClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:AdminDisplayClassValueContainer a access:ValueContainer ;
+:AdminDisplayClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:AdminUpdateClassValueContainer a access:ValueContainer ;
+:AdminUpdateClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:CuratorPublishClassValueContainer a access:ValueContainer ;
+:CuratorPublishClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:CuratorDisplayClassValueContainer a access:ValueContainer ;
+:CuratorDisplayClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:CuratorUpdateClassValueContainer a access:ValueContainer ;
+:CuratorUpdateClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:EditorPublishClassValueContainer a access:ValueContainer ;
+:EditorPublishClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:EditorDisplayClassValueContainer a access:ValueContainer ;
+:EditorDisplayClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:EditorUpdateClassValueContainer a access:ValueContainer ;
+:EditorUpdateClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:SelfEditorPublishClassValueContainer a access:ValueContainer ;
+:SelfEditorPublishClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:SelfEditorDisplayClassValueContainer a access:ValueContainer ;
+:SelfEditorDisplayClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:SelfEditorUpdateClassValueContainer a access:ValueContainer ;
+:SelfEditorUpdateClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:PublicDisplayClassValueContainer a access:ValueContainer ;
+:PublicDisplayClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
 
-:PublicUpdateClassValueContainer a access:ValueContainer ;
+:PublicUpdateClassValueSet a access:ValueSet ;
     access:containerType access-individual:Class .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index a53ade2e25..5de28650c8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -138,11 +138,11 @@
 :RoleDisplayObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleDisplayObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDisplayObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValueTemplate :RoleDisplayObjectPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleDisplayObjectPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValueTemplate :RoleDisplayObjectPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleDisplayObjectPropertyEntityValueSetTemplate .  
 
 :RoleDisplayObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -152,11 +152,11 @@
     access:keyComponent access-individual:DisplayOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDisplayObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDisplayObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDisplayObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDisplayObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -167,11 +167,11 @@
 :RolePublishObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RolePublishObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RolePublishObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValueTemplate :RolePublishObjectPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RolePublishObjectPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValueTemplate :RolePublishObjectPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RolePublishObjectPropertyEntityValueSetTemplate .  
 
 :RolePublishObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -181,11 +181,11 @@
     access:keyComponent access-individual:PublishOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RolePublishObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RolePublishObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePublishObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RolePublishObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -196,11 +196,11 @@
 :RoleAddObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleAddObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleAddObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValueTemplate :RoleAddObjectPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleAddObjectPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValueTemplate :RoleAddObjectPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleAddObjectPropertyEntityValueSetTemplate .  
 
 :RoleAddObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -210,11 +210,11 @@
     access:keyComponent access-individual:AddOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleAddObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleAddObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleAddObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleAddObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -225,11 +225,11 @@
 :RoleDropObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleDropObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDropObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValueTemplate :RoleDropObjectPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleDropObjectPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValueTemplate :RoleDropObjectPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleDropObjectPropertyEntityValueSetTemplate .  
 
 :RoleDropObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -239,11 +239,11 @@
     access:keyComponent access-individual:DropOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDropObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDropObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDropObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDropObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -254,11 +254,11 @@
 :RoleEditObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleEditObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleEditObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValueTemplate :RoleEditObjectPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleEditObjectPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValueTemplate :RoleEditObjectPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleEditObjectPropertyEntityValueSetTemplate .  
 
 :RoleEditObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -268,11 +268,11 @@
     access:keyComponent access-individual:EditOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleEditObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleEditObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleEditObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleEditObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -283,11 +283,11 @@
 :RoleDisplayDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleDisplayDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDisplayDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValueTemplate :RoleDisplayDataPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleDisplayDataPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValueTemplate :RoleDisplayDataPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleDisplayDataPropertyEntityValueSetTemplate .  
 
 :RoleDisplayDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -297,11 +297,11 @@
     access:keyComponent access-individual:DisplayOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDisplayDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDisplayDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDisplayDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDisplayDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -312,11 +312,11 @@
 :RolePublishDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RolePublishDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RolePublishDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValueTemplate :RolePublishDataPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RolePublishDataPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValueTemplate :RolePublishDataPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RolePublishDataPropertyEntityValueSetTemplate .  
 
 :RolePublishDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -326,11 +326,11 @@
     access:keyComponent access-individual:PublishOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RolePublishDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RolePublishDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePublishDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RolePublishDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -341,11 +341,11 @@
 :RoleAddDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleAddDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleAddDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValueTemplate :RoleAddDataPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleAddDataPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValueTemplate :RoleAddDataPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleAddDataPropertyEntityValueSetTemplate .  
 
 :RoleAddDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -355,11 +355,11 @@
     access:keyComponent access-individual:AddOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleAddDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleAddDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleAddDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleAddDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -370,11 +370,11 @@
 :RoleDropDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleDropDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDropDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValueTemplate :RoleDropDataPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleDropDataPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValueTemplate :RoleDropDataPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleDropDataPropertyEntityValueSetTemplate .  
 
 :RoleDropDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -384,11 +384,11 @@
     access:keyComponent access-individual:DropOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDropDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDropDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDropDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDropDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -399,11 +399,11 @@
 :RoleEditDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleEditDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleEditDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValueTemplate :RoleEditDataPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleEditDataPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValueTemplate :RoleEditDataPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleEditDataPropertyEntityValueSetTemplate .  
 
 :RoleEditDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -413,11 +413,11 @@
     access:keyComponent access-individual:EditOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleEditDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleEditDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleEditDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleEditDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -428,11 +428,11 @@
 :RoleDisplayFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleDisplayFauxObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDisplayFauxObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValueTemplate :RoleDisplayFauxObjectPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleDisplayFauxObjectPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValueTemplate :RoleDisplayFauxObjectPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleDisplayFauxObjectPropertyEntityValueSetTemplate .  
 
 :RoleDisplayFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -442,11 +442,11 @@
     access:keyComponent access-individual:DisplayOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDisplayFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDisplayFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDisplayFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDisplayFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -457,11 +457,11 @@
 :RolePublishFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RolePublishFauxObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RolePublishFauxObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValueTemplate :RolePublishFauxObjectPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RolePublishFauxObjectPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValueTemplate :RolePublishFauxObjectPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RolePublishFauxObjectPropertyEntityValueSetTemplate .  
 
 :RolePublishFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -471,11 +471,11 @@
     access:keyComponent access-individual:PublishOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RolePublishFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RolePublishFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePublishFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RolePublishFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -486,11 +486,11 @@
 :RoleAddFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleAddFauxObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleAddFauxObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValueTemplate :RoleAddFauxObjectPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleAddFauxObjectPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValueTemplate :RoleAddFauxObjectPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleAddFauxObjectPropertyEntityValueSetTemplate .  
 
 :RoleAddFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -500,11 +500,11 @@
     access:keyComponent access-individual:AddOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleAddFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleAddFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleAddFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleAddFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -515,11 +515,11 @@
 :RoleDropFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleDropFauxObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDropFauxObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValueTemplate :RoleDropFauxObjectPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleDropFauxObjectPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValueTemplate :RoleDropFauxObjectPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleDropFauxObjectPropertyEntityValueSetTemplate .  
 
 :RoleDropFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -529,11 +529,11 @@
     access:keyComponent access-individual:DropOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDropFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDropFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDropFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDropFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -544,11 +544,11 @@
 :RoleEditFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleEditFauxObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleEditFauxObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValueTemplate :RoleEditFauxObjectPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleEditFauxObjectPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValueTemplate :RoleEditFauxObjectPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleEditFauxObjectPropertyEntityValueSetTemplate .  
 
 :RoleEditFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -558,11 +558,11 @@
     access:keyComponent access-individual:EditOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleEditFauxObjectPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleEditFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleEditFauxObjectPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleEditFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -573,11 +573,11 @@
 :RoleDisplayFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleDisplayFauxDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDisplayFauxDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValueTemplate :RoleDisplayFauxDataPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleDisplayFauxDataPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValueTemplate :RoleDisplayFauxDataPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleDisplayFauxDataPropertyEntityValueSetTemplate .  
 
 :RoleDisplayFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -587,11 +587,11 @@
     access:keyComponent access-individual:DisplayOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDisplayFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDisplayFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDisplayFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDisplayFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -602,11 +602,11 @@
 :RolePublishFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RolePublishFauxDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RolePublishFauxDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValueTemplate :RolePublishFauxDataPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RolePublishFauxDataPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValueTemplate :RolePublishFauxDataPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RolePublishFauxDataPropertyEntityValueSetTemplate .  
 
 :RolePublishFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -616,11 +616,11 @@
     access:keyComponent access-individual:PublishOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RolePublishFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RolePublishFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePublishFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RolePublishFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -631,11 +631,11 @@
 :RoleAddFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleAddFauxDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleAddFauxDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValueTemplate :RoleAddFauxDataPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleAddFauxDataPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValueTemplate :RoleAddFauxDataPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleAddFauxDataPropertyEntityValueSetTemplate .  
 
 :RoleAddFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -645,11 +645,11 @@
     access:keyComponent access-individual:AddOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleAddFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleAddFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleAddFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleAddFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -660,11 +660,11 @@
 :RoleDropFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleDropFauxDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDropFauxDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValueTemplate :RoleDropFauxDataPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleDropFauxDataPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValueTemplate :RoleDropFauxDataPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleDropFauxDataPropertyEntityValueSetTemplate .  
 
 :RoleDropFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -674,11 +674,11 @@
     access:keyComponent access-individual:DropOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleDropFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDropFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleDropFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleDropFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -689,11 +689,11 @@
 :RoleEditFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleEditFauxDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleEditFauxDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValueTemplate :RoleEditFauxDataPropertyValueContainerTemplate ;
-    access:dataSetValueTemplate :RoleEditFauxDataPropertyEntityValueContainerTemplate .  
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValueTemplate :RoleEditFauxDataPropertyValueSetTemplate ;
+    access:dataSetValueTemplate :RoleEditFauxDataPropertyEntityValueSetTemplate .  
 
 :RoleEditFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -703,11 +703,11 @@
     access:keyComponent access-individual:EditOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleEditFauxDataPropertyValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleEditFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RoleEditFauxDataPropertyEntityValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleEditFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:defaultValue access-individual:defaultUri ;
@@ -719,11 +719,11 @@
 
 :PublicDropFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicDropFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :PublicDropFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :PublicDropFauxDataPropertyValueSet .
 
 :PublicDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -732,11 +732,11 @@
 
 :EditorDropFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorDropFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :EditorDropFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :EditorDropFauxDataPropertyValueSet .
 
 :EditorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -745,11 +745,11 @@
 
 :CuratorDropFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorDropFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :CuratorDropFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :CuratorDropFauxDataPropertyValueSet .
 
 :CuratorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -758,11 +758,11 @@
 
 :AdminDropFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminDropFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :AdminDropFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :AdminDropFauxDataPropertyValueSet .
 
 :AdminDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -773,11 +773,11 @@
 
 :PublicAddFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicAddFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :PublicAddFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :PublicAddFauxDataPropertyValueSet .
 
 :PublicAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -786,11 +786,11 @@
 
 :EditorAddFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorAddFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :EditorAddFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :EditorAddFauxDataPropertyValueSet .
 
 :EditorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -799,11 +799,11 @@
 
 :CuratorAddFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorAddFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :CuratorAddFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :CuratorAddFauxDataPropertyValueSet .
 
 :CuratorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -812,11 +812,11 @@
 
 :AdminAddFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminAddFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :AdminAddFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :AdminAddFauxDataPropertyValueSet .
 
 :AdminAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -827,11 +827,11 @@
 
 :PublicEditFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicEditFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :PublicEditFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :PublicEditFauxDataPropertyValueSet .
 
 :PublicEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -840,11 +840,11 @@
 
 :EditorEditFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorEditFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :EditorEditFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :EditorEditFauxDataPropertyValueSet .
 
 :EditorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -853,11 +853,11 @@
 
 :CuratorEditFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorEditFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :CuratorEditFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :CuratorEditFauxDataPropertyValueSet .
 
 :CuratorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -866,11 +866,11 @@
 
 :AdminEditFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminEditFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :AdminEditFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :AdminEditFauxDataPropertyValueSet .
 
 :AdminEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -881,11 +881,11 @@
 
 :PublicDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicDropFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :PublicDropFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :PublicDropFauxObjectPropertyValueSet .
 
 :PublicDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -894,11 +894,11 @@
 
 :EditorDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorDropFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :EditorDropFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :EditorDropFauxObjectPropertyValueSet .
 
 :EditorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -907,11 +907,11 @@
 
 :CuratorDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorDropFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :CuratorDropFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :CuratorDropFauxObjectPropertyValueSet .
 
 :CuratorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -920,11 +920,11 @@
 
 :AdminDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminDropFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :AdminDropFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :AdminDropFauxObjectPropertyValueSet .
 
 :AdminDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -935,11 +935,11 @@
 
 :PublicAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicAddFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :PublicAddFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :PublicAddFauxObjectPropertyValueSet .
 
 :PublicAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -948,11 +948,11 @@
 
 :EditorAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorAddFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :EditorAddFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :EditorAddFauxObjectPropertyValueSet .
 
 :EditorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -961,11 +961,11 @@
 
 :CuratorAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorAddFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :CuratorAddFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :CuratorAddFauxObjectPropertyValueSet .
 
 :CuratorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -974,11 +974,11 @@
 
 :AdminAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminAddFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :AdminAddFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :AdminAddFauxObjectPropertyValueSet .
 
 :AdminAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -989,11 +989,11 @@
 
 :PublicEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicEditFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :PublicEditFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :PublicEditFauxObjectPropertyValueSet .
 
 :PublicEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -1002,11 +1002,11 @@
 
 :EditorEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorEditFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :EditorEditFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :EditorEditFauxObjectPropertyValueSet .
 
 :EditorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -1015,11 +1015,11 @@
 
 :CuratorEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorEditFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :CuratorEditFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :CuratorEditFauxObjectPropertyValueSet .
 
 :CuratorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -1028,11 +1028,11 @@
 
 :AdminEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminEditFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :AdminEditFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :AdminEditFauxObjectPropertyValueSet .
 
 :AdminEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -1043,11 +1043,11 @@
 
 :PublicDropDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicDropDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :PublicDropDataPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :PublicDropDataPropertyValueSet .
 
 :PublicDropDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1056,11 +1056,11 @@
 
 :EditorDropDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorDropDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :EditorDropDataPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :EditorDropDataPropertyValueSet .
 
 :EditorDropDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1069,11 +1069,11 @@
 
 :CuratorDropDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorDropDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :CuratorDropDataPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :CuratorDropDataPropertyValueSet .
 
 :CuratorDropDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1082,11 +1082,11 @@
 
 :AdminDropDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminDropDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :AdminDropDataPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :AdminDropDataPropertyValueSet .
 
 :AdminDropDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1097,11 +1097,11 @@
 
 :PublicAddDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicAddDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :PublicAddDataPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :PublicAddDataPropertyValueSet .
 
 :PublicAddDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1110,11 +1110,11 @@
 
 :EditorAddDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorAddDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :EditorAddDataPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :EditorAddDataPropertyValueSet .
 
 :EditorAddDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1123,11 +1123,11 @@
 
 :CuratorAddDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorAddDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :CuratorAddDataPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :CuratorAddDataPropertyValueSet .
 
 :CuratorAddDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1136,11 +1136,11 @@
 
 :AdminAddDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminAddDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :AdminAddDataPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :AdminAddDataPropertyValueSet .
 
 :AdminAddDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1151,11 +1151,11 @@
 
 :PublicEditDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicEditDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :PublicEditDataPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :PublicEditDataPropertyValueSet .
 
 :PublicEditDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1164,11 +1164,11 @@
 
 :EditorEditDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorEditDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :EditorEditDataPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :EditorEditDataPropertyValueSet .
 
 :EditorEditDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1177,11 +1177,11 @@
 
 :CuratorEditDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorEditDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :CuratorEditDataPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :CuratorEditDataPropertyValueSet .
 
 :CuratorEditDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1190,11 +1190,11 @@
 
 :AdminEditDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminEditDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :AdminEditDataPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :AdminEditDataPropertyValueSet .
 
 :AdminEditDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1205,11 +1205,11 @@
 
 :PublicDropObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicDropObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :PublicDropObjectPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :PublicDropObjectPropertyValueSet .
 
 :PublicDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1218,11 +1218,11 @@
 
 :EditorDropObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorDropObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :EditorDropObjectPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :EditorDropObjectPropertyValueSet .
 
 :EditorDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1231,11 +1231,11 @@
 
 :CuratorDropObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorDropObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :CuratorDropObjectPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :CuratorDropObjectPropertyValueSet .
 
 :CuratorDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1244,11 +1244,11 @@
 
 :AdminDropObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminDropObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :AdminDropObjectPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :AdminDropObjectPropertyValueSet .
 
 :AdminDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1259,11 +1259,11 @@
 
 :PublicAddObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicAddObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :PublicAddObjectPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :PublicAddObjectPropertyValueSet .
 
 :PublicAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1272,11 +1272,11 @@
 
 :EditorAddObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorAddObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :EditorAddObjectPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :EditorAddObjectPropertyValueSet .
 
 :EditorAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1285,11 +1285,11 @@
 
 :CuratorAddObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorAddObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :CuratorAddObjectPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :CuratorAddObjectPropertyValueSet .
 
 :CuratorAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1298,11 +1298,11 @@
 
 :AdminAddObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminAddObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :AdminAddObjectPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :AdminAddObjectPropertyValueSet .
 
 :AdminAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1313,11 +1313,11 @@
 
 :PublicEditObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicEditObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :PublicEditObjectPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :PublicEditObjectPropertyValueSet .
 
 :PublicEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1326,11 +1326,11 @@
 
 :EditorEditObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorEditObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :EditorEditObjectPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :EditorEditObjectPropertyValueSet .
 
 :EditorEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1339,11 +1339,11 @@
 
 :CuratorEditObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorEditObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :CuratorEditObjectPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :CuratorEditObjectPropertyValueSet .
 
 :CuratorEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1352,11 +1352,11 @@
 
 :AdminEditObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminEditObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :AdminEditObjectPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :AdminEditObjectPropertyValueSet .
 
 :AdminEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1368,11 +1368,11 @@
 
 :PublicDisplayObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicDisplayObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :PublicDisplayObjectPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :PublicDisplayObjectPropertyValueSet .
 
 :PublicDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1381,11 +1381,11 @@
 
 :EditorDisplayObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorDisplayObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :EditorDisplayObjectPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :EditorDisplayObjectPropertyValueSet .
 
 :EditorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1394,11 +1394,11 @@
 
 :CuratorDisplayObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorDisplayObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :CuratorDisplayObjectPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :CuratorDisplayObjectPropertyValueSet .
 
 :CuratorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1407,11 +1407,11 @@
 
 :AdminDisplayObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminDisplayObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :AdminDisplayObjectPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :AdminDisplayObjectPropertyValueSet .
 
 :AdminDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1422,11 +1422,11 @@
 
 :PublicDisplayDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicDisplayDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :PublicDisplayDataPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :PublicDisplayDataPropertyValueSet .
 
 :PublicDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1435,11 +1435,11 @@
 
 :EditorDisplayDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorDisplayDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :EditorDisplayDataPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :EditorDisplayDataPropertyValueSet .
 
 :EditorDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1448,11 +1448,11 @@
 
 :CuratorDisplayDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorDisplayDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :CuratorDisplayDataPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :CuratorDisplayDataPropertyValueSet .
 
 :CuratorDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1461,11 +1461,11 @@
 
 :AdminDisplayDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminDisplayDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :AdminDisplayDataPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :AdminDisplayDataPropertyValueSet .
 
 :AdminDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1476,11 +1476,11 @@
 
 :PublicDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicDisplayFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :PublicDisplayFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :PublicDisplayFauxObjectPropertyValueSet .
 
 :PublicDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -1489,11 +1489,11 @@
 
 :EditorDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorDisplayFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :EditorDisplayFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :EditorDisplayFauxObjectPropertyValueSet .
 
 :EditorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -1502,11 +1502,11 @@
 
 :CuratorDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorDisplayFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :CuratorDisplayFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :CuratorDisplayFauxObjectPropertyValueSet .
 
 :CuratorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -1515,11 +1515,11 @@
 
 :AdminDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminDisplayFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :AdminDisplayFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :AdminDisplayFauxObjectPropertyValueSet .
 
 :AdminDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -1530,11 +1530,11 @@
 
 :PublicDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicDisplayFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :PublicDisplayFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :PublicDisplayFauxDataPropertyValueSet .
 
 :PublicDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -1543,11 +1543,11 @@
 
 :EditorDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorDisplayFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :EditorDisplayFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :EditorDisplayFauxDataPropertyValueSet .
 
 :EditorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -1556,11 +1556,11 @@
 
 :CuratorDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorDisplayFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :CuratorDisplayFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :CuratorDisplayFauxDataPropertyValueSet .
 
 :CuratorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -1569,11 +1569,11 @@
 
 :AdminDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminDisplayFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :AdminDisplayFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :AdminDisplayFauxDataPropertyValueSet .
 
 :AdminDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -1584,11 +1584,11 @@
 
 :EditorPublishObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorPublishObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :EditorPublishObjectPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :EditorPublishObjectPropertyValueSet .
 
 :EditorPublishObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1597,11 +1597,11 @@
 
 :CuratorPublishObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorPublishObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :CuratorPublishObjectPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :CuratorPublishObjectPropertyValueSet .
 
 :CuratorPublishObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1610,11 +1610,11 @@
 
 :AdminPublishObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminPublishObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :AdminPublishObjectPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :AdminPublishObjectPropertyValueSet .
 
 :AdminPublishObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -1625,11 +1625,11 @@
 
 :EditorPublishDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorPublishDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :EditorPublishDataPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :EditorPublishDataPropertyValueSet .
 
 :EditorPublishDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1638,11 +1638,11 @@
 
 :CuratorPublishDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorPublishDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :CuratorPublishDataPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :CuratorPublishDataPropertyValueSet .
 
 :CuratorPublishDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1651,11 +1651,11 @@
 
 :AdminPublishDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminPublishDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :AdminPublishDataPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :AdminPublishDataPropertyValueSet .
 
 :AdminPublishDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -1666,11 +1666,11 @@
 
 :EditorPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorPublishFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :EditorPublishFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :EditorPublishFauxObjectPropertyValueSet .
 
 :EditorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -1679,11 +1679,11 @@
 
 :CuratorPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorPublishFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :CuratorPublishFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :CuratorPublishFauxObjectPropertyValueSet .
 
 :CuratorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -1692,11 +1692,11 @@
 
 :AdminPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminPublishFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :AdminPublishFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :AdminPublishFauxObjectPropertyValueSet .
 
 :AdminPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -1707,11 +1707,11 @@
 
 :EditorPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorPublishFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :EditorPublishFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :EditorPublishFauxDataPropertyValueSet .
 
 :EditorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -1720,11 +1720,11 @@
 
 :CuratorPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorPublishFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :CuratorPublishFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :CuratorPublishFauxDataPropertyValueSet .
 
 :CuratorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -1733,11 +1733,11 @@
 
 :AdminPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminPublishFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :AdminPublishFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :AdminPublishFauxDataPropertyValueSet .
 
 :AdminPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -1753,10 +1753,10 @@
 :AccessObjectTypeEqualsDataSetValue a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ObjectPropertyValueContainer ;
-    access:attributeValue access-individual:DataPropertyValueContainer ;
-    access:attributeValue access-individual:FauxObjectPropertyValueContainer ;
-    access:attributeValue access-individual:FauxDataPropertyValueContainer ;
+    access:attributeValue access-individual:ObjectPropertyValueSet ;
+    access:attributeValue access-individual:DataPropertyValueSet ;
+    access:attributeValue access-individual:FauxObjectPropertyValueSet ;
+    access:attributeValue access-individual:FauxDataPropertyValueSet ;
     .
 
 :AllowMatchingPropertyStatement a access:Rule;
@@ -1769,399 +1769,399 @@
 :AccessObjectTypeStatementEquals a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ObjectPropertyStatementValueContainer ;
-    access:attributeValue access-individual:DataPropertyStatementValueContainer ;
-    access:attributeValue access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:attributeValue access-individual:FauxDataPropertyStatementValueContainer ;
+    access:attributeValue access-individual:ObjectPropertyStatementValueSet ;
+    access:attributeValue access-individual:DataPropertyStatementValueSet ;
+    access:attributeValue access-individual:FauxObjectPropertyStatementValueSet ;
+    access:attributeValue access-individual:FauxDataPropertyStatementValueSet ;
     .
 
 :OperationEqualsDataSetOperation a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:attributeValue access-individual:DisplayOperationValueContainer ;
-    access:attributeValue access-individual:PublishOperationValueContainer ;
-    access:attributeValue access-individual:EditOperationValueContainer ;
-    access:attributeValue access-individual:AddOperationValueContainer ;
-    access:attributeValue access-individual:DropOperationValueContainer ;
+    access:attributeValue access-individual:DisplayOperationValueSet ;
+    access:attributeValue access-individual:PublishOperationValueSet ;
+    access:attributeValue access-individual:EditOperationValueSet ;
+    access:attributeValue access-individual:AddOperationValueSet ;
+    access:attributeValue access-individual:DropOperationValueSet ;
     .
 
 :SubjectRoleEqualsDataSetRoleAttribute a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:attributeValue access-individual:PublicRoleValueContainer ;
-    access:attributeValue access-individual:EditorRoleValueContainer ;
-    access:attributeValue access-individual:CuratorRoleValueContainer ;
-    access:attributeValue access-individual:AdminRoleValueContainer .
+    access:attributeValue access-individual:PublicRoleValueSet ;
+    access:attributeValue access-individual:EditorRoleValueSet ;
+    access:attributeValue access-individual:CuratorRoleValueSet ;
+    access:attributeValue access-individual:AdminRoleValueSet .
 
 :StatementPredicateEquals a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:attributeValue :PublicDisplayObjectPropertyValueContainer ;
-    access:attributeValue :EditorDisplayObjectPropertyValueContainer ;
-    access:attributeValue :CuratorDisplayObjectPropertyValueContainer ;
-    access:attributeValue :AdminDisplayObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicDisplayDataPropertyValueContainer ;
-    access:attributeValue :EditorDisplayDataPropertyValueContainer ;
-    access:attributeValue :CuratorDisplayDataPropertyValueContainer ;
-    access:attributeValue :AdminDisplayDataPropertyValueContainer ;
-
-    access:attributeValue :PublicDisplayFauxObjectPropertyValueContainer ;
-    access:attributeValue :EditorDisplayFauxObjectPropertyValueContainer ;
-    access:attributeValue :CuratorDisplayFauxObjectPropertyValueContainer ;
-    access:attributeValue :AdminDisplayFauxObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicDisplayFauxDataPropertyValueContainer ;   
-    access:attributeValue :EditorDisplayFauxDataPropertyValueContainer ;
-    access:attributeValue :CuratorDisplayFauxDataPropertyValueContainer ;
-    access:attributeValue :AdminDisplayFauxDataPropertyValueContainer ;
-
-    access:attributeValue :EditorPublishObjectPropertyValueContainer ;
-    access:attributeValue :CuratorPublishObjectPropertyValueContainer ;
-    access:attributeValue :AdminPublishObjectPropertyValueContainer ;
-
-    access:attributeValue :EditorPublishDataPropertyValueContainer ;
-    access:attributeValue :CuratorPublishDataPropertyValueContainer ;
-    access:attributeValue :AdminPublishDataPropertyValueContainer ;
-
-    access:attributeValue :EditorPublishFauxObjectPropertyValueContainer ;
-    access:attributeValue :CuratorPublishFauxObjectPropertyValueContainer ;
-    access:attributeValue :AdminPublishFauxObjectPropertyValueContainer ;
-
-    access:attributeValue :EditorPublishFauxDataPropertyValueContainer ;
-    access:attributeValue :CuratorPublishFauxDataPropertyValueContainer ;
-    access:attributeValue :AdminPublishFauxDataPropertyValueContainer ;
-
-    access:attributeValue :PublicEditObjectPropertyValueContainer ;
-    access:attributeValue :EditorEditObjectPropertyValueContainer ;
-    access:attributeValue :CuratorEditObjectPropertyValueContainer ;
-    access:attributeValue :AdminEditObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicAddObjectPropertyValueContainer ;
-    access:attributeValue :EditorAddObjectPropertyValueContainer ;
-    access:attributeValue :CuratorAddObjectPropertyValueContainer ;
-    access:attributeValue :AdminAddObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicDropObjectPropertyValueContainer ;
-    access:attributeValue :EditorDropObjectPropertyValueContainer ;
-    access:attributeValue :CuratorDropObjectPropertyValueContainer ;
-    access:attributeValue :AdminDropObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicEditDataPropertyValueContainer ;
-    access:attributeValue :EditorEditDataPropertyValueContainer ;
-    access:attributeValue :CuratorEditDataPropertyValueContainer ;
-    access:attributeValue :AdminEditDataPropertyValueContainer ;
-
-    access:attributeValue :PublicAddDataPropertyValueContainer ;
-    access:attributeValue :EditorAddDataPropertyValueContainer ;
-    access:attributeValue :CuratorAddDataPropertyValueContainer ;
-    access:attributeValue :AdminAddDataPropertyValueContainer ;
-
-    access:attributeValue :PublicDropDataPropertyValueContainer ;
-    access:attributeValue :EditorDropDataPropertyValueContainer ;
-    access:attributeValue :CuratorDropDataPropertyValueContainer ;
-    access:attributeValue :AdminDropDataPropertyValueContainer ;
-
-    access:attributeValue :PublicEditFauxObjectPropertyValueContainer ;
-    access:attributeValue :EditorEditFauxObjectPropertyValueContainer ;
-    access:attributeValue :CuratorEditFauxObjectPropertyValueContainer ;
-    access:attributeValue :AdminEditFauxObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicAddFauxObjectPropertyValueContainer ;
-    access:attributeValue :EditorAddFauxObjectPropertyValueContainer ;
-    access:attributeValue :CuratorAddFauxObjectPropertyValueContainer ;
-    access:attributeValue :AdminAddFauxObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicDropFauxObjectPropertyValueContainer ;
-    access:attributeValue :EditorDropFauxObjectPropertyValueContainer ;
-    access:attributeValue :CuratorDropFauxObjectPropertyValueContainer ;
-    access:attributeValue :AdminDropFauxObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicEditFauxDataPropertyValueContainer ;
-    access:attributeValue :EditorEditFauxDataPropertyValueContainer ;
-    access:attributeValue :CuratorEditFauxDataPropertyValueContainer ;
-    access:attributeValue :AdminEditFauxDataPropertyValueContainer ;
-
-    access:attributeValue :PublicAddFauxDataPropertyValueContainer ;
-    access:attributeValue :EditorAddFauxDataPropertyValueContainer ;
-    access:attributeValue :CuratorAddFauxDataPropertyValueContainer ;
-    access:attributeValue :AdminAddFauxDataPropertyValueContainer ;
-
-    access:attributeValue :PublicDropFauxDataPropertyValueContainer ;
-    access:attributeValue :EditorDropFauxDataPropertyValueContainer ;
-    access:attributeValue :CuratorDropFauxDataPropertyValueContainer ;
-    access:attributeValue :AdminDropFauxDataPropertyValueContainer ;
+    access:attributeValue :PublicDisplayObjectPropertyValueSet ;
+    access:attributeValue :EditorDisplayObjectPropertyValueSet ;
+    access:attributeValue :CuratorDisplayObjectPropertyValueSet ;
+    access:attributeValue :AdminDisplayObjectPropertyValueSet ;
+
+    access:attributeValue :PublicDisplayDataPropertyValueSet ;
+    access:attributeValue :EditorDisplayDataPropertyValueSet ;
+    access:attributeValue :CuratorDisplayDataPropertyValueSet ;
+    access:attributeValue :AdminDisplayDataPropertyValueSet ;
+
+    access:attributeValue :PublicDisplayFauxObjectPropertyValueSet ;
+    access:attributeValue :EditorDisplayFauxObjectPropertyValueSet ;
+    access:attributeValue :CuratorDisplayFauxObjectPropertyValueSet ;
+    access:attributeValue :AdminDisplayFauxObjectPropertyValueSet ;
+
+    access:attributeValue :PublicDisplayFauxDataPropertyValueSet ;   
+    access:attributeValue :EditorDisplayFauxDataPropertyValueSet ;
+    access:attributeValue :CuratorDisplayFauxDataPropertyValueSet ;
+    access:attributeValue :AdminDisplayFauxDataPropertyValueSet ;
+
+    access:attributeValue :EditorPublishObjectPropertyValueSet ;
+    access:attributeValue :CuratorPublishObjectPropertyValueSet ;
+    access:attributeValue :AdminPublishObjectPropertyValueSet ;
+
+    access:attributeValue :EditorPublishDataPropertyValueSet ;
+    access:attributeValue :CuratorPublishDataPropertyValueSet ;
+    access:attributeValue :AdminPublishDataPropertyValueSet ;
+
+    access:attributeValue :EditorPublishFauxObjectPropertyValueSet ;
+    access:attributeValue :CuratorPublishFauxObjectPropertyValueSet ;
+    access:attributeValue :AdminPublishFauxObjectPropertyValueSet ;
+
+    access:attributeValue :EditorPublishFauxDataPropertyValueSet ;
+    access:attributeValue :CuratorPublishFauxDataPropertyValueSet ;
+    access:attributeValue :AdminPublishFauxDataPropertyValueSet ;
+
+    access:attributeValue :PublicEditObjectPropertyValueSet ;
+    access:attributeValue :EditorEditObjectPropertyValueSet ;
+    access:attributeValue :CuratorEditObjectPropertyValueSet ;
+    access:attributeValue :AdminEditObjectPropertyValueSet ;
+
+    access:attributeValue :PublicAddObjectPropertyValueSet ;
+    access:attributeValue :EditorAddObjectPropertyValueSet ;
+    access:attributeValue :CuratorAddObjectPropertyValueSet ;
+    access:attributeValue :AdminAddObjectPropertyValueSet ;
+
+    access:attributeValue :PublicDropObjectPropertyValueSet ;
+    access:attributeValue :EditorDropObjectPropertyValueSet ;
+    access:attributeValue :CuratorDropObjectPropertyValueSet ;
+    access:attributeValue :AdminDropObjectPropertyValueSet ;
+
+    access:attributeValue :PublicEditDataPropertyValueSet ;
+    access:attributeValue :EditorEditDataPropertyValueSet ;
+    access:attributeValue :CuratorEditDataPropertyValueSet ;
+    access:attributeValue :AdminEditDataPropertyValueSet ;
+
+    access:attributeValue :PublicAddDataPropertyValueSet ;
+    access:attributeValue :EditorAddDataPropertyValueSet ;
+    access:attributeValue :CuratorAddDataPropertyValueSet ;
+    access:attributeValue :AdminAddDataPropertyValueSet ;
+
+    access:attributeValue :PublicDropDataPropertyValueSet ;
+    access:attributeValue :EditorDropDataPropertyValueSet ;
+    access:attributeValue :CuratorDropDataPropertyValueSet ;
+    access:attributeValue :AdminDropDataPropertyValueSet ;
+
+    access:attributeValue :PublicEditFauxObjectPropertyValueSet ;
+    access:attributeValue :EditorEditFauxObjectPropertyValueSet ;
+    access:attributeValue :CuratorEditFauxObjectPropertyValueSet ;
+    access:attributeValue :AdminEditFauxObjectPropertyValueSet ;
+
+    access:attributeValue :PublicAddFauxObjectPropertyValueSet ;
+    access:attributeValue :EditorAddFauxObjectPropertyValueSet ;
+    access:attributeValue :CuratorAddFauxObjectPropertyValueSet ;
+    access:attributeValue :AdminAddFauxObjectPropertyValueSet ;
+
+    access:attributeValue :PublicDropFauxObjectPropertyValueSet ;
+    access:attributeValue :EditorDropFauxObjectPropertyValueSet ;
+    access:attributeValue :CuratorDropFauxObjectPropertyValueSet ;
+    access:attributeValue :AdminDropFauxObjectPropertyValueSet ;
+
+    access:attributeValue :PublicEditFauxDataPropertyValueSet ;
+    access:attributeValue :EditorEditFauxDataPropertyValueSet ;
+    access:attributeValue :CuratorEditFauxDataPropertyValueSet ;
+    access:attributeValue :AdminEditFauxDataPropertyValueSet ;
+
+    access:attributeValue :PublicAddFauxDataPropertyValueSet ;
+    access:attributeValue :EditorAddFauxDataPropertyValueSet ;
+    access:attributeValue :CuratorAddFauxDataPropertyValueSet ;
+    access:attributeValue :AdminAddFauxDataPropertyValueSet ;
+
+    access:attributeValue :PublicDropFauxDataPropertyValueSet ;
+    access:attributeValue :EditorDropFauxDataPropertyValueSet ;
+    access:attributeValue :CuratorDropFauxDataPropertyValueSet ;
+    access:attributeValue :AdminDropFauxDataPropertyValueSet ;
     .
 
 :AccessObjectUriContainsInDataSet a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:attributeValue :PublicDisplayObjectPropertyValueContainer ;
-    access:attributeValue :EditorDisplayObjectPropertyValueContainer ;
-    access:attributeValue :CuratorDisplayObjectPropertyValueContainer ;
-    access:attributeValue :AdminDisplayObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicDisplayDataPropertyValueContainer ;
-    access:attributeValue :EditorDisplayDataPropertyValueContainer ;
-    access:attributeValue :CuratorDisplayDataPropertyValueContainer ;
-    access:attributeValue :AdminDisplayDataPropertyValueContainer ;
-
-    access:attributeValue :PublicDisplayFauxObjectPropertyValueContainer ;
-    access:attributeValue :EditorDisplayFauxObjectPropertyValueContainer ;
-    access:attributeValue :CuratorDisplayFauxObjectPropertyValueContainer ;
-    access:attributeValue :AdminDisplayFauxObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicDisplayFauxDataPropertyValueContainer ;   
-    access:attributeValue :EditorDisplayFauxDataPropertyValueContainer ;
-    access:attributeValue :CuratorDisplayFauxDataPropertyValueContainer ;
-    access:attributeValue :AdminDisplayFauxDataPropertyValueContainer ;
-
-    access:attributeValue :EditorPublishObjectPropertyValueContainer ;
-    access:attributeValue :CuratorPublishObjectPropertyValueContainer ;
-    access:attributeValue :AdminPublishObjectPropertyValueContainer ;
-
-    access:attributeValue :EditorPublishDataPropertyValueContainer ;
-    access:attributeValue :CuratorPublishDataPropertyValueContainer ;
-    access:attributeValue :AdminPublishDataPropertyValueContainer ;
-
-    access:attributeValue :EditorPublishFauxObjectPropertyValueContainer ;
-    access:attributeValue :CuratorPublishFauxObjectPropertyValueContainer ;
-    access:attributeValue :AdminPublishFauxObjectPropertyValueContainer ;
-
-    access:attributeValue :EditorPublishFauxDataPropertyValueContainer ;
-    access:attributeValue :CuratorPublishFauxDataPropertyValueContainer ;
-    access:attributeValue :AdminPublishFauxDataPropertyValueContainer ;
-
-    access:attributeValue :PublicEditObjectPropertyValueContainer ;
-    access:attributeValue :EditorEditObjectPropertyValueContainer ;
-    access:attributeValue :CuratorEditObjectPropertyValueContainer ;
-    access:attributeValue :AdminEditObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicAddObjectPropertyValueContainer ;
-    access:attributeValue :EditorAddObjectPropertyValueContainer ;
-    access:attributeValue :CuratorAddObjectPropertyValueContainer ;
-    access:attributeValue :AdminAddObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicDropObjectPropertyValueContainer ;
-    access:attributeValue :EditorDropObjectPropertyValueContainer ;
-    access:attributeValue :CuratorDropObjectPropertyValueContainer ;
-    access:attributeValue :AdminDropObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicEditDataPropertyValueContainer ;
-    access:attributeValue :EditorEditDataPropertyValueContainer ;
-    access:attributeValue :CuratorEditDataPropertyValueContainer ;
-    access:attributeValue :AdminEditDataPropertyValueContainer ;
-
-    access:attributeValue :PublicAddDataPropertyValueContainer ;
-    access:attributeValue :EditorAddDataPropertyValueContainer ;
-    access:attributeValue :CuratorAddDataPropertyValueContainer ;
-    access:attributeValue :AdminAddDataPropertyValueContainer ;
-
-    access:attributeValue :PublicDropDataPropertyValueContainer ;
-    access:attributeValue :EditorDropDataPropertyValueContainer ;
-    access:attributeValue :CuratorDropDataPropertyValueContainer ;
-    access:attributeValue :AdminDropDataPropertyValueContainer ;
-
-    access:attributeValue :PublicEditFauxObjectPropertyValueContainer ;
-    access:attributeValue :EditorEditFauxObjectPropertyValueContainer ;
-    access:attributeValue :CuratorEditFauxObjectPropertyValueContainer ;
-    access:attributeValue :AdminEditFauxObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicAddFauxObjectPropertyValueContainer ;
-    access:attributeValue :EditorAddFauxObjectPropertyValueContainer ;
-    access:attributeValue :CuratorAddFauxObjectPropertyValueContainer ;
-    access:attributeValue :AdminAddFauxObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicDropFauxObjectPropertyValueContainer ;
-    access:attributeValue :EditorDropFauxObjectPropertyValueContainer ;
-    access:attributeValue :CuratorDropFauxObjectPropertyValueContainer ;
-    access:attributeValue :AdminDropFauxObjectPropertyValueContainer ;
-
-    access:attributeValue :PublicEditFauxDataPropertyValueContainer ;
-    access:attributeValue :EditorEditFauxDataPropertyValueContainer ;
-    access:attributeValue :CuratorEditFauxDataPropertyValueContainer ;
-    access:attributeValue :AdminEditFauxDataPropertyValueContainer ;
-
-    access:attributeValue :PublicAddFauxDataPropertyValueContainer ;
-    access:attributeValue :EditorAddFauxDataPropertyValueContainer ;
-    access:attributeValue :CuratorAddFauxDataPropertyValueContainer ;
-    access:attributeValue :AdminAddFauxDataPropertyValueContainer ;
-
-    access:attributeValue :PublicDropFauxDataPropertyValueContainer ;
-    access:attributeValue :EditorDropFauxDataPropertyValueContainer ;
-    access:attributeValue :CuratorDropFauxDataPropertyValueContainer ;
-    access:attributeValue :AdminDropFauxDataPropertyValueContainer ;
+    access:attributeValue :PublicDisplayObjectPropertyValueSet ;
+    access:attributeValue :EditorDisplayObjectPropertyValueSet ;
+    access:attributeValue :CuratorDisplayObjectPropertyValueSet ;
+    access:attributeValue :AdminDisplayObjectPropertyValueSet ;
+
+    access:attributeValue :PublicDisplayDataPropertyValueSet ;
+    access:attributeValue :EditorDisplayDataPropertyValueSet ;
+    access:attributeValue :CuratorDisplayDataPropertyValueSet ;
+    access:attributeValue :AdminDisplayDataPropertyValueSet ;
+
+    access:attributeValue :PublicDisplayFauxObjectPropertyValueSet ;
+    access:attributeValue :EditorDisplayFauxObjectPropertyValueSet ;
+    access:attributeValue :CuratorDisplayFauxObjectPropertyValueSet ;
+    access:attributeValue :AdminDisplayFauxObjectPropertyValueSet ;
+
+    access:attributeValue :PublicDisplayFauxDataPropertyValueSet ;   
+    access:attributeValue :EditorDisplayFauxDataPropertyValueSet ;
+    access:attributeValue :CuratorDisplayFauxDataPropertyValueSet ;
+    access:attributeValue :AdminDisplayFauxDataPropertyValueSet ;
+
+    access:attributeValue :EditorPublishObjectPropertyValueSet ;
+    access:attributeValue :CuratorPublishObjectPropertyValueSet ;
+    access:attributeValue :AdminPublishObjectPropertyValueSet ;
+
+    access:attributeValue :EditorPublishDataPropertyValueSet ;
+    access:attributeValue :CuratorPublishDataPropertyValueSet ;
+    access:attributeValue :AdminPublishDataPropertyValueSet ;
+
+    access:attributeValue :EditorPublishFauxObjectPropertyValueSet ;
+    access:attributeValue :CuratorPublishFauxObjectPropertyValueSet ;
+    access:attributeValue :AdminPublishFauxObjectPropertyValueSet ;
+
+    access:attributeValue :EditorPublishFauxDataPropertyValueSet ;
+    access:attributeValue :CuratorPublishFauxDataPropertyValueSet ;
+    access:attributeValue :AdminPublishFauxDataPropertyValueSet ;
+
+    access:attributeValue :PublicEditObjectPropertyValueSet ;
+    access:attributeValue :EditorEditObjectPropertyValueSet ;
+    access:attributeValue :CuratorEditObjectPropertyValueSet ;
+    access:attributeValue :AdminEditObjectPropertyValueSet ;
+
+    access:attributeValue :PublicAddObjectPropertyValueSet ;
+    access:attributeValue :EditorAddObjectPropertyValueSet ;
+    access:attributeValue :CuratorAddObjectPropertyValueSet ;
+    access:attributeValue :AdminAddObjectPropertyValueSet ;
+
+    access:attributeValue :PublicDropObjectPropertyValueSet ;
+    access:attributeValue :EditorDropObjectPropertyValueSet ;
+    access:attributeValue :CuratorDropObjectPropertyValueSet ;
+    access:attributeValue :AdminDropObjectPropertyValueSet ;
+
+    access:attributeValue :PublicEditDataPropertyValueSet ;
+    access:attributeValue :EditorEditDataPropertyValueSet ;
+    access:attributeValue :CuratorEditDataPropertyValueSet ;
+    access:attributeValue :AdminEditDataPropertyValueSet ;
+
+    access:attributeValue :PublicAddDataPropertyValueSet ;
+    access:attributeValue :EditorAddDataPropertyValueSet ;
+    access:attributeValue :CuratorAddDataPropertyValueSet ;
+    access:attributeValue :AdminAddDataPropertyValueSet ;
+
+    access:attributeValue :PublicDropDataPropertyValueSet ;
+    access:attributeValue :EditorDropDataPropertyValueSet ;
+    access:attributeValue :CuratorDropDataPropertyValueSet ;
+    access:attributeValue :AdminDropDataPropertyValueSet ;
+
+    access:attributeValue :PublicEditFauxObjectPropertyValueSet ;
+    access:attributeValue :EditorEditFauxObjectPropertyValueSet ;
+    access:attributeValue :CuratorEditFauxObjectPropertyValueSet ;
+    access:attributeValue :AdminEditFauxObjectPropertyValueSet ;
+
+    access:attributeValue :PublicAddFauxObjectPropertyValueSet ;
+    access:attributeValue :EditorAddFauxObjectPropertyValueSet ;
+    access:attributeValue :CuratorAddFauxObjectPropertyValueSet ;
+    access:attributeValue :AdminAddFauxObjectPropertyValueSet ;
+
+    access:attributeValue :PublicDropFauxObjectPropertyValueSet ;
+    access:attributeValue :EditorDropFauxObjectPropertyValueSet ;
+    access:attributeValue :CuratorDropFauxObjectPropertyValueSet ;
+    access:attributeValue :AdminDropFauxObjectPropertyValueSet ;
+
+    access:attributeValue :PublicEditFauxDataPropertyValueSet ;
+    access:attributeValue :EditorEditFauxDataPropertyValueSet ;
+    access:attributeValue :CuratorEditFauxDataPropertyValueSet ;
+    access:attributeValue :AdminEditFauxDataPropertyValueSet ;
+
+    access:attributeValue :PublicAddFauxDataPropertyValueSet ;
+    access:attributeValue :EditorAddFauxDataPropertyValueSet ;
+    access:attributeValue :CuratorAddFauxDataPropertyValueSet ;
+    access:attributeValue :AdminAddFauxDataPropertyValueSet ;
+
+    access:attributeValue :PublicDropFauxDataPropertyValueSet ;
+    access:attributeValue :EditorDropFauxDataPropertyValueSet ;
+    access:attributeValue :CuratorDropFauxDataPropertyValueSet ;
+    access:attributeValue :AdminDropFauxDataPropertyValueSet ;
     .
 
-:PublicDropFauxDataPropertyValueContainer a access:ValueContainer ;
+:PublicDropFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:EditorDropFauxDataPropertyValueContainer a access:ValueContainer ;
+:EditorDropFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:CuratorDropFauxDataPropertyValueContainer a access:ValueContainer ;
+:CuratorDropFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:AdminDropFauxDataPropertyValueContainer a access:ValueContainer ;
+:AdminDropFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
 
-:PublicAddFauxDataPropertyValueContainer a access:ValueContainer ;
+:PublicAddFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:EditorAddFauxDataPropertyValueContainer a access:ValueContainer ;
+:EditorAddFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:CuratorAddFauxDataPropertyValueContainer a access:ValueContainer ;
+:CuratorAddFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:AdminAddFauxDataPropertyValueContainer a access:ValueContainer ;
+:AdminAddFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
 
-:PublicEditFauxDataPropertyValueContainer a access:ValueContainer ;
+:PublicEditFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:EditorEditFauxDataPropertyValueContainer a access:ValueContainer ;
+:EditorEditFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:CuratorEditFauxDataPropertyValueContainer a access:ValueContainer ;
+:CuratorEditFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:AdminEditFauxDataPropertyValueContainer a access:ValueContainer ;
+:AdminEditFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
 
-:PublicDropFauxObjectPropertyValueContainer a access:ValueContainer ;
+:PublicDropFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:EditorDropFauxObjectPropertyValueContainer a access:ValueContainer ;
+:EditorDropFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:CuratorDropFauxObjectPropertyValueContainer a access:ValueContainer ;
+:CuratorDropFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:AdminDropFauxObjectPropertyValueContainer a access:ValueContainer ;
+:AdminDropFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
 
-:PublicAddFauxObjectPropertyValueContainer a access:ValueContainer ;
+:PublicAddFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:EditorAddFauxObjectPropertyValueContainer a access:ValueContainer ;
+:EditorAddFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:CuratorAddFauxObjectPropertyValueContainer a access:ValueContainer ;
+:CuratorAddFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:AdminAddFauxObjectPropertyValueContainer a access:ValueContainer ;
+:AdminAddFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
 
-:PublicEditFauxObjectPropertyValueContainer a access:ValueContainer ;
+:PublicEditFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:EditorEditFauxObjectPropertyValueContainer a access:ValueContainer ;
+:EditorEditFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:CuratorEditFauxObjectPropertyValueContainer a access:ValueContainer ;
+:CuratorEditFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:AdminEditFauxObjectPropertyValueContainer a access:ValueContainer ;
+:AdminEditFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
 
 
-:PublicDropDataPropertyValueContainer a access:ValueContainer ;
+:PublicDropDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:EditorDropDataPropertyValueContainer a access:ValueContainer ;
+:EditorDropDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:CuratorDropDataPropertyValueContainer a access:ValueContainer ;
+:CuratorDropDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:AdminDropDataPropertyValueContainer a access:ValueContainer ;
+:AdminDropDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
 
-:PublicAddDataPropertyValueContainer a access:ValueContainer ;
+:PublicAddDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:EditorAddDataPropertyValueContainer a access:ValueContainer ;
+:EditorAddDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:CuratorAddDataPropertyValueContainer a access:ValueContainer ;
+:CuratorAddDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:AdminAddDataPropertyValueContainer a access:ValueContainer ;
+:AdminAddDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
 
-:PublicEditDataPropertyValueContainer a access:ValueContainer ;
+:PublicEditDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:EditorEditDataPropertyValueContainer a access:ValueContainer ;
+:EditorEditDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:CuratorEditDataPropertyValueContainer a access:ValueContainer ;
+:CuratorEditDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:AdminEditDataPropertyValueContainer a access:ValueContainer ;
+:AdminEditDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
 
-:PublicDropObjectPropertyValueContainer a access:ValueContainer ;
+:PublicDropObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:EditorDropObjectPropertyValueContainer a access:ValueContainer ;
+:EditorDropObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:CuratorDropObjectPropertyValueContainer a access:ValueContainer ;
+:CuratorDropObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:AdminDropObjectPropertyValueContainer a access:ValueContainer ;
+:AdminDropObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
 
-:PublicAddObjectPropertyValueContainer a access:ValueContainer ;
+:PublicAddObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:EditorAddObjectPropertyValueContainer a access:ValueContainer ;
+:EditorAddObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:CuratorAddObjectPropertyValueContainer a access:ValueContainer ;
+:CuratorAddObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:AdminAddObjectPropertyValueContainer a access:ValueContainer ;
+:AdminAddObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
 
-:PublicEditObjectPropertyValueContainer a access:ValueContainer ;
+:PublicEditObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:EditorEditObjectPropertyValueContainer a access:ValueContainer ;
+:EditorEditObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:CuratorEditObjectPropertyValueContainer a access:ValueContainer ;
+:CuratorEditObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:AdminEditObjectPropertyValueContainer a access:ValueContainer ;
+:AdminEditObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
 
-:PublicDisplayObjectPropertyValueContainer a access:ValueContainer ;
+:PublicDisplayObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:EditorDisplayObjectPropertyValueContainer a access:ValueContainer ;
+:EditorDisplayObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:CuratorDisplayObjectPropertyValueContainer a access:ValueContainer ;
+:CuratorDisplayObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:AdminDisplayObjectPropertyValueContainer a access:ValueContainer ;
+:AdminDisplayObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
 
-:PublicDisplayDataPropertyValueContainer a access:ValueContainer ;
+:PublicDisplayDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:EditorDisplayDataPropertyValueContainer a access:ValueContainer ;
+:EditorDisplayDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:CuratorDisplayDataPropertyValueContainer a access:ValueContainer ;
+:CuratorDisplayDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:AdminDisplayDataPropertyValueContainer a access:ValueContainer ;
+:AdminDisplayDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
 
-:PublicDisplayFauxObjectPropertyValueContainer a access:ValueContainer ;
+:PublicDisplayFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:EditorDisplayFauxObjectPropertyValueContainer a access:ValueContainer ;
+:EditorDisplayFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:CuratorDisplayFauxObjectPropertyValueContainer a access:ValueContainer ;
+:CuratorDisplayFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:AdminDisplayFauxObjectPropertyValueContainer a access:ValueContainer ;
+:AdminDisplayFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
 
-:PublicDisplayFauxDataPropertyValueContainer a access:ValueContainer ;
+:PublicDisplayFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:EditorDisplayFauxDataPropertyValueContainer a access:ValueContainer ;
+:EditorDisplayFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:CuratorDisplayFauxDataPropertyValueContainer a access:ValueContainer ;
+:CuratorDisplayFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:AdminDisplayFauxDataPropertyValueContainer a access:ValueContainer ;
+:AdminDisplayFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
 
-:EditorPublishObjectPropertyValueContainer a access:ValueContainer ;
+:EditorPublishObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:CuratorPublishObjectPropertyValueContainer a access:ValueContainer ;
+:CuratorPublishObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:AdminPublishObjectPropertyValueContainer a access:ValueContainer ;
+:AdminPublishObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
 
-:EditorPublishDataPropertyValueContainer a access:ValueContainer ;
+:EditorPublishDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:CuratorPublishDataPropertyValueContainer a access:ValueContainer ;
+:CuratorPublishDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:AdminPublishDataPropertyValueContainer a access:ValueContainer ;
+:AdminPublishDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
 
-:EditorPublishFauxObjectPropertyValueContainer a access:ValueContainer ;
+:EditorPublishFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:CuratorPublishFauxObjectPropertyValueContainer a access:ValueContainer ;
+:CuratorPublishFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:AdminPublishFauxObjectPropertyValueContainer a access:ValueContainer ;
+:AdminPublishFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
 
-:EditorPublishFauxDataPropertyValueContainer a access:ValueContainer ;
+:EditorPublishFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:CuratorPublishFauxDataPropertyValueContainer a access:ValueContainer ;
+:CuratorPublishFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:AdminPublishFauxDataPropertyValueContainer a access:ValueContainer ;
+:AdminPublishFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 67cf46f65b..b375f675fa 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -23,11 +23,11 @@
 
 :SelfEditorDisplayObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorDisplayObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :SelfEditorDisplayObjectPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :SelfEditorDisplayObjectPropertyValueSet .
 
 :SelfEditorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -38,11 +38,11 @@
 
 :SelfEditorDisplayDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorDisplayDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :SelfEditorDisplayDataPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :SelfEditorDisplayDataPropertyValueSet .
 
 :SelfEditorDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -53,11 +53,11 @@
 
 :SelfEditorDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorDisplayFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :SelfEditorDisplayFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :SelfEditorDisplayFauxObjectPropertyValueSet .
 
 :SelfEditorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -68,11 +68,11 @@
 
 :SelfEditorDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorDisplayFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DisplayOperationValueContainer ;
-    access:dataSetValues :SelfEditorDisplayFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:dataSetValues :SelfEditorDisplayFauxDataPropertyValueSet .
 
 :SelfEditorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -83,11 +83,11 @@
 
 :SelfEditorPublishObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorPublishObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :SelfEditorPublishObjectPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :SelfEditorPublishObjectPropertyValueSet .
 
 :SelfEditorPublishObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -98,11 +98,11 @@
 
 :SelfEditorPublishDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorPublishDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :SelfEditorPublishDataPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :SelfEditorPublishDataPropertyValueSet .
 
 :SelfEditorPublishDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -113,11 +113,11 @@
 
 :SelfEditorPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorPublishFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :SelfEditorPublishFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :SelfEditorPublishFauxObjectPropertyValueSet .
 
 :SelfEditorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -128,11 +128,11 @@
 
 :SelfEditorPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorPublishFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:PublishOperationValueContainer ;
-    access:dataSetValues :SelfEditorPublishFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:dataSetValues :SelfEditorPublishFauxDataPropertyValueSet .
 
 :SelfEditorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -148,10 +148,10 @@
 :AccessObjectTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ObjectPropertyValueContainer ;
-    access:attributeValue access-individual:DataPropertyValueContainer ;
-    access:attributeValue access-individual:FauxObjectPropertyValueContainer ;
-    access:attributeValue access-individual:FauxDataPropertyValueContainer ;
+    access:attributeValue access-individual:ObjectPropertyValueSet ;
+    access:attributeValue access-individual:DataPropertyValueSet ;
+    access:attributeValue access-individual:FauxObjectPropertyValueSet ;
+    access:attributeValue access-individual:FauxDataPropertyValueSet ;
     .
 
 :AllowMatchingPropertyStatement a access:Rule;
@@ -164,63 +164,63 @@
 :AccessObjectStatementTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ObjectPropertyStatementValueContainer ;
-    access:attributeValue access-individual:DataPropertyStatementValueContainer ;
-    access:attributeValue access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:attributeValue access-individual:FauxDataPropertyStatementValueContainer ;
+    access:attributeValue access-individual:ObjectPropertyStatementValueSet ;
+    access:attributeValue access-individual:DataPropertyStatementValueSet ;
+    access:attributeValue access-individual:FauxObjectPropertyStatementValueSet ;
+    access:attributeValue access-individual:FauxDataPropertyStatementValueSet ;
     .
 
 :OperationCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:attributeValue access-individual:DisplayOperationValueContainer ;
-    access:attributeValue access-individual:PublishOperationValueContainer ;
+    access:attributeValue access-individual:DisplayOperationValueSet ;
+    access:attributeValue access-individual:PublishOperationValueSet ;
     .
 
 :SubjectRoleCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:attributeValue access-individual:SelfEditorRoleValueContainer .
+    access:attributeValue access-individual:SelfEditorRoleValueSet .
 
 :StatementPredicateCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:attributeValue :SelfEditorDisplayObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorDisplayDataPropertyValueContainer ;
-    access:attributeValue :SelfEditorDisplayFauxObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorDisplayFauxDataPropertyValueContainer ;
-    access:attributeValue :SelfEditorPublishObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorPublishDataPropertyValueContainer ;
-    access:attributeValue :SelfEditorPublishFauxObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorPublishFauxDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorDisplayObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorDisplayDataPropertyValueSet ;
+    access:attributeValue :SelfEditorDisplayFauxObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorDisplayFauxDataPropertyValueSet ;
+    access:attributeValue :SelfEditorPublishObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorPublishDataPropertyValueSet ;
+    access:attributeValue :SelfEditorPublishFauxObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorPublishFauxDataPropertyValueSet ;
     .
 
 :AccessObjectUriCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:attributeValue :SelfEditorDisplayObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorDisplayDataPropertyValueContainer ;
-    access:attributeValue :SelfEditorDisplayFauxObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorDisplayFauxDataPropertyValueContainer ;
-    access:attributeValue :SelfEditorPublishObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorPublishDataPropertyValueContainer ;
-    access:attributeValue :SelfEditorPublishFauxObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorPublishFauxDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorDisplayObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorDisplayDataPropertyValueSet ;
+    access:attributeValue :SelfEditorDisplayFauxObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorDisplayFauxDataPropertyValueSet ;
+    access:attributeValue :SelfEditorPublishObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorPublishDataPropertyValueSet ;
+    access:attributeValue :SelfEditorPublishFauxObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorPublishFauxDataPropertyValueSet ;
     .
 
-:SelfEditorDisplayObjectPropertyValueContainer a access:ValueContainer ;
+:SelfEditorDisplayObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:SelfEditorDisplayDataPropertyValueContainer a access:ValueContainer ;
+:SelfEditorDisplayDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:SelfEditorDisplayFauxObjectPropertyValueContainer a access:ValueContainer ;
+:SelfEditorDisplayFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:SelfEditorDisplayFauxDataPropertyValueContainer a access:ValueContainer ;
+:SelfEditorDisplayFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
-:SelfEditorPublishObjectPropertyValueContainer a access:ValueContainer ;
+:SelfEditorPublishObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:SelfEditorPublishDataPropertyValueContainer a access:ValueContainer ;
+:SelfEditorPublishDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:SelfEditorPublishFauxObjectPropertyValueContainer a access:ValueContainer ;
+:SelfEditorPublishFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:SelfEditorPublishFauxDataPropertyValueContainer a access:ValueContainer ;
+:SelfEditorPublishFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index 99faabafc8..39774a2129 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -58,44 +58,44 @@
 :PredicateUriStartWithProhibitedNamespace a access:Check ;
     access:operator access-individual:StartsWith ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:attributeValue :ProhibitedNamespaceValueContainer .
+    access:attributeValue :ProhibitedNamespaceValueSet .
 
 :PredicateNotANamespaceException a access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:attributeValue :ProhibitedNamespaceExceptionsValueContainer .
+    access:attributeValue :ProhibitedNamespaceExceptionsValueSet .
 
 :SubjectUriStartWithProhibitedNamespace a access:Check ;
     access:operator access-individual:StartsWith ;
     access:attribute access-individual:StatementSubjectUri ;
-    access:attributeValue :ProhibitedNamespaceValueContainer .
+    access:attributeValue :ProhibitedNamespaceValueSet .
 
 :StatementSubjectNotOneOfProhibitedExceptions a access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:StatementSubjectUri ;
-    access:attributeValue :ProhibitedNamespaceExceptionsValueContainer .
+    access:attributeValue :ProhibitedNamespaceExceptionsValueSet .
 
 :StatementObjectUriStartsWithProhibitedNameSpace a access:Check ;
     access:operator access-individual:StartsWith ;
     access:attribute access-individual:StatementObjectUri ;
-    access:attributeValue :ProhibitedNamespaceValueContainer .
+    access:attributeValue :ProhibitedNamespaceValueSet .
 
 :ObjectUriNotOneOfProhibitedExceptions a access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:StatementObjectUri ;
-    access:attributeValue :ProhibitedNamespaceExceptionsValueContainer .
+    access:attributeValue :ProhibitedNamespaceExceptionsValueSet .
 
 :NotModifiableStatementsPolicyDataSet a access:PolicyDataSet ;
-    access:dataSetValues :ProhibitedNamespaceExceptionsValueContainer ;
-    access:dataSetValues :ProhibitedNamespaceValueContainer .
+    access:dataSetValues :ProhibitedNamespaceExceptionsValueSet ;
+    access:dataSetValues :ProhibitedNamespaceValueSet .
 
-:ProhibitedNamespaceExceptionsValueContainer a access:ValueContainer ;
+:ProhibitedNamespaceExceptionsValueSet a access:ValueSet ;
     .
 
-:ProhibitedNamespaceValueContainer a access:ValueContainer ;
+:ProhibitedNamespaceValueSet a access:ValueSet ;
     .
 
-:ProhibitedNamespaceExceptionsValueContainer
+:ProhibitedNamespaceExceptionsValueSet
     access:value <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#moniker> ;
     access:value <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#modTime> ;
     access:value <http://vitro.mannlib.cornell.edu/ns/vitro/public#mainImage> ;
@@ -106,7 +106,7 @@
     access:value <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#linkURL> ;
     .
 
-:ProhibitedNamespaceValueContainer
+:ProhibitedNamespaceValueSet
     access:value  :prohibitedNamespacePrefix ; 
     .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index dd7575ec49..a130834372 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -21,8 +21,8 @@
 :RoleDataSetTemplate a access:DataSetTemplate ;
     access:dataSetTemplateKey :RoleDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDataSetKeyTemplate ;
-    access:dataSetValueTemplate :RoleValueContainerTemplate ;
-    access:dataSetValueTemplate :RolePermissionValueContainerTemplate .  
+    access:dataSetValueTemplate :RoleValueSetTemplate ;
+    access:dataSetValueTemplate :RolePermissionValueSetTemplate .  
 
 :RoleDataSetTemplateKey a access:DataSetTemplateKey ;
     access:templateKey access-individual:SubjectRole .
@@ -32,11 +32,11 @@
     access:keyComponent access-individual:ExecuteOperation ;
     access:keyComponentTemplate access-individual:SubjectRole .
 
-:RoleValueContainerTemplate a access:ValueContainerTemplate ;
+:RoleValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRole;
     access:containerTypeTemplate access-individual:SubjectRole .
 
-:RolePermissionValueContainerTemplate a access:ValueContainerTemplate ;
+:RolePermissionValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :PermissionNameAllowed;
     access:defaultValue simplePermission:PageViewablePublic;
     access:defaultValue simplePermission:QueryFullModel ;
@@ -46,8 +46,8 @@
 
 :PublicDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueContainer ;
-    access:dataSetValues :PublicSimplePermissionValueContainer .
+    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:dataSetValues :PublicSimplePermissionValueSet .
 
 :PublicDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:NamedObject ;
@@ -56,8 +56,8 @@
 
 :SelfEditorDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues :SelfEditorSimplePermissionValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues :SelfEditorSimplePermissionValueSet .
 
 :SelfEditorDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:NamedObject ;
@@ -66,8 +66,8 @@
 
 :EditorDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueContainer ;
-    access:dataSetValues :EditorSimplePermissionValueContainer .
+    access:dataSetValues access-individual:EditorRoleValueSet ;
+    access:dataSetValues :EditorSimplePermissionValueSet .
 
 :EditorDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:NamedObject ;
@@ -76,8 +76,8 @@
 
 :CuratorDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueContainer ;
-    access:dataSetValues :CuratorSimplePermissionValueContainer .
+    access:dataSetValues access-individual:CuratorRoleValueSet ;
+    access:dataSetValues :CuratorSimplePermissionValueSet .
 
 :CuratorDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:NamedObject ;
@@ -86,8 +86,8 @@
 
 :AdminDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminDataSetKey  ;
-    access:dataSetValues access-individual:AdminRoleValueContainer ;
-    access:dataSetValues :AdminSimplePermissionValueContainer .
+    access:dataSetValues access-individual:AdminRoleValueSet ;
+    access:dataSetValues :AdminSimplePermissionValueSet .
 
 :AdminDataSetKey  a access:DataSetKey ;
     access:keyComponent access-individual:NamedObject ;
@@ -108,34 +108,34 @@
 :PermissionNameAllowed a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:attributeValue :PublicSimplePermissionValueContainer ;
-    access:attributeValue :SelfEditorSimplePermissionValueContainer ;
-    access:attributeValue :EditorSimplePermissionValueContainer ;
-    access:attributeValue :CuratorSimplePermissionValueContainer ;
-    access:attributeValue :AdminSimplePermissionValueContainer .
+    access:attributeValue :PublicSimplePermissionValueSet ;
+    access:attributeValue :SelfEditorSimplePermissionValueSet ;
+    access:attributeValue :EditorSimplePermissionValueSet ;
+    access:attributeValue :CuratorSimplePermissionValueSet ;
+    access:attributeValue :AdminSimplePermissionValueSet .
 
 :IsSimplePermission a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:singleValue access-individual:NamedObject .
 
-:PublicSimplePermissionValueContainer a access:ValueContainer ;
+:PublicSimplePermissionValueSet a access:ValueSet ;
     access:containerType access-individual:NamedObject .
-:SelfEditorSimplePermissionValueContainer a access:ValueContainer ;
+:SelfEditorSimplePermissionValueSet a access:ValueSet ;
     access:containerType access-individual:NamedObject .
-:EditorSimplePermissionValueContainer a access:ValueContainer ;
+:EditorSimplePermissionValueSet a access:ValueSet ;
     access:containerType access-individual:NamedObject .
-:CuratorSimplePermissionValueContainer a access:ValueContainer ;
+:CuratorSimplePermissionValueSet a access:ValueSet ;
     access:containerType access-individual:NamedObject .
-:AdminSimplePermissionValueContainer a access:ValueContainer ;
+:AdminSimplePermissionValueSet a access:ValueSet ;
     access:containerType access-individual:NamedObject .
 
 :SubjectRoleEqualsDataSetRole a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:attributeValue access-individual:PublicRoleValueContainer ;
-    access:attributeValue access-individual:SelfEditorRoleValueContainer ;
-    access:attributeValue access-individual:EditorRoleValueContainer ;
-    access:attributeValue access-individual:CuratorRoleValueContainer ;
-    access:attributeValue access-individual:AdminRoleValueContainer .
+    access:attributeValue access-individual:PublicRoleValueSet ;
+    access:attributeValue access-individual:SelfEditorRoleValueSet ;
+    access:attributeValue access-individual:EditorRoleValueSet ;
+    access:attributeValue access-individual:CuratorRoleValueSet ;
+    access:attributeValue access-individual:AdminRoleValueSet .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 9fddcd6582..89f0ed90ec 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -29,11 +29,11 @@
 
 :SelfEditorAddObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorAddObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :SelfEditorAddObjectPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :SelfEditorAddObjectPropertyValueSet .
 
 :SelfEditorAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -44,11 +44,11 @@
 
 :SelfEditorAddDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorAddDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :SelfEditorAddDataPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :SelfEditorAddDataPropertyValueSet .
 
 :SelfEditorAddDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -59,11 +59,11 @@
 
 :SelfEditorAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorAddFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :SelfEditorAddFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :SelfEditorAddFauxObjectPropertyValueSet .
 
 :SelfEditorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -74,11 +74,11 @@
 
 :SelfEditorAddFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorAddFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:AddOperationValueContainer ;
-    access:dataSetValues :SelfEditorAddFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:dataSetValues :SelfEditorAddFauxDataPropertyValueSet .
 
 :SelfEditorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -89,11 +89,11 @@
 
 :SelfEditorDropObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorDropObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :SelfEditorDropObjectPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :SelfEditorDropObjectPropertyValueSet .
 
 :SelfEditorDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -104,11 +104,11 @@
 
 :SelfEditorDropDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorDropDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :SelfEditorDropDataPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :SelfEditorDropDataPropertyValueSet .
 
 :SelfEditorDropDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -119,11 +119,11 @@
 
 :SelfEditorDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorDropFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :SelfEditorDropFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :SelfEditorDropFauxObjectPropertyValueSet .
 
 :SelfEditorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -134,11 +134,11 @@
 
 :SelfEditorDropFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorDropFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:DropOperationValueContainer ;
-    access:dataSetValues :SelfEditorDropFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:dataSetValues :SelfEditorDropFauxDataPropertyValueSet .
 
 :SelfEditorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -149,11 +149,11 @@
 
 :SelfEditorEditObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorEditObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :SelfEditorEditObjectPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyValueSet ;
+    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :SelfEditorEditObjectPropertyValueSet .
 
 :SelfEditorEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -164,11 +164,11 @@
 
 :SelfEditorEditDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorEditDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:DataPropertyValueContainer ;
-    access:dataSetValues access-individual:DataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :SelfEditorEditDataPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:DataPropertyValueSet ;
+    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :SelfEditorEditDataPropertyValueSet .
 
 :SelfEditorEditDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
@@ -179,11 +179,11 @@
 
 :SelfEditorEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorEditFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :SelfEditorEditFauxObjectPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
+    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :SelfEditorEditFauxObjectPropertyValueSet .
 
 :SelfEditorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -194,11 +194,11 @@
 
 :SelfEditorEditFauxDataPropertyDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorEditFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyValueContainer ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueContainer ;
-    access:dataSetValues access-individual:EditOperationValueContainer ;
-    access:dataSetValues :SelfEditorEditFauxDataPropertyValueContainer .
+    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
+    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
+    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:dataSetValues :SelfEditorEditFauxDataPropertyValueSet .
 
 :SelfEditorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -214,10 +214,10 @@
 :AccessObjectTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ObjectPropertyValueContainer ;
-    access:attributeValue access-individual:DataPropertyValueContainer ;
-    access:attributeValue access-individual:FauxObjectPropertyValueContainer ;
-    access:attributeValue access-individual:FauxDataPropertyValueContainer ;
+    access:attributeValue access-individual:ObjectPropertyValueSet ;
+    access:attributeValue access-individual:DataPropertyValueSet ;
+    access:attributeValue access-individual:FauxObjectPropertyValueSet ;
+    access:attributeValue access-individual:FauxDataPropertyValueSet ;
     .
 
 :AllowMatchingPropertyStatement a access:Rule;
@@ -236,86 +236,86 @@
 :AccessObjectStatementTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ObjectPropertyStatementValueContainer ;
-    access:attributeValue access-individual:DataPropertyStatementValueContainer ;
-    access:attributeValue access-individual:FauxObjectPropertyStatementValueContainer ;
-    access:attributeValue access-individual:FauxDataPropertyStatementValueContainer ;
+    access:attributeValue access-individual:ObjectPropertyStatementValueSet ;
+    access:attributeValue access-individual:DataPropertyStatementValueSet ;
+    access:attributeValue access-individual:FauxObjectPropertyStatementValueSet ;
+    access:attributeValue access-individual:FauxDataPropertyStatementValueSet ;
     .
 
 :OperationCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:attributeValue access-individual:AddOperationValueContainer ;
-    access:attributeValue access-individual:DropOperationValueContainer ;
-    access:attributeValue access-individual:EditOperationValueContainer ;
+    access:attributeValue access-individual:AddOperationValueSet ;
+    access:attributeValue access-individual:DropOperationValueSet ;
+    access:attributeValue access-individual:EditOperationValueSet ;
     .
 
 :SubjectRoleCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:attributeValue access-individual:SelfEditorRoleValueContainer .
+    access:attributeValue access-individual:SelfEditorRoleValueSet .
 
 :StatementPredicateCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:attributeValue :SelfEditorAddObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorAddDataPropertyValueContainer ;
-    access:attributeValue :SelfEditorAddFauxObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorAddFauxDataPropertyValueContainer ;
-
-    access:attributeValue :SelfEditorEditObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorEditDataPropertyValueContainer ;
-    access:attributeValue :SelfEditorEditFauxObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorEditFauxDataPropertyValueContainer ;
-
-    access:attributeValue :SelfEditorDropObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorDropDataPropertyValueContainer ;
-    access:attributeValue :SelfEditorDropFauxObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorDropFauxDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorAddObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorAddDataPropertyValueSet ;
+    access:attributeValue :SelfEditorAddFauxObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorAddFauxDataPropertyValueSet ;
+
+    access:attributeValue :SelfEditorEditObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorEditDataPropertyValueSet ;
+    access:attributeValue :SelfEditorEditFauxObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorEditFauxDataPropertyValueSet ;
+
+    access:attributeValue :SelfEditorDropObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorDropDataPropertyValueSet ;
+    access:attributeValue :SelfEditorDropFauxObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorDropFauxDataPropertyValueSet ;
     .
 
 :AccessObjectUriCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:attributeValue :SelfEditorAddObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorAddDataPropertyValueContainer ;
-    access:attributeValue :SelfEditorAddFauxObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorAddFauxDataPropertyValueContainer ;
-
-    access:attributeValue :SelfEditorEditObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorEditDataPropertyValueContainer ;
-    access:attributeValue :SelfEditorEditFauxObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorEditFauxDataPropertyValueContainer ;
-
-    access:attributeValue :SelfEditorDropObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorDropDataPropertyValueContainer ;
-    access:attributeValue :SelfEditorDropFauxObjectPropertyValueContainer ;
-    access:attributeValue :SelfEditorDropFauxDataPropertyValueContainer ;
+    access:attributeValue :SelfEditorAddObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorAddDataPropertyValueSet ;
+    access:attributeValue :SelfEditorAddFauxObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorAddFauxDataPropertyValueSet ;
+
+    access:attributeValue :SelfEditorEditObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorEditDataPropertyValueSet ;
+    access:attributeValue :SelfEditorEditFauxObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorEditFauxDataPropertyValueSet ;
+
+    access:attributeValue :SelfEditorDropObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorDropDataPropertyValueSet ;
+    access:attributeValue :SelfEditorDropFauxObjectPropertyValueSet ;
+    access:attributeValue :SelfEditorDropFauxDataPropertyValueSet ;
     .
 
-:SelfEditorAddObjectPropertyValueContainer a access:ValueContainer ;
+:SelfEditorAddObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:SelfEditorAddDataPropertyValueContainer a access:ValueContainer ;
+:SelfEditorAddDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:SelfEditorAddFauxObjectPropertyValueContainer a access:ValueContainer ;
+:SelfEditorAddFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:SelfEditorAddFauxDataPropertyValueContainer a access:ValueContainer ;
+:SelfEditorAddFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
 
-:SelfEditorEditObjectPropertyValueContainer a access:ValueContainer ;
+:SelfEditorEditObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:SelfEditorEditDataPropertyValueContainer a access:ValueContainer ;
+:SelfEditorEditDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:SelfEditorEditFauxObjectPropertyValueContainer a access:ValueContainer ;
+:SelfEditorEditFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:SelfEditorEditFauxDataPropertyValueContainer a access:ValueContainer ;
+:SelfEditorEditFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
 
-:SelfEditorDropObjectPropertyValueContainer a access:ValueContainer ;
+:SelfEditorDropObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:ObjectProperty .
-:SelfEditorDropDataPropertyValueContainer a access:ValueContainer ;
+:SelfEditorDropDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:DataProperty .
-:SelfEditorDropFauxObjectPropertyValueContainer a access:ValueContainer ;
+:SelfEditorDropFauxObjectPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxObjectProperty .
-:SelfEditorDropFauxDataPropertyValueContainer a access:ValueContainer ;
+:SelfEditorDropFauxDataPropertyValueSet a access:ValueSet ;
     access:containerType access-individual:FauxDataProperty .
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 9583a85565..3ecf80e669 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -20,12 +20,12 @@
     rdfs:label "Policy"@en-US .
 
 :PolicyDataSet a owl:Class ;
-    rdfs:comment "Data set to load policy instance with values defined in it. Contains value containers used by checks. While loading policy from data set value containers not specified in current data set are ignored (not used by checks)." ;
+    rdfs:comment "Data set to load policy instance with values defined in it. Contains value sets used by checks. While loading policy from data set value containers not specified in current data set are ignored (not used by checks)." ;
     rdfs:label "Policy dataset"@en-US .
 
-:ValueContainer a owl:Class ;
+:ValueSet a owl:Class ;
     rdfs:comment "Container for values" ; 
-    rdfs:label "Value container"@en-US .
+    rdfs:label "Value set"@en-US .
 
 :Rule a owl:Class ;
     rdfs:comment "Contains checks to perform. If all checks match, rule returns decision.";
@@ -64,7 +64,7 @@
     rdfs:label "Decision"@en-US .
 
 :DataSetTemplate a owl:Class ;
-    rdfs:comment "Data set template to create new data set: specify new value containers and add them into checks, create new data set key. Data set template should contain it's own key to be found and used. For example on new role creation new data sets for new role should be created, template key for that example would be access-individual:SubjectRole";
+    rdfs:comment "Data set template to create new data set: specify new value sets and add them into checks, create new data set key. Data set template should contain it's own key to be found and used. For example on new role creation new data sets for new role should be created, template key for that example would be access-individual:SubjectRole";
     rdfs:label "Data set template"@en-US .
 
 :DataSetTemplateKey a owl:Class ;
@@ -75,9 +75,9 @@
     rdfs:comment "Template of data set key to find data set";
     rdfs:label "Data set key template"@en-US .
 
-:ValueContainerTemplate a owl:Class ;
-    rdfs:comment "Template to create new value container from";
-    rdfs:label "Value container template"@en-US .
+:ValueSetTemplate a owl:Class ;
+    rdfs:comment "Template to create new value set from";
+    rdfs:label "Value set template"@en-US .
     
 :Configuration a owl:Class ;
     rdfs:comment "Access control configuration";
@@ -109,15 +109,15 @@
 ### Object properties
 
 :dataSetValues a owl:ObjectProperty ;
-    rdfs:comment "Data set/data set template contains value container";
+    rdfs:comment "Data set/data set template contains value set";
     rdfs:label "data set values"@en-US ;
     rdfs:domain [ a owl:Class ; owl:unionOf  ( :DataSetTemplate :PolicyDataSet ) ] ;
-    rdfs:range :ValueContainer .
+    rdfs:range :ValueSet .
 
 :value a owl:ObjectProperty ;
-    rdfs:comment "Assign value to value container (any URI or :AttributeValue with :id to define literal value)";
+    rdfs:comment "Assign value to value set (any URI or :AttributeValue with :id to define literal value)";
     rdfs:label "value"@en-US ;
-    rdfs:domain :ValueContainer .
+    rdfs:domain :ValueSet .
 
 :operator a owl:ObjectProperty ;
     rdfs:comment "Set type of check to perform";
@@ -132,27 +132,27 @@
     rdfs:range :Attribute .
 
 :defaultValue a owl:ObjectProperty ;
-    rdfs:comment "default value to add into new value container";
+    rdfs:comment "default value to add into new value set";
     rdfs:label "default template value"@en-US ;
-    rdfs:domain :ValueContainerTemplate .
+    rdfs:domain :ValueSetTemplate .
 
 :containerTypeTemplate a owl:ObjectProperty ,
     owl:FunctionalProperty ;
-    rdfs:comment "Type of values for new value container";
-    rdfs:label "container type template"@en-US ;
+    rdfs:comment "Type of values for new value set";
+    rdfs:label "set type template"@en-US ;
     rdfs:range [ a owl:Class ; owl:unionOf  ( :Attribute :ObjectType ) ] ;
-    rdfs:domain :ValueContainerTemplate .
+    rdfs:domain :ValueSetTemplate .
 
 :attributeValue a owl:ObjectProperty ;
-    rdfs:comment "Check contains value container";
+    rdfs:comment "Check contains value set";
     rdfs:label "attribute value"@en-US ;
     rdfs:domain :Check ;
-    rdfs:range :ValueContainer .
+    rdfs:range :ValueSet .
 
 :relatedCheck a owl:ObjectProperty ;
-    rdfs:comment "Specifies :Check into which new ValueContainer should be added";
+    rdfs:comment "Specifies :Check into which new ValueSet should be added";
     rdfs:label "related check"@en-US ;
-    rdfs:domain :ValueContainerTemplate ;
+    rdfs:domain :ValueSetTemplate ;
     rdfs:range :Check .
 
 :dataSetTemplateKey a owl:ObjectProperty, 
@@ -163,10 +163,10 @@
     rdfs:range :DataSetTemplateKey .
 
 :dataSetValueTemplate a owl:ObjectProperty ;
-    rdfs:comment "Contains value container template";
+    rdfs:comment "Contains value set template";
     rdfs:label "data set value template"@en-US ;
     rdfs:domain :DataSetTemplate ;
-    rdfs:range :ValueContainerTemplate .
+    rdfs:range :ValueSetTemplate .
 
 :templateKey a owl:ObjectProperty ;
     rdfs:comment "Attribute to use as a template key";
@@ -193,9 +193,9 @@
     rdfs:range :PolicyDataSet .
 
 :containerType a owl:ObjectProperty ;
-    rdfs:comment "Specifies type of container values";
-    rdfs:label "container type"@en-US ;
-    rdfs:domain :ValueContainer ;
+    rdfs:comment "Specifies type of set values";
+    rdfs:label "set type"@en-US ;
+    rdfs:domain :ValueSet ;
     rdfs:range :ObjectType .
 
 :singleValue a owl:ObjectProperty ;

From ea3b0628afecd1be1408adebd017ed3e5ea3a7b8 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 23 Nov 2023 10:03:33 +0100
Subject: [PATCH 113/148] refact: renamed access:defaultValue to
 access:hasDefaultValue

---
 api/.checkstyle                               |  5 +++
 .../webapp/auth/policy/PolicyLoader.java      |  2 +-
 .../template_access_allowed_class.n3          |  6 +--
 .../template_access_allowed_property.n3       | 40 +++++++++----------
 .../firsttime/template_simple_permissions.n3  |  4 +-
 .../vitro-access-control-ontology.n3          |  4 +-
 6 files changed, 33 insertions(+), 28 deletions(-)
 create mode 100644 api/.checkstyle

diff --git a/api/.checkstyle b/api/.checkstyle
new file mode 100644
index 0000000000..87ca13db6e
--- /dev/null
+++ b/api/.checkstyle
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<fileset-config file-format-version="1.2.0" simple-config="false" sync-formatter="false">
+  <filter name="NonSrcDirs" enabled="false"/>
+</fileset-config>
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 4a4767b90c..08c5028136 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -293,7 +293,7 @@ public class PolicyLoader {
             + "    ?valueSetTemplateUri access:relatedCheck ?relatedCheck .\n"
             + "    ?valueSetTemplateUri access:containerTypeTemplate ?setElementsType .\n"
             + "    OPTIONAL {\n"
-            + "      ?valueSetTemplateUri access:defaultValue ?dataValue .\n"
+            + "      ?valueSetTemplateUri access:hasDefaultValue ?dataValue .\n"
             + "    }\n"
             + "    OPTIONAL {\n"
             + "      FILTER ( str(?setElementsType) = 'https://vivoweb.org/ontology/vitro-application/auth/individual/SubjectRole' )\n"
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 5d8d1e1233..a96baf1e19 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -54,7 +54,7 @@
 
 :RoleDisplayClassValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriCheck ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:Class .
 
 #Role Update Class data set template
@@ -81,7 +81,7 @@
 
 :RoleUpdateClassValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriCheck ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:Class .
 
 #Role Publish Class data set template
@@ -108,7 +108,7 @@
 
 :RolePublishClassValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriCheck ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:Class .
 
 ### Public display class uri data sets
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 5de28650c8..063ef79fc4 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -159,7 +159,7 @@
 :RoleDisplayObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
 #Role PublishObjectProperty data set template
@@ -188,7 +188,7 @@
 :RolePublishObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
 #Role AddObjectProperty data set template
@@ -217,7 +217,7 @@
 :RoleAddObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
 #Role DropObjectProperty data set template
@@ -246,7 +246,7 @@
 :RoleDropObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
 #Role EditObjectProperty data set template
@@ -275,7 +275,7 @@
 :RoleEditObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:ObjectProperty .
 
 #Role DisplayDataProperty data set template
@@ -304,7 +304,7 @@
 :RoleDisplayDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
 #Role PublishDataProperty data set template
@@ -333,7 +333,7 @@
 :RolePublishDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
 #Role AddDataProperty data set template
@@ -362,7 +362,7 @@
 :RoleAddDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
 #Role DropDataProperty data set template
@@ -391,7 +391,7 @@
 :RoleDropDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
 #Role EditDataProperty data set template
@@ -420,7 +420,7 @@
 :RoleEditDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:DataProperty .
 
 #Role DisplayFauxObjectProperty data set template
@@ -449,7 +449,7 @@
 :RoleDisplayFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
 #Role PublishFauxObjectProperty data set template
@@ -478,7 +478,7 @@
 :RolePublishFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
 #Role AddFauxObjectProperty data set template
@@ -507,7 +507,7 @@
 :RoleAddFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
 #Role DropFauxObjectProperty data set template
@@ -536,7 +536,7 @@
 :RoleDropFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
 #Role EditFauxObjectProperty data set template
@@ -565,7 +565,7 @@
 :RoleEditFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxObjectProperty .
 
 #Role DisplayFauxDataProperty data set template
@@ -594,7 +594,7 @@
 :RoleDisplayFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
 #Role PublishFauxDataProperty data set template
@@ -623,7 +623,7 @@
 :RolePublishFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
 #Role AddFauxDataProperty data set template
@@ -652,7 +652,7 @@
 :RoleAddFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
 #Role DropFauxDataProperty data set template
@@ -681,7 +681,7 @@
 :RoleDropFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
 #Role EditFauxDataProperty data set template
@@ -710,7 +710,7 @@
 :RoleEditFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:defaultValue access-individual:defaultUri ;
+#    access:hasDefaultValue access-individual:defaultUri ;
     access:containerTypeTemplate access-individual:FauxDataProperty .
 
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index a130834372..ac97c8b7ad 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -38,8 +38,8 @@
 
 :RolePermissionValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :PermissionNameAllowed;
-    access:defaultValue simplePermission:PageViewablePublic;
-    access:defaultValue simplePermission:QueryFullModel ;
+    access:hasDefaultValue simplePermission:PageViewablePublic;
+    access:hasDefaultValue simplePermission:QueryFullModel ;
     access:containerTypeTemplate access-individual:NamedObject .
 
 #Data sets
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 3ecf80e669..ec5fea8afb 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -131,9 +131,9 @@
     rdfs:domain :Check ;
     rdfs:range :Attribute .
 
-:defaultValue a owl:ObjectProperty ;
+:hasDefaultValue a owl:ObjectProperty ;
     rdfs:comment "default value to add into new value set";
-    rdfs:label "default template value"@en-US ;
+    rdfs:label "has default value"@en-US ;
     rdfs:domain :ValueSetTemplate .
 
 :containerTypeTemplate a owl:ObjectProperty ,

From e54618b50091353e7d0d1f765394df357b57afc0 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 23 Nov 2023 10:12:00 +0100
Subject: [PATCH 114/148] refact: renamed access:singleValue to access:value

---
 .../vitro/webapp/auth/policy/PolicyLoader.java |  4 ++--
 .../webapp/auth/rules/proximity_test_policy.n3 |  2 +-
 .../webapp/auth/rules/test_policy_broken1.n3   |  4 ++--
 .../webapp/auth/rules/test_policy_broken2.n3   |  4 ++--
 .../webapp/auth/rules/test_policy_broken3.n3   |  4 ++--
 .../webapp/auth/rules/test_policy_broken4.n3   |  4 ++--
 .../vitro/webapp/auth/rules/test_policy_key.n3 |  2 +-
 .../webapp/auth/rules/test_policy_valid.n3     |  2 +-
 .../firsttime/policy_editable_pages.n3         | 18 +++++++++---------
 .../firsttime/policy_menu_items_editing.n3     | 10 +++++-----
 .../firsttime/policy_root_user.n3              |  2 +-
 .../template_not_modifiable_statements.n3      |  4 ++--
 .../firsttime/template_simple_permissions.n3   |  4 ++--
 ...template_update_related_allowed_property.n3 |  2 +-
 .../firsttime/vitro-access-control-ontology.n3 |  9 ++-------
 15 files changed, 35 insertions(+), 40 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 08c5028136..44bebfda85 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -117,7 +117,7 @@ public class PolicyLoader {
             + "   ?rule access:decision ?decision . \n"
             + "   ?decision access:id ?decision_id . \n"
             + "}\n"
-            + "?check access:singleValue ?value . \n"
+            + "?check access:value ?value . \n"
             + "OPTIONAL {?value access:id ?lit_value . }\n"
             + "  }\n"
             + "BIND(?policy as ?policyUri)\n"
@@ -162,7 +162,7 @@ public class PolicyLoader {
             + "      OPTIONAL {?value access:id ?lit_value . }\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?check access:singleValue ?value .\n"
+            + "      ?check access:value ?value .\n"
             + "      OPTIONAL {?value access:id ?lit_value . }\n"
             + "    }\n"
             + "    BIND(?dataSet as ?dataSetUri)\n"
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
index bc0beb2050..8fd1ce2dc2 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
@@ -17,7 +17,7 @@ access-individual:AllowPersonEditOwnPublication rdf:type access:Rule ;
 access-individual:PublicationInProximityAttribute rdf:type access:Check ;
     access:operator access-individual:SparqlSelectQueryContains ;
     access:attribute access-individual:StatementSubjectUri ;
-    access:singleValue access-individual:PublicationProximityToPerson .
+    access:value access-individual:PublicationProximityToPerson .
 
 access-individual:PublicationProximityToPerson rdf:type access:ValueSet ;
     access:id """
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
index 6407502098..ac6ac7abe4 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
@@ -17,10 +17,10 @@ access-individual:BrokenTestRule rdf:type access:Rule ;
   
 access-individual:BrokenTestAttribute rdf:type access:Check ;
     access:attribute access-individual:Operation ;
-    access:singleValue access-individual:PublishOperation .
+    access:value access-individual:PublishOperation .
  
 access-individual:ValidTestAttribute rdf:type access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:singleValue access-individual:PublishOperation .
+    access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
index f08543cdc9..5e49a52f1c 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
@@ -17,10 +17,10 @@ access-individual:BrokenTestRule rdf:type access:Rule ;
   
 access-individual:BrokenTestAttribute rdf:type access:Check ;
     access:operator access-individual:Equals ;
-    access:singleValue access-individual:PublishOperation .
+    access:value access-individual:PublishOperation .
  
 access-individual:ValidTestAttribute rdf:type access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:singleValue access-individual:PublishOperation .
+    access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
index 95c5ad37dd..e09630658c 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
@@ -18,10 +18,10 @@ access-individual:BrokenTestRule rdf:type access:Rule ;
 access-individual:BrokenTestAttribute rdf:type access:Check ;
     access:operator access-individual:UnknownTest ;
     access:attribute access-individual:Operation ;
-    access:singleValue access-individual:PublishOperation .
+    access:value access-individual:PublishOperation .
  
 access-individual:ValidTestAttribute rdf:type access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:singleValue access-individual:PublishOperation .
+    access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
index 8dd03f4744..ce194473e5 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
@@ -18,10 +18,10 @@ access-individual:BrokenTestRule rdf:type access:Rule ;
 access-individual:BrokenTestAttribute rdf:type access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:UnknownType ;
-    access:singleValue access-individual:PublishOperation .
+    access:value access-individual:PublishOperation .
 
 access-individual:ValidTestAttribute rdf:type access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:singleValue access-individual:PublishOperation .
+    access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
index ecb795ca5b..a5c4681442 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -18,7 +18,7 @@ access-individual:KeyTestRule rdf:type access:Rule ;
 access-individual:KeyTestAttribute rdf:type access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:singleValue access-individual:PublishOperation .
+    access:value access-individual:PublishOperation .
 
 access-individual:PolicyKeyTest rdf:type access:PolicyKey ;
     access:keyComponent access-individual:ObjectPropertyAccesObject ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
index 115753d4c2..741f4125e3 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
@@ -17,5 +17,5 @@ access-individual:ValidRule rdf:type access:Rule ;
 access-individual:ValidAttribute rdf:type access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:singleValue access-individual:PublishOperation .
+    access:value access-individual:PublishOperation .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index 720c842235..534df79b4d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -19,19 +19,19 @@
 :SubjectRoleOneOfEditorsCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:SubjectRole ;
-    access:singleValue auth:ADMIN ;
-    access:singleValue auth:CURATOR ;
-    access:singleValue auth:EDITOR .
+    access:value auth:ADMIN ;
+    access:value auth:CURATOR ;
+    access:value auth:EDITOR .
 
 :SubjectRoleIsSelfEditor a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:singleValue auth:SELF_EDITOR .
+    access:value auth:SELF_EDITOR .
 
 :IsAddOperation a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:singleValue access-individual:AddOperation .
+    access:value access-individual:AddOperation .
 
 :AllowEditRelatedPagesRule a access:Rule;
     access:check :SubjectRoleIsSelfEditor ;
@@ -44,22 +44,22 @@
 :PredicateIsSomePredicate a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:singleValue :SomeUri .
+    access:value :SomeUri .
 
 :ObjectUriIsSomeUri a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:StatementObjectUri ;
-    access:singleValue :SomeUri .
+    access:value :SomeUri .
 
 :SubjectUriIsProfileRelatedResource a access:Check ;
     access:operator access-individual:SparqlSelectQueryContains ;
     access:attribute access-individual:StatementSubjectUri ;
-    access:singleValue access-individual:PersonProfileProximityToResourceUri .
+    access:value access-individual:PersonProfileProximityToResourceUri .
 
 :IsObjectPropertyStatement a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:singleValue access-individual:ObjectPropertyStatement .
+    access:value access-individual:ObjectPropertyStatement .
 
 :SomeUri a access:AttributeValue ;
     access:id "?SOME_URI" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
index d63711f0e0..a9dc5c44ff 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
@@ -26,24 +26,24 @@
 :IsEditOperationCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:singleValue access-individual:EditOperation .
+    access:value access-individual:EditOperation .
 
 :IsDropOperationCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:singleValue access-individual:DropOperation .
+    access:value access-individual:DropOperation .
 
 :IsObjectPropertyStatement a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:singleValue access-individual:ObjectPropertyStatement .
+    access:value access-individual:ObjectPropertyStatement .
 
 :PredicateUriEqualsHomeMenuItem a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:singleValue <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem> .
+    access:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem> .
 
 :ObjectUriEqualsHasElement a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:StatementObjectUri ;
-    access:singleValue <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement> .
+    access:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
index afb3df61e2..0c7eec9b1c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
@@ -14,5 +14,5 @@
 :IsRootUserCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectType ;
-    access:singleValue access-individual:RootUserSubject .
+    access:value access-individual:RootUserSubject .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index 39774a2129..add22b344d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -47,12 +47,12 @@
 :IsObjectPropertyStatement a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:singleValue access-individual:ObjectPropertyStatement .
+    access:value access-individual:ObjectPropertyStatement .
 
 :IsDataPropertyStatement a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:singleValue access-individual:DataPropertyStatement .
+    access:value access-individual:DataPropertyStatement .
 
 ### Not modifiable property statement attributes
 :PredicateUriStartWithProhibitedNamespace a access:Check ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index ac97c8b7ad..aa93c39d4b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -103,7 +103,7 @@
 :IsExecuteOperation a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:singleValue access-individual:ExecuteOperation .
+    access:value access-individual:ExecuteOperation .
 
 :PermissionNameAllowed a access:Check ;
     access:operator access-individual:OneOf ;
@@ -117,7 +117,7 @@
 :IsSimplePermission a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:singleValue access-individual:NamedObject .
+    access:value access-individual:NamedObject .
 
 :PublicSimplePermissionValueSet a access:ValueSet ;
     access:containerType access-individual:NamedObject .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 89f0ed90ec..576c53c9de 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -231,7 +231,7 @@
 :RelationCheck a access:Check ;
     access:operator access-individual:SparqlSelectQueryContains ;
     access:attribute access-individual:StatementSubjectUri ;
-    access:singleValue access-individual:PersonProfileProximityToResourceUri .
+    access:value access-individual:PersonProfileProximityToResourceUri .
 
 :AccessObjectStatementTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index ec5fea8afb..8e6523b2fb 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -115,9 +115,9 @@
     rdfs:range :ValueSet .
 
 :value a owl:ObjectProperty ;
-    rdfs:comment "Assign value to value set (any URI or :AttributeValue with :id to define literal value)";
+    rdfs:comment "Assign one value (any URI or :AttributeValue with :id to define literal value)";
     rdfs:label "value"@en-US ;
-    rdfs:domain :ValueSet .
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :ValueSet :Check ) ] .
 
 :operator a owl:ObjectProperty ;
     rdfs:comment "Set type of check to perform";
@@ -198,11 +198,6 @@
     rdfs:domain :ValueSet ;
     rdfs:range :ObjectType .
 
-:singleValue a owl:ObjectProperty ;
-    rdfs:comment "Contains single value to check";
-    rdfs:label "single value"@en-US ;
-    rdfs:domain :Check .
-
 :rule a owl:ObjectProperty ;
     rdfs:comment "Contains a rule";
     rdfs:label "rule"@en-US ;

From 1f896c0a190f8ef6a3bf1129bd33db5653631fc9 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 23 Nov 2023 10:40:53 +0100
Subject: [PATCH 115/148] refact: renamed access:containerTypeTemplate to
 access:containsElementsOfType

---
 .../webapp/auth/policy/PolicyLoader.java      |  2 +-
 .../webapp/auth/rules/data_set_templates.n3   |  8 +-
 .../template_access_allowed_class.n3          | 12 +--
 .../template_access_allowed_property.n3       | 80 +++++++++----------
 .../firsttime/template_simple_permissions.n3  |  4 +-
 .../vitro-access-control-ontology.n3          |  2 +-
 6 files changed, 54 insertions(+), 54 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 44bebfda85..231f32b87c 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -291,7 +291,7 @@ public class PolicyLoader {
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?valueSetTemplateUri access:relatedCheck ?relatedCheck .\n"
-            + "    ?valueSetTemplateUri access:containerTypeTemplate ?setElementsType .\n"
+            + "    ?valueSetTemplateUri access:containsElementsOfType ?setElementsType .\n"
             + "    OPTIONAL {\n"
             + "      ?valueSetTemplateUri access:hasDefaultValue ?dataValue .\n"
             + "    }\n"
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index 1416a1a897..40b638e4ec 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -35,13 +35,13 @@
 
 :RoleValueSetTemplate1 a access:ValueSetTemplate ;
     access:relatedCheck :RoleValueSet;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RolePermissionValueSetTemplate1 a access:ValueSetTemplate ;
     access:relatedCheck :TypeValueSet;
     access:defaultValue simplePermission:PageViewablePublic;
     access:defaultValue simplePermission:QueryFullModel ;
-    access:containerTypeTemplate access-individual:NamedObject .
+    access:containsElementsOfType access-individual:NamedObject .
 
 
 :RoleDataSetTemplate2 a access:DataSetTemplate ;
@@ -59,11 +59,11 @@
 
 :RoleValueSetTemplate2 a access:ValueSetTemplate ;
     access:relatedCheck :RoleValueSet;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RolePermissionValueSetTemplate2 a access:ValueSetTemplate ;
     access:relatedCheck :TypeValueSet;
-    access:containerTypeTemplate access-individual:NamedObject .
+    access:containsElementsOfType access-individual:NamedObject .
 
 :PublicDataSet a access:PolicyDataSet ;
     access:dataSetKey :PublicDataSetKey ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index a96baf1e19..cb8d16604f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -50,12 +50,12 @@
 
 :RoleDisplayClassRoleValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleCheck;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleDisplayClassValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriCheck ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 #Role Update Class data set template
 
@@ -77,12 +77,12 @@
 
 :RoleUpdateClassRoleValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleCheck;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleUpdateClassValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriCheck ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 #Role Publish Class data set template
 
@@ -104,12 +104,12 @@
 
 :RolePublishClassRoleValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleCheck;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RolePublishClassValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriCheck ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 ### Public display class uri data sets
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 063ef79fc4..9fa585de92 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -154,13 +154,13 @@
 
 :RoleDisplayObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleDisplayObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role PublishObjectProperty data set template
 
@@ -183,13 +183,13 @@
 
 :RolePublishObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RolePublishObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role AddObjectProperty data set template
 
@@ -212,13 +212,13 @@
 
 :RoleAddObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleAddObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role DropObjectProperty data set template
 
@@ -241,13 +241,13 @@
 
 :RoleDropObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleDropObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role EditObjectProperty data set template
 
@@ -270,13 +270,13 @@
 
 :RoleEditObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleEditObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role DisplayDataProperty data set template
 
@@ -299,13 +299,13 @@
 
 :RoleDisplayDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleDisplayDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 
 #Role PublishDataProperty data set template
 
@@ -328,13 +328,13 @@
 
 :RolePublishDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RolePublishDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 
 #Role AddDataProperty data set template
 
@@ -357,13 +357,13 @@
 
 :RoleAddDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleAddDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 
 #Role DropDataProperty data set template
 
@@ -386,13 +386,13 @@
 
 :RoleDropDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleDropDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 
 #Role EditDataProperty data set template
 
@@ -415,13 +415,13 @@
 
 :RoleEditDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleEditDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 
 #Role DisplayFauxObjectProperty data set template
 
@@ -444,13 +444,13 @@
 
 :RoleDisplayFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleDisplayFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 
 #Role PublishFauxObjectProperty data set template
 
@@ -473,13 +473,13 @@
 
 :RolePublishFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RolePublishFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 
 #Role AddFauxObjectProperty data set template
 
@@ -502,13 +502,13 @@
 
 :RoleAddFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleAddFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 
 #Role DropFauxObjectProperty data set template
 
@@ -531,13 +531,13 @@
 
 :RoleDropFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleDropFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 
 #Role EditFauxObjectProperty data set template
 
@@ -560,13 +560,13 @@
 
 :RoleEditFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleEditFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 
 #Role DisplayFauxDataProperty data set template
 
@@ -589,13 +589,13 @@
 
 :RoleDisplayFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleDisplayFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 
 #Role PublishFauxDataProperty data set template
 
@@ -618,13 +618,13 @@
 
 :RolePublishFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RolePublishFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 
 #Role AddFauxDataProperty data set template
 
@@ -647,13 +647,13 @@
 
 :RoleAddFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleAddFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 
 #Role DropFauxDataProperty data set template
 
@@ -676,13 +676,13 @@
 
 :RoleDropFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleDropFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 
 #Role EditFauxDataProperty data set template
 
@@ -705,13 +705,13 @@
 
 :RoleEditFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RoleEditFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
 #    access:hasDefaultValue access-individual:defaultUri ;
-    access:containerTypeTemplate access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 
 
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index aa93c39d4b..a6047a403a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -34,13 +34,13 @@
 
 :RoleValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRole;
-    access:containerTypeTemplate access-individual:SubjectRole .
+    access:containsElementsOfType access-individual:SubjectRole .
 
 :RolePermissionValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :PermissionNameAllowed;
     access:hasDefaultValue simplePermission:PageViewablePublic;
     access:hasDefaultValue simplePermission:QueryFullModel ;
-    access:containerTypeTemplate access-individual:NamedObject .
+    access:containsElementsOfType access-individual:NamedObject .
 
 #Data sets
 
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 8e6523b2fb..42b2e3fa45 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -136,7 +136,7 @@
     rdfs:label "has default value"@en-US ;
     rdfs:domain :ValueSetTemplate .
 
-:containerTypeTemplate a owl:ObjectProperty ,
+:containsElementsOfType a owl:ObjectProperty ,
     owl:FunctionalProperty ;
     rdfs:comment "Type of values for new value set";
     rdfs:label "set type template"@en-US ;

From 8ef6e9fc2c1a6aafd4c61b789589e22169b2aad6 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 23 Nov 2023 10:45:45 +0100
Subject: [PATCH 116/148] refact: renamed access:containerType to
 access:containsElementsOfType

---
 .../webapp/auth/policy/PolicyLoader.java      |   8 +-
 .../webapp/auth/rules/data_set_templates.n3   |   2 +-
 .../template_access_allowed_class.n3          |  28 ++--
 .../template_access_allowed_property.n3       | 152 +++++++++---------
 ...emplate_access_related_allowed_property.n3 |  16 +-
 .../firsttime/template_simple_permissions.n3  |  10 +-
 ...emplate_update_related_allowed_property.n3 |  24 +--
 .../vitro-access-control-ontology.n3          |   8 +-
 8 files changed, 121 insertions(+), 127 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 231f32b87c..9687443675 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -156,7 +156,7 @@ public class PolicyLoader {
             + "      ?attributeValue access:value ?value .\n"
             + "      ?dataSet access:dataSetValues ?attributeValue .\n"
             + "      OPTIONAL {\n"
-            + "        ?attributeValue access:containerType ?setElementsTypeUri .\n"
+            + "        ?attributeValue access:containsElementsOfType ?setElementsTypeUri .\n"
             + "        ?setElementsTypeUri access:id ?setElementsType ."
             + "      }\n"
             + "      OPTIONAL {?value access:id ?lit_value . }\n"
@@ -180,7 +180,7 @@ public class PolicyLoader {
             + "  ?" + POLICY + " access:policyDataSet ?dataSet .\n"
             + "  ?dataSet access:dataSetKey ?dataSetKeyUri .\n"
             + "  ?dataSet access:dataSetValues ?valueSet .\n"
-            + "  ?valueSet access:containerType ?setElementsType .\n"
+            + "  ?valueSet access:containsElementsOfType ?setElementsType .\n"
             + "  ?setElementsType access:id ?setElementsId .\n"
             + "  OPTIONAL { ?valueSet access:value ?value .\n"
             + "    OPTIONAL { ?value access:id ?valueId . }\n"
@@ -201,7 +201,7 @@ public class PolicyLoader {
             + "  ?dataSet access:dataSetKey ?dataSetKeyUri .\n"
             + "  ?" + POLICY + " access:policyDataSet ?dataSet . \n"
             + "  ?dataSet access:dataSetValues ?valueSet . \n"
-            + "  ?valueSet access:containerType ?setElementsTypeUri . \n"
+            + "  ?valueSet access:containsElementsOfType ?setElementsTypeUri . \n"
             + "  ?setElementsTypeUri access:id ?setElementsType . \n";
 
     private static final String policyStatementByKeyTemplateSuffix = "}}";
@@ -284,7 +284,7 @@ public class PolicyLoader {
             + "CONSTRUCT {\n"
             + "  ?relatedCheck access:attributeValue ?valueSet .\n"
             + "  ?valueSet a access:ValueSet .\n"
-            + "  ?valueSet access:containerType ?setElementsType .\n"
+            + "  ?valueSet access:containsElementsOfType ?setElementsType .\n"
             + "  ?valueSet access:value ?newRoleUri .\n"
             + "  ?valueSet access:value ?dataValue ."
             + "}\n"
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index 40b638e4ec..f049ce3b72 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -76,4 +76,4 @@
     access:keyComponent auth:PUBLIC .
 
 access-individual:PublicSimplePermissionValueSet a access:ValueSet ;
-    access:containerType access-individual:NamedObject .
+    access:containsElementsOfType access-individual:NamedObject .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index cb8d16604f..2179b1f4ce 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -356,43 +356,43 @@
     .
 
 :AdminPublishClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :AdminDisplayClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :AdminUpdateClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :CuratorPublishClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :CuratorDisplayClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :CuratorUpdateClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :EditorPublishClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :EditorDisplayClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :EditorUpdateClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :SelfEditorPublishClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :SelfEditorDisplayClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :SelfEditorUpdateClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :PublicDisplayClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
 
 :PublicUpdateClassValueSet a access:ValueSet ;
-    access:containerType access-individual:Class .
+    access:containsElementsOfType access-individual:Class .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 9fa585de92..354138e4f3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -1994,174 +1994,174 @@
     .
 
 :PublicDropFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :EditorDropFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :CuratorDropFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :AdminDropFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 
 :PublicAddFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :EditorAddFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :CuratorAddFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :AdminAddFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 
 :PublicEditFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :EditorEditFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :CuratorEditFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :AdminEditFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 
 :PublicDropFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :EditorDropFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :CuratorDropFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :AdminDropFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 
 :PublicAddFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :EditorAddFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :CuratorAddFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :AdminAddFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 
 :PublicEditFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :EditorEditFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :CuratorEditFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :AdminEditFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 
 
 :PublicDropDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :EditorDropDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :CuratorDropDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :AdminDropDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 
 :PublicAddDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :EditorAddDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :CuratorAddDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :AdminAddDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 
 :PublicEditDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :EditorEditDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :CuratorEditDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :AdminEditDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 
 :PublicDropObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :EditorDropObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :CuratorDropObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :AdminDropObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 
 :PublicAddObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :EditorAddObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :CuratorAddObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :AdminAddObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 
 :PublicEditObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :EditorEditObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :CuratorEditObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :AdminEditObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 
 :PublicDisplayObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :EditorDisplayObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :CuratorDisplayObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :AdminDisplayObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 
 :PublicDisplayDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :EditorDisplayDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :CuratorDisplayDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :AdminDisplayDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 
 :PublicDisplayFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :EditorDisplayFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :CuratorDisplayFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :AdminDisplayFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 
 :PublicDisplayFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :EditorDisplayFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :CuratorDisplayFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :AdminDisplayFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 
 :EditorPublishObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :CuratorPublishObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :AdminPublishObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 
 :EditorPublishDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :CuratorPublishDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :AdminPublishDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 
 :EditorPublishFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :CuratorPublishFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :AdminPublishFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 
 :EditorPublishFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :CuratorPublishFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :AdminPublishFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index b375f675fa..b42df60e1e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -209,18 +209,18 @@
     .
 
 :SelfEditorDisplayObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :SelfEditorDisplayDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :SelfEditorDisplayFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :SelfEditorDisplayFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 :SelfEditorPublishObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :SelfEditorPublishDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :SelfEditorPublishFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :SelfEditorPublishFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index a6047a403a..2d52760360 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -120,15 +120,15 @@
     access:value access-individual:NamedObject .
 
 :PublicSimplePermissionValueSet a access:ValueSet ;
-    access:containerType access-individual:NamedObject .
+    access:containsElementsOfType access-individual:NamedObject .
 :SelfEditorSimplePermissionValueSet a access:ValueSet ;
-    access:containerType access-individual:NamedObject .
+    access:containsElementsOfType access-individual:NamedObject .
 :EditorSimplePermissionValueSet a access:ValueSet ;
-    access:containerType access-individual:NamedObject .
+    access:containsElementsOfType access-individual:NamedObject .
 :CuratorSimplePermissionValueSet a access:ValueSet ;
-    access:containerType access-individual:NamedObject .
+    access:containsElementsOfType access-individual:NamedObject .
 :AdminSimplePermissionValueSet a access:ValueSet ;
-    access:containerType access-individual:NamedObject .
+    access:containsElementsOfType access-individual:NamedObject .
 
 :SubjectRoleEqualsDataSetRole a access:Check ;
     access:operator access-individual:Equals ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 576c53c9de..423d18133e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -294,28 +294,28 @@
     .
 
 :SelfEditorAddObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :SelfEditorAddDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :SelfEditorAddFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :SelfEditorAddFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 
 :SelfEditorEditObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :SelfEditorEditDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :SelfEditorEditFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :SelfEditorEditFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
 
 :SelfEditorDropObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:ObjectProperty .
+    access:containsElementsOfType access-individual:ObjectProperty .
 :SelfEditorDropDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:DataProperty .
+    access:containsElementsOfType access-individual:DataProperty .
 :SelfEditorDropFauxObjectPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxObjectProperty .
+    access:containsElementsOfType access-individual:FauxObjectProperty .
 :SelfEditorDropFauxDataPropertyValueSet a access:ValueSet ;
-    access:containerType access-individual:FauxDataProperty .
+    access:containsElementsOfType access-individual:FauxDataProperty .
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 42b2e3fa45..68bf9b420e 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -141,7 +141,7 @@
     rdfs:comment "Type of values for new value set";
     rdfs:label "set type template"@en-US ;
     rdfs:range [ a owl:Class ; owl:unionOf  ( :Attribute :ObjectType ) ] ;
-    rdfs:domain :ValueSetTemplate .
+    rdfs:domain [ a owl:Class ; owl:unionOf ( :ValueSet :ValueSetTemplate ) ] .
 
 :attributeValue a owl:ObjectProperty ;
     rdfs:comment "Check contains value set";
@@ -192,12 +192,6 @@
     rdfs:domain :PolicyTemplate ;
     rdfs:range :PolicyDataSet .
 
-:containerType a owl:ObjectProperty ;
-    rdfs:comment "Specifies type of set values";
-    rdfs:label "set type"@en-US ;
-    rdfs:domain :ValueSet ;
-    rdfs:range :ObjectType .
-
 :rule a owl:ObjectProperty ;
     rdfs:comment "Contains a rule";
     rdfs:label "rule"@en-US ;

From ccf9375b2a0686af07bace48f591ee4a5404f74d Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 23 Nov 2023 11:11:51 +0100
Subject: [PATCH 117/148] refact: renamed access:check access:requiresCheck and
 access:rule to access:hasRule

---
 .../webapp/auth/policy/PolicyLoader.java      |  8 ++--
 .../auth/rules/proximity_test_policy.n3       |  4 +-
 .../webapp/auth/rules/test_policy_broken1.n3  |  6 +--
 .../webapp/auth/rules/test_policy_broken2.n3  |  6 +--
 .../webapp/auth/rules/test_policy_broken3.n3  |  6 +--
 .../webapp/auth/rules/test_policy_broken4.n3  |  6 +--
 .../webapp/auth/rules/test_policy_broken5.n3  |  6 +--
 .../auth/rules/test_policy_broken_set.n3      |  6 +--
 .../webapp/auth/rules/test_policy_key.n3      |  4 +-
 .../webapp/auth/rules/test_policy_valid.n3    |  4 +-
 .../auth/rules/test_policy_valid_set.n3       |  6 +--
 .../firsttime/policy_editable_pages.n3        | 30 ++++++-------
 .../firsttime/policy_menu_items_editing.n3    | 20 ++++-----
 .../firsttime/policy_root_user.n3             |  4 +-
 .../firsttime/profile_proximity_query.n3      |  2 +-
 .../template_access_allowed_class.n3          | 10 ++---
 .../template_access_allowed_property.n3       | 20 ++++-----
 ...emplate_access_related_allowed_property.n3 | 20 ++++-----
 .../template_not_modifiable_statements.n3     | 42 +++++++++----------
 .../firsttime/template_simple_permissions.n3  | 10 ++---
 ...emplate_update_related_allowed_property.n3 | 22 +++++-----
 .../vitro-access-control-ontology.n3          | 22 +++++-----
 22 files changed, 132 insertions(+), 132 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 9687443675..1122b76d26 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -99,8 +99,8 @@ public class PolicyLoader {
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "?policy a access:Policy .\n"
-            + "?policy access:rule ?rule . \n"
-            + "?rule access:check ?check .\n"
+            + "?policy access:hasRule ?rule . \n"
+            + "?rule access:requiresCheck ?check .\n"
             + "OPTIONAL {\n"
             + "  ?check access:operator ?checkTest .\n"
             + "  OPTIONAL {\n"
@@ -132,8 +132,8 @@ public class PolicyLoader {
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?policy a access:PolicyTemplate .\n"
             + "    ?policy access:policyDataSet ?dataSet .\n"
-            + "    ?policy access:rule ?rule .\n"
-            + "    ?rule access:check ?check .\n"
+            + "    ?policy access:hasRule ?rule .\n"
+            + "    ?rule access:requiresCheck ?check .\n"
             + "    ?check a access:Check .\n"
             + "    OPTIONAL {\n"
             + "      ?check access:operator ?checkTest .\n"
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
index 8fd1ce2dc2..4693c13e17 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
@@ -9,10 +9,10 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:ProximityTestPolicy rdf:type access:Policy ;
-    access:rule access-individual:AllowPersonEditOwnPublication .
+    access:hasRule access-individual:AllowPersonEditOwnPublication .
           
 access-individual:AllowPersonEditOwnPublication rdf:type access:Rule ;
-    access:check access-individual:PublicationInProximityAttribute .
+    access:requiresCheck access-individual:PublicationInProximityAttribute .
           
 access-individual:PublicationInProximityAttribute rdf:type access:Check ;
     access:operator access-individual:SparqlSelectQueryContains ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
index ac6ac7abe4..67a00409f7 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
@@ -9,11 +9,11 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenPolicyBrokenTestType rdf:type access:Policy ;
-    access:rule access-individual:BrokenTestRule .
+    access:hasRule access-individual:BrokenTestRule .
   
 access-individual:BrokenTestRule rdf:type access:Rule ;
-    access:check access-individual:ValidTestAttribute ;
-    access:check access-individual:BrokenTestAttribute .
+    access:requiresCheck access-individual:ValidTestAttribute ;
+    access:requiresCheck access-individual:BrokenTestAttribute .
   
 access-individual:BrokenTestAttribute rdf:type access:Check ;
     access:attribute access-individual:Operation ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
index 5e49a52f1c..68eeea5f3f 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
@@ -9,11 +9,11 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenPolicyType rdf:type access:Policy ;
-    access:rule access-individual:BrokenTestRule .
+    access:hasRule access-individual:BrokenTestRule .
   
 access-individual:BrokenTestRule rdf:type access:Rule ;
-    access:check access-individual:ValidTestAttribute ;
-    access:check access-individual:BrokenTestAttribute .
+    access:requiresCheck access-individual:ValidTestAttribute ;
+    access:requiresCheck access-individual:BrokenTestAttribute .
   
 access-individual:BrokenTestAttribute rdf:type access:Check ;
     access:operator access-individual:Equals ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
index e09630658c..aa02263b5f 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
@@ -9,11 +9,11 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenPolicyBrokenTestTypeId rdf:type access:Policy ;
-    access:rule access-individual:BrokenTestRule .
+    access:hasRule access-individual:BrokenTestRule .
   
 access-individual:BrokenTestRule rdf:type access:Rule ;
-    access:check access-individual:ValidTestAttribute ;
-    access:check access-individual:BrokenTestAttribute .
+    access:requiresCheck access-individual:ValidTestAttribute ;
+    access:requiresCheck access-individual:BrokenTestAttribute .
   
 access-individual:BrokenTestAttribute rdf:type access:Check ;
     access:operator access-individual:UnknownTest ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
index ce194473e5..5fcded4da5 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
@@ -9,11 +9,11 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenPolicyTypeId rdf:type access:Policy ;
-    access:rule access-individual:BrokenTestRule .
+    access:hasRule access-individual:BrokenTestRule .
 
 access-individual:BrokenTestRule rdf:type access:Rule ;
-    access:check access-individual:ValidTestAttribute ;
-    access:check access-individual:BrokenTestAttribute .
+    access:requiresCheck access-individual:ValidTestAttribute ;
+    access:requiresCheck access-individual:BrokenTestAttribute .
 
 access-individual:BrokenTestAttribute rdf:type access:Check ;
     access:operator access-individual:Equals ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index 7b88ad1bcc..cacba78aac 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -10,11 +10,11 @@
 
 access-individual:BrokenTestSetPolicy rdf:type access:Policy ;
     access:policyDataSet access-individual:testDataSet1 ;
-    access:rule access-individual:BrokenRule .
+    access:hasRule access-individual:BrokenRule .
 
 access-individual:BrokenRule rdf:type access:Rule ;
-    access:check access-individual:BrokenAttribute1 ;
-    access:check access-individual:BrokenAttribute2 .
+    access:requiresCheck access-individual:BrokenAttribute1 ;
+    access:requiresCheck access-individual:BrokenAttribute2 .
 
 access-individual:BrokenAttribute1 rdf:type access:Check ;
     access:operator access-individual:Equals ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index ab5d6ebade..053e5d8379 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -11,11 +11,11 @@
 access-individual:BrokenTestSetPolicy rdf:type access:Policy ;
     access:policyDataSet access-individual:testDataSet1 ;
     access:policyDataSet access-individual:testDataSet2 ;
-    access:rule access-individual:BrokenRule .
+    access:hasRule access-individual:BrokenRule .
     
 access-individual:BrokenRule rdf:type access:Rule ;
-    access:check access-individual:BrokenSetAttribute1 ;
-    access:check access-individual:BrokenSetAttribute2 .
+    access:requiresCheck access-individual:BrokenSetAttribute1 ;
+    access:requiresCheck access-individual:BrokenSetAttribute2 .
     
 access-individual:BrokenSetAttribute1 rdf:type access:Check ;
     access:operator access-individual:NotOneOf ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
index a5c4681442..205d1764a9 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -10,10 +10,10 @@
 
 access-individual:KeyTestPolicy rdf:type access:Policy ;
     access:policyKey access-individual:PolicyKeyTest ;
-    access:rule access-individual:KeyTestRule .
+    access:hasRule access-individual:KeyTestRule .
     
 access-individual:KeyTestRule rdf:type access:Rule ;
-    access:check access-individual:KeyTestAttribute .
+    access:requiresCheck access-individual:KeyTestAttribute .
     
 access-individual:KeyTestAttribute rdf:type access:Check ;
     access:operator access-individual:Equals ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
index 741f4125e3..c5264dd755 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
@@ -9,10 +9,10 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:ValidTestPolicy rdf:type access:Policy ;
-    access:rule access-individual:ValidRule .
+    access:hasRule access-individual:ValidRule .
     
 access-individual:ValidRule rdf:type access:Rule ;
-    access:check access-individual:ValidAttribute .
+    access:requiresCheck access-individual:ValidAttribute .
     
 access-individual:ValidAttribute rdf:type access:Check ;
     access:operator access-individual:Equals ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index 6d9259e7c5..38e6db5f6d 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -11,11 +11,11 @@
 access-individual:ValidTestSetPolicy rdf:type access:PolicyTemplate ;
     access:policyDataSet access-individual:testDataSet2 ;
     access:policyDataSet access-individual:testDataSet1 ;
-    access:rule access-individual:ValidRule .
+    access:hasRule access-individual:ValidRule .
     
 access-individual:ValidRule rdf:type access:Rule ;
-    access:check access-individual:ValidAttribute1 ;
-    access:check access-individual:ValidAttribute2 .
+    access:requiresCheck access-individual:ValidAttribute1 ;
+    access:requiresCheck access-individual:ValidAttribute2 .
     
 access-individual:ValidAttribute1 rdf:type access:Check ;
     access:operator access-individual:Equals ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index 534df79b4d..443fceabad 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -6,15 +6,15 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/edit-individual-pages/> .
 
 :Policy a access:Policy ;
-    access:rule :AllowEditRelatedPagesRule ;
-    access:rule :AllowEditIndividualPagesRule .
+    access:hasRule :AllowEditRelatedPagesRule ;
+    access:hasRule :AllowEditIndividualPagesRule .
 
 :AllowEditIndividualPagesRule a access:Rule;
-    access:check :SubjectRoleOneOfEditorsCheck ;
-    access:check :IsAddOperation ;
-    access:check :IsObjectPropertyStatement ;
-    access:check :ObjectUriIsSomeUri ;
-    access:check :PredicateIsSomePredicate .
+    access:requiresCheck :SubjectRoleOneOfEditorsCheck ;
+    access:requiresCheck :IsAddOperation ;
+    access:requiresCheck :IsObjectPropertyStatement ;
+    access:requiresCheck :ObjectUriIsSomeUri ;
+    access:requiresCheck :PredicateIsSomePredicate .
 
 :SubjectRoleOneOfEditorsCheck a access:Check ;
     access:operator access-individual:OneOf ;
@@ -34,12 +34,12 @@
     access:value access-individual:AddOperation .
 
 :AllowEditRelatedPagesRule a access:Rule;
-    access:check :SubjectRoleIsSelfEditor ;
-    access:check :SubjectUriIsProfileRelatedResource ;
-    access:check :IsAddOperation ;
-    access:check :IsObjectPropertyStatement ;
-    access:check :ObjectUriIsSomeUri ;
-    access:check :PredicateIsSomePredicate .
+    access:requiresCheck :SubjectRoleIsSelfEditor ;
+    access:requiresCheck :SubjectUriIsProfileRelatedResource ;
+    access:requiresCheck :IsAddOperation ;
+    access:requiresCheck :IsObjectPropertyStatement ;
+    access:requiresCheck :ObjectUriIsSomeUri ;
+    access:requiresCheck :PredicateIsSomePredicate .
 
 :PredicateIsSomePredicate a access:Check ;
     access:operator access-individual:Equals ;
@@ -61,8 +61,8 @@
     access:attribute access-individual:AccessObjectType ;
     access:value access-individual:ObjectPropertyStatement .
 
-:SomeUri a access:AttributeValue ;
+:SomeUri a access:Value ;
     access:id "?SOME_URI" .
 
-:SomeLiteral a access:AttributeValue ;
+:SomeLiteral a access:Value ;
     access:id "?SOME_LITERAL" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
index a9dc5c44ff..8d4ec9a8e9 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
@@ -6,22 +6,22 @@
 
 :Policy a access:Policy ;
     access:priority 9000 ;
-    access:rule :RestrictEdit ;
-    access:rule :RestrictDrop .
+    access:hasRule :RestrictEdit ;
+    access:hasRule :RestrictDrop .
 
 :RestrictEdit a access:Rule ;
     access:decision access-individual:Deny ;
-    access:check :IsEditOperationCheck ;
-    access:check :IsObjectPropertyStatement ;
-    access:check :PredicateUriEqualsHomeMenuItem ;
-    access:check :ObjectUriEqualsHasElement .
+    access:requiresCheck :IsEditOperationCheck ;
+    access:requiresCheck :IsObjectPropertyStatement ;
+    access:requiresCheck :PredicateUriEqualsHomeMenuItem ;
+    access:requiresCheck :ObjectUriEqualsHasElement .
 
 :RestrictDrop a access:Rule ;
     access:decision access-individual:Deny ;
-    access:check :IsDropOperationCheck ;
-    access:check :IsObjectPropertyStatement ;
-    access:check :PredicateUriEqualsHomeMenuItem ;
-    access:check :ObjectUriEqualsHasElement .
+    access:requiresCheck :IsDropOperationCheck ;
+    access:requiresCheck :IsObjectPropertyStatement ;
+    access:requiresCheck :PredicateUriEqualsHomeMenuItem ;
+    access:requiresCheck :ObjectUriEqualsHasElement .
 
 :IsEditOperationCheck a access:Check ;
     access:operator access-individual:Equals ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
index 0c7eec9b1c..d45cf7dc6d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
@@ -6,10 +6,10 @@
 
 :Policy a access:Policy ;
     access:priority 10000 ;
-    access:rule :AllowRootUserRule .
+    access:hasRule :AllowRootUserRule .
 
 :AllowRootUserRule a access:Rule;
-    access:check :IsRootUserCheck .
+    access:requiresCheck :IsRootUserCheck .
 
 :IsRootUserCheck a access:Check ;
     access:operator access-individual:Equals ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3 b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
index 8fe1eb2f73..bc846434cc 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
@@ -3,7 +3,7 @@
 @prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-access-individual:PersonProfileProximityToResourceUri a access:AttributeValue ;
+access-individual:PersonProfileProximityToResourceUri a access:Value ;
     access:id """
     SELECT ?resourceUri WHERE {
         {
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 2179b1f4ce..391100b1e0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -6,7 +6,7 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-class/> .
 
 :PolicyTemplate a access:PolicyTemplate ;
-    access:rule :AllowMatchingClass ;
+    access:hasRule :AllowMatchingClass ;
 
     access:policyDataSet :PublicDisplayClassDataSet ;
     access:policyDataSet :SelfEditorDisplayClassDataSet ;
@@ -308,10 +308,10 @@
     access:keyComponent access-individual:PublishOperation .
 
 :AllowMatchingClass a access:Rule;
-    access:check :SubjectRoleCheck ;
-    access:check :OperationCheck ;
-    access:check :AccessObjectTypeCheck ;
-    access:check :AccessObjectUriCheck .
+    access:requiresCheck :SubjectRoleCheck ;
+    access:requiresCheck :OperationCheck ;
+    access:requiresCheck :AccessObjectTypeCheck ;
+    access:requiresCheck :AccessObjectUriCheck .
 
 :AccessObjectTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 354138e4f3..ed4fa6e905 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -6,8 +6,8 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 
 :PolicyTemplate a access:PolicyTemplate ;
-    access:rule :AllowMatchingPropertyStatement ;
-    access:rule :AllowMatchingProperty ;
+    access:hasRule :AllowMatchingPropertyStatement ;
+    access:hasRule :AllowMatchingProperty ;
 
     access:policyDataSet :PublicDisplayObjectPropertyDataSet ;
     access:policyDataSet :EditorDisplayObjectPropertyDataSet ;
@@ -1745,10 +1745,10 @@
     access:keyComponent access-individual:PublishOperation .
 
 :AllowMatchingProperty a access:Rule;
-    access:check :SubjectRoleEqualsDataSetRoleAttribute ;
-    access:check :OperationEqualsDataSetOperation ;
-    access:check :AccessObjectTypeEqualsDataSetValue ;
-    access:check :AccessObjectUriContainsInDataSet .
+    access:requiresCheck :SubjectRoleEqualsDataSetRoleAttribute ;
+    access:requiresCheck :OperationEqualsDataSetOperation ;
+    access:requiresCheck :AccessObjectTypeEqualsDataSetValue ;
+    access:requiresCheck :AccessObjectUriContainsInDataSet .
 
 :AccessObjectTypeEqualsDataSetValue a access:Check ;
     access:operator access-individual:Equals ;
@@ -1760,10 +1760,10 @@
     .
 
 :AllowMatchingPropertyStatement a access:Rule;
-    access:check :SubjectRoleEqualsDataSetRoleAttribute ;
-    access:check :OperationEqualsDataSetOperation ;
-    access:check :AccessObjectTypeStatementEquals ;
-    access:check :StatementPredicateEquals ;
+    access:requiresCheck :SubjectRoleEqualsDataSetRoleAttribute ;
+    access:requiresCheck :OperationEqualsDataSetOperation ;
+    access:requiresCheck :AccessObjectTypeStatementEquals ;
+    access:requiresCheck :StatementPredicateEquals ;
     .
 
 :AccessObjectTypeStatementEquals a access:Check ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index b42df60e1e..ce9f6439da 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -6,8 +6,8 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/related-allowed-property/> .
 
 :PolicyTemplate a access:PolicyTemplate ;
-    access:rule :AllowMatchingPropertyStatement ;
-    access:rule :AllowMatchingProperty ;
+    access:hasRule :AllowMatchingPropertyStatement ;
+    access:hasRule :AllowMatchingProperty ;
 
     access:policyDataSet :SelfEditorDisplayObjectPropertyDataSet ;
     access:policyDataSet :SelfEditorDisplayDataPropertyDataSet ;
@@ -140,10 +140,10 @@
     access:keyComponent access-individual:PublishOperation .
 
 :AllowMatchingProperty a access:Rule;
-    access:check :SubjectRoleCheck ;
-    access:check :OperationCheck ;
-    access:check :AccessObjectTypeCheck ;
-    access:check :AccessObjectUriCheck .
+    access:requiresCheck :SubjectRoleCheck ;
+    access:requiresCheck :OperationCheck ;
+    access:requiresCheck :AccessObjectTypeCheck ;
+    access:requiresCheck :AccessObjectUriCheck .
 
 :AccessObjectTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
@@ -155,10 +155,10 @@
     .
 
 :AllowMatchingPropertyStatement a access:Rule;
-    access:check :SubjectRoleCheck ;
-    access:check :OperationCheck ;
-    access:check :AccessObjectStatementTypeCheck ;
-    access:check :StatementPredicateCheck ;
+    access:requiresCheck :SubjectRoleCheck ;
+    access:requiresCheck :OperationCheck ;
+    access:requiresCheck :AccessObjectStatementTypeCheck ;
+    access:requiresCheck :StatementPredicateCheck ;
     .
 
 :AccessObjectStatementTypeCheck a access:Check ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index add22b344d..42f3731828 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -7,42 +7,42 @@
 :PolicyTemplate a access:PolicyTemplate ;
     access:priority 8000 ;
     access:policyDataSet :NotModifiableStatementsPolicyDataSet ;
-    access:rule :RestrictObjectPropertyStatementsWithNotModifiablePredicate ;
-    access:rule :RestrictObjectPropertyStatementsWithNotModifiableSubject ;
-    access:rule :RestrictObjectPropertyStatementsWithNotModifiableObject ;
-    access:rule :RestrictDataPropertyStatementsWithNotModifiableSubject ;
-    access:rule :RestrictDataPropertyStatementsWithNotModifiablePredicate ;
+    access:hasRule :RestrictObjectPropertyStatementsWithNotModifiablePredicate ;
+    access:hasRule :RestrictObjectPropertyStatementsWithNotModifiableSubject ;
+    access:hasRule :RestrictObjectPropertyStatementsWithNotModifiableObject ;
+    access:hasRule :RestrictDataPropertyStatementsWithNotModifiableSubject ;
+    access:hasRule :RestrictDataPropertyStatementsWithNotModifiablePredicate ;
     .
 
 :RestrictObjectPropertyStatementsWithNotModifiableSubject a access:Rule ;
     access:decision access-individual:Deny ;
-    access:check :IsObjectPropertyStatement ;
-    access:check :SubjectUriStartWithProhibitedNamespace ;
-    access:check :StatementSubjectNotOneOfProhibitedExceptions .
+    access:requiresCheck :IsObjectPropertyStatement ;
+    access:requiresCheck :SubjectUriStartWithProhibitedNamespace ;
+    access:requiresCheck :StatementSubjectNotOneOfProhibitedExceptions .
 
 :RestrictObjectPropertyStatementsWithNotModifiablePredicate a access:Rule ;
     access:decision access-individual:Deny ;
-    access:check :IsObjectPropertyStatement ;
-    access:check :PredicateUriStartWithProhibitedNamespace ;
-    access:check :PredicateNotANamespaceException .
+    access:requiresCheck :IsObjectPropertyStatement ;
+    access:requiresCheck :PredicateUriStartWithProhibitedNamespace ;
+    access:requiresCheck :PredicateNotANamespaceException .
 
 :RestrictObjectPropertyStatementsWithNotModifiableObject a access:Rule ;
     access:decision access-individual:Deny ;
-    access:check :IsObjectPropertyStatement ;
-    access:check :StatementObjectUriStartsWithProhibitedNameSpace ;
-    access:check :ObjectUriNotOneOfProhibitedExceptions .
+    access:requiresCheck :IsObjectPropertyStatement ;
+    access:requiresCheck :StatementObjectUriStartsWithProhibitedNameSpace ;
+    access:requiresCheck :ObjectUriNotOneOfProhibitedExceptions .
 
 :RestrictDataPropertyStatementsWithNotModifiableSubject a access:Rule ;
     access:decision access-individual:Deny ;
-    access:check :IsDataPropertyStatement ;
-    access:check :SubjectUriStartWithProhibitedNamespace ;
-    access:check :StatementSubjectNotOneOfProhibitedExceptions .
+    access:requiresCheck :IsDataPropertyStatement ;
+    access:requiresCheck :SubjectUriStartWithProhibitedNamespace ;
+    access:requiresCheck :StatementSubjectNotOneOfProhibitedExceptions .
 
 :RestrictDataPropertyStatementsWithNotModifiablePredicate a access:Rule ;
     access:decision access-individual:Deny ;
-    access:check :IsDataPropertyStatement ;
-    access:check :PredicateUriStartWithProhibitedNamespace ;
-    access:check :PredicateNotANamespaceException .
+    access:requiresCheck :IsDataPropertyStatement ;
+    access:requiresCheck :PredicateUriStartWithProhibitedNamespace ;
+    access:requiresCheck :PredicateNotANamespaceException .
 
 :IsObjectPropertyStatement a access:Check ;
     access:operator access-individual:Equals ;
@@ -110,6 +110,6 @@
     access:value  :prohibitedNamespacePrefix ; 
     .
 
-:prohibitedNamespacePrefix a access:AttributeValue ;
+:prohibitedNamespacePrefix a access:Value ;
     access:id "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#" ;
     
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 2d52760360..1315b319fb 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -8,7 +8,7 @@
 
 :PolicyTemplate a access:PolicyTemplate ;
     access:priority 1000 ;
-    access:rule :AllowSimplePermission ;
+    access:hasRule :AllowSimplePermission ;
     access:policyDataSetTemplate :RoleDataSetTemplate ;
     access:policyDataSet :PublicDataSet ;
     access:policyDataSet :SelfEditorDataSet ;
@@ -95,10 +95,10 @@
     access:keyComponent auth:ADMIN .
 
 :AllowSimplePermission a access:Rule;
-    access:check :IsSimplePermission ;
-    access:check :IsExecuteOperation ;
-    access:check :PermissionNameAllowed ;
-    access:check :SubjectRoleEqualsDataSetRole .
+    access:requiresCheck :IsSimplePermission ;
+    access:requiresCheck :IsExecuteOperation ;
+    access:requiresCheck :PermissionNameAllowed ;
+    access:requiresCheck :SubjectRoleEqualsDataSetRole .
 
 :IsExecuteOperation a access:Check ;
     access:operator access-individual:Equals ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 423d18133e..b874db96a4 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -6,8 +6,8 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/update-related-allowed-property/> .
 
 :PolicyTemplate a access:PolicyTemplate ;
-    access:rule :AllowMatchingPropertyStatement ;
-    access:rule :AllowMatchingProperty ;
+    access:hasRule :AllowMatchingPropertyStatement ;
+    access:hasRule :AllowMatchingProperty ;
  
     access:policyDataSet :SelfEditorAddObjectPropertyDataSet ;
     access:policyDataSet :SelfEditorAddDataPropertyDataSet ;
@@ -206,10 +206,10 @@
     access:keyComponent access-individual:EditOperation .
 
 :AllowMatchingProperty a access:Rule;
-    access:check :SubjectRoleCheck ;
-    access:check :OperationCheck ;
-    access:check :AccessObjectTypeCheck ;
-    access:check :AccessObjectUriCheck .
+    access:requiresCheck :SubjectRoleCheck ;
+    access:requiresCheck :OperationCheck ;
+    access:requiresCheck :AccessObjectTypeCheck ;
+    access:requiresCheck :AccessObjectUriCheck .
 
 :AccessObjectTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
@@ -221,11 +221,11 @@
     .
 
 :AllowMatchingPropertyStatement a access:Rule;
-    access:check :SubjectRoleCheck ;
-    access:check :OperationCheck ;
-    access:check :AccessObjectStatementTypeCheck ;
-    access:check :StatementPredicateCheck ;
-    access:check :RelationCheck ;
+    access:requiresCheck :SubjectRoleCheck ;
+    access:requiresCheck :OperationCheck ;
+    access:requiresCheck :AccessObjectStatementTypeCheck ;
+    access:requiresCheck :StatementPredicateCheck ;
+    access:requiresCheck :RelationCheck ;
     .
 
 :RelationCheck a access:Check ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 68bf9b420e..5cad13e3c2 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -55,9 +55,9 @@
     rdfs:comment "Attribute to check";
     rdfs:label "Attribute"@en-US .
 
-:AttributeValue a owl:Class ;
-    rdfs:comment "Resource represents single attribute value, usually specified as literal with :id ";
-    rdfs:label "Attribute value"@en-US .
+:Value a owl:Class ;
+    rdfs:comment "Resource represents single value, usually specified as literal with :id ";
+    rdfs:label "Value"@en-US .
 
 :Decision a owl:Class ;
     rdfs:comment "Decision to return in case all checks in a rule match";
@@ -89,7 +89,7 @@
     owl:FunctionalProperty ;
     rdfs:comment "Set string identifier";
     rdfs:range xsd:string ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Operator :Operation :Decision :AttributeValue :SubjectType :Attribute :ObjectType ) ] ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Operator :Operation :Decision :Value :SubjectType :Attribute :ObjectType ) ] ;
     rdfs:label "id"@en-US .
 
 :priority a owl:DatatypeProperty ,
@@ -115,7 +115,7 @@
     rdfs:range :ValueSet .
 
 :value a owl:ObjectProperty ;
-    rdfs:comment "Assign one value (any URI or :AttributeValue with :id to define literal value)";
+    rdfs:comment "Assign one value (any URI or :Value with :id to define literal value)";
     rdfs:label "value"@en-US ;
     rdfs:domain [ a owl:Class ; owl:unionOf  ( :ValueSet :Check ) ] .
 
@@ -174,9 +174,9 @@
     rdfs:domain :DataSetTemplateKey ;
     rdfs:range :Attribute .
 
-:check a owl:ObjectProperty ;
-    rdfs:comment "contains check";
-    rdfs:label "check"@en-US ;
+:requiresCheck a owl:ObjectProperty ;
+    rdfs:comment "Requires check";
+    rdfs:label "requires check"@en-US ;
     rdfs:domain :Rule ;
     rdfs:range :Check .
 
@@ -192,9 +192,9 @@
     rdfs:domain :PolicyTemplate ;
     rdfs:range :PolicyDataSet .
 
-:rule a owl:ObjectProperty ;
-    rdfs:comment "Contains a rule";
-    rdfs:label "rule"@en-US ;
+:hasRule a owl:ObjectProperty ;
+    rdfs:comment "Assgins a rule to a policy or policy template";
+    rdfs:label "has rule"@en-US ;
     rdfs:domain [ a owl:Class ; owl:unionOf  ( :Policy :PolicyTemplate ) ] ;
     rdfs:range :Rule .
 

From 65856ba5a3d884ebe7a608efce38061f0eecb2c5 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 23 Nov 2023 13:57:12 +0100
Subject: [PATCH 118/148] refact: renamed access:attributeValue to
 access:values

---
 .../webapp/auth/policy/PolicyLoader.java      |   4 +-
 .../auth/rules/test_policy_broken_set.n3      |   4 +-
 .../auth/rules/test_policy_valid_set.n3       |   8 +-
 .../template_access_allowed_class.n3          |  46 +-
 .../template_access_allowed_property.n3       | 414 +++++++++---------
 ...emplate_access_related_allowed_property.n3 |  54 +--
 .../template_not_modifiable_statements.n3     |  12 +-
 .../firsttime/template_simple_permissions.n3  |  20 +-
 ...emplate_update_related_allowed_property.n3 |  80 ++--
 .../vitro-access-control-ontology.n3          |   6 +-
 10 files changed, 324 insertions(+), 324 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 1122b76d26..272be8addb 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -152,7 +152,7 @@ public class PolicyLoader {
             + "      ?decision access:id ?decision_id .\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?check access:attributeValue ?attributeValue .\n"
+            + "      ?check access:values ?attributeValue .\n"
             + "      ?attributeValue access:value ?value .\n"
             + "      ?dataSet access:dataSetValues ?attributeValue .\n"
             + "      OPTIONAL {\n"
@@ -282,7 +282,7 @@ public class PolicyLoader {
     public static final String CONSTRUCT_VALUE_SET_QUERY = ""
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "CONSTRUCT {\n"
-            + "  ?relatedCheck access:attributeValue ?valueSet .\n"
+            + "  ?relatedCheck access:values ?valueSet .\n"
             + "  ?valueSet a access:ValueSet .\n"
             + "  ?valueSet access:containsElementsOfType ?setElementsType .\n"
             + "  ?valueSet access:value ?newRoleUri .\n"
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index 053e5d8379..d398931af0 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -20,13 +20,13 @@ access-individual:BrokenRule rdf:type access:Rule ;
 access-individual:BrokenSetAttribute1 rdf:type access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:ObjectUri ;
-    access:attributeValue access-individual:valueSet1 ;
+    access:values access-individual:valueSet1 ;
     .
     
 access-individual:BrokenSetAttribute2 rdf:type access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:ObjectUri ;
-    access:attributeValue access-individual:valueSet2 ;
+    access:values access-individual:valueSet2 ;
     .
 
 access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index 38e6db5f6d..128ab7bfea 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -20,15 +20,15 @@ access-individual:ValidRule rdf:type access:Rule ;
 access-individual:ValidAttribute1 rdf:type access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectUri ;
-    access:attributeValue access-individual:valueSet1 ;
-    access:attributeValue access-individual:valueSet3 ;
+    access:values access-individual:valueSet1 ;
+    access:values access-individual:valueSet3 ;
     .
     
 access-individual:ValidAttribute2 rdf:type access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectUri ;
-    access:attributeValue access-individual:valueSet4 ;
-    access:attributeValue access-individual:valueSet2 ;
+    access:values access-individual:valueSet4 ;
+    access:values access-individual:valueSet2 ;
     .
 
 access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 391100b1e0..6ebda17141 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -316,43 +316,43 @@
 :AccessObjectTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ClassValueSet ;
+    access:values access-individual:ClassValueSet ;
     .
 
 :OperationCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:attributeValue access-individual:DisplayOperationValueSet ;
-    access:attributeValue access-individual:PublishOperationValueSet ;
-    access:attributeValue access-individual:UpdateOperationValueSet ;
+    access:values access-individual:DisplayOperationValueSet ;
+    access:values access-individual:PublishOperationValueSet ;
+    access:values access-individual:UpdateOperationValueSet ;
     .
 
 :SubjectRoleCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:attributeValue access-individual:PublicRoleValueSet ;
-    access:attributeValue access-individual:SelfEditorRoleValueSet ;
-    access:attributeValue access-individual:EditorRoleValueSet ;
-    access:attributeValue access-individual:CuratorRoleValueSet ;
-    access:attributeValue access-individual:AdminRoleValueSet .
+    access:values access-individual:PublicRoleValueSet ;
+    access:values access-individual:SelfEditorRoleValueSet ;
+    access:values access-individual:EditorRoleValueSet ;
+    access:values access-individual:CuratorRoleValueSet ;
+    access:values access-individual:AdminRoleValueSet .
 
 :AccessObjectUriCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:attributeValue :AdminPublishClassValueSet ;
-    access:attributeValue :AdminDisplayClassValueSet ;
-    access:attributeValue :AdminUpdateClassValueSet ;
-    access:attributeValue :CuratorPublishClassValueSet ;
-    access:attributeValue :CuratorDisplayClassValueSet ;
-    access:attributeValue :CuratorUpdateClassValueSet ;
-    access:attributeValue :EditorPublishClassValueSet ;
-    access:attributeValue :EditorDisplayClassValueSet ;
-    access:attributeValue :EditorUpdateClassValueSet ;
-    access:attributeValue :SelfEditorPublishClassValueSet ;
-    access:attributeValue :SelfEditorDisplayClassValueSet ;
-    access:attributeValue :SelfEditorUpdateClassValueSet ;
-    access:attributeValue :PublicDisplayClassValueSet ;
-    access:attributeValue :PublicUpdateClassValueSet ;
+    access:values :AdminPublishClassValueSet ;
+    access:values :AdminDisplayClassValueSet ;
+    access:values :AdminUpdateClassValueSet ;
+    access:values :CuratorPublishClassValueSet ;
+    access:values :CuratorDisplayClassValueSet ;
+    access:values :CuratorUpdateClassValueSet ;
+    access:values :EditorPublishClassValueSet ;
+    access:values :EditorDisplayClassValueSet ;
+    access:values :EditorUpdateClassValueSet ;
+    access:values :SelfEditorPublishClassValueSet ;
+    access:values :SelfEditorDisplayClassValueSet ;
+    access:values :SelfEditorUpdateClassValueSet ;
+    access:values :PublicDisplayClassValueSet ;
+    access:values :PublicUpdateClassValueSet ;
     .
 
 :AdminPublishClassValueSet a access:ValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index ed4fa6e905..9a962b0cd0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -1753,10 +1753,10 @@
 :AccessObjectTypeEqualsDataSetValue a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ObjectPropertyValueSet ;
-    access:attributeValue access-individual:DataPropertyValueSet ;
-    access:attributeValue access-individual:FauxObjectPropertyValueSet ;
-    access:attributeValue access-individual:FauxDataPropertyValueSet ;
+    access:values access-individual:ObjectPropertyValueSet ;
+    access:values access-individual:DataPropertyValueSet ;
+    access:values access-individual:FauxObjectPropertyValueSet ;
+    access:values access-individual:FauxDataPropertyValueSet ;
     .
 
 :AllowMatchingPropertyStatement a access:Rule;
@@ -1769,228 +1769,228 @@
 :AccessObjectTypeStatementEquals a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ObjectPropertyStatementValueSet ;
-    access:attributeValue access-individual:DataPropertyStatementValueSet ;
-    access:attributeValue access-individual:FauxObjectPropertyStatementValueSet ;
-    access:attributeValue access-individual:FauxDataPropertyStatementValueSet ;
+    access:values access-individual:ObjectPropertyStatementValueSet ;
+    access:values access-individual:DataPropertyStatementValueSet ;
+    access:values access-individual:FauxObjectPropertyStatementValueSet ;
+    access:values access-individual:FauxDataPropertyStatementValueSet ;
     .
 
 :OperationEqualsDataSetOperation a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:attributeValue access-individual:DisplayOperationValueSet ;
-    access:attributeValue access-individual:PublishOperationValueSet ;
-    access:attributeValue access-individual:EditOperationValueSet ;
-    access:attributeValue access-individual:AddOperationValueSet ;
-    access:attributeValue access-individual:DropOperationValueSet ;
+    access:values access-individual:DisplayOperationValueSet ;
+    access:values access-individual:PublishOperationValueSet ;
+    access:values access-individual:EditOperationValueSet ;
+    access:values access-individual:AddOperationValueSet ;
+    access:values access-individual:DropOperationValueSet ;
     .
 
 :SubjectRoleEqualsDataSetRoleAttribute a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:attributeValue access-individual:PublicRoleValueSet ;
-    access:attributeValue access-individual:EditorRoleValueSet ;
-    access:attributeValue access-individual:CuratorRoleValueSet ;
-    access:attributeValue access-individual:AdminRoleValueSet .
+    access:values access-individual:PublicRoleValueSet ;
+    access:values access-individual:EditorRoleValueSet ;
+    access:values access-individual:CuratorRoleValueSet ;
+    access:values access-individual:AdminRoleValueSet .
 
 :StatementPredicateEquals a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:attributeValue :PublicDisplayObjectPropertyValueSet ;
-    access:attributeValue :EditorDisplayObjectPropertyValueSet ;
-    access:attributeValue :CuratorDisplayObjectPropertyValueSet ;
-    access:attributeValue :AdminDisplayObjectPropertyValueSet ;
-
-    access:attributeValue :PublicDisplayDataPropertyValueSet ;
-    access:attributeValue :EditorDisplayDataPropertyValueSet ;
-    access:attributeValue :CuratorDisplayDataPropertyValueSet ;
-    access:attributeValue :AdminDisplayDataPropertyValueSet ;
-
-    access:attributeValue :PublicDisplayFauxObjectPropertyValueSet ;
-    access:attributeValue :EditorDisplayFauxObjectPropertyValueSet ;
-    access:attributeValue :CuratorDisplayFauxObjectPropertyValueSet ;
-    access:attributeValue :AdminDisplayFauxObjectPropertyValueSet ;
-
-    access:attributeValue :PublicDisplayFauxDataPropertyValueSet ;   
-    access:attributeValue :EditorDisplayFauxDataPropertyValueSet ;
-    access:attributeValue :CuratorDisplayFauxDataPropertyValueSet ;
-    access:attributeValue :AdminDisplayFauxDataPropertyValueSet ;
-
-    access:attributeValue :EditorPublishObjectPropertyValueSet ;
-    access:attributeValue :CuratorPublishObjectPropertyValueSet ;
-    access:attributeValue :AdminPublishObjectPropertyValueSet ;
-
-    access:attributeValue :EditorPublishDataPropertyValueSet ;
-    access:attributeValue :CuratorPublishDataPropertyValueSet ;
-    access:attributeValue :AdminPublishDataPropertyValueSet ;
-
-    access:attributeValue :EditorPublishFauxObjectPropertyValueSet ;
-    access:attributeValue :CuratorPublishFauxObjectPropertyValueSet ;
-    access:attributeValue :AdminPublishFauxObjectPropertyValueSet ;
-
-    access:attributeValue :EditorPublishFauxDataPropertyValueSet ;
-    access:attributeValue :CuratorPublishFauxDataPropertyValueSet ;
-    access:attributeValue :AdminPublishFauxDataPropertyValueSet ;
-
-    access:attributeValue :PublicEditObjectPropertyValueSet ;
-    access:attributeValue :EditorEditObjectPropertyValueSet ;
-    access:attributeValue :CuratorEditObjectPropertyValueSet ;
-    access:attributeValue :AdminEditObjectPropertyValueSet ;
-
-    access:attributeValue :PublicAddObjectPropertyValueSet ;
-    access:attributeValue :EditorAddObjectPropertyValueSet ;
-    access:attributeValue :CuratorAddObjectPropertyValueSet ;
-    access:attributeValue :AdminAddObjectPropertyValueSet ;
-
-    access:attributeValue :PublicDropObjectPropertyValueSet ;
-    access:attributeValue :EditorDropObjectPropertyValueSet ;
-    access:attributeValue :CuratorDropObjectPropertyValueSet ;
-    access:attributeValue :AdminDropObjectPropertyValueSet ;
-
-    access:attributeValue :PublicEditDataPropertyValueSet ;
-    access:attributeValue :EditorEditDataPropertyValueSet ;
-    access:attributeValue :CuratorEditDataPropertyValueSet ;
-    access:attributeValue :AdminEditDataPropertyValueSet ;
-
-    access:attributeValue :PublicAddDataPropertyValueSet ;
-    access:attributeValue :EditorAddDataPropertyValueSet ;
-    access:attributeValue :CuratorAddDataPropertyValueSet ;
-    access:attributeValue :AdminAddDataPropertyValueSet ;
-
-    access:attributeValue :PublicDropDataPropertyValueSet ;
-    access:attributeValue :EditorDropDataPropertyValueSet ;
-    access:attributeValue :CuratorDropDataPropertyValueSet ;
-    access:attributeValue :AdminDropDataPropertyValueSet ;
-
-    access:attributeValue :PublicEditFauxObjectPropertyValueSet ;
-    access:attributeValue :EditorEditFauxObjectPropertyValueSet ;
-    access:attributeValue :CuratorEditFauxObjectPropertyValueSet ;
-    access:attributeValue :AdminEditFauxObjectPropertyValueSet ;
-
-    access:attributeValue :PublicAddFauxObjectPropertyValueSet ;
-    access:attributeValue :EditorAddFauxObjectPropertyValueSet ;
-    access:attributeValue :CuratorAddFauxObjectPropertyValueSet ;
-    access:attributeValue :AdminAddFauxObjectPropertyValueSet ;
-
-    access:attributeValue :PublicDropFauxObjectPropertyValueSet ;
-    access:attributeValue :EditorDropFauxObjectPropertyValueSet ;
-    access:attributeValue :CuratorDropFauxObjectPropertyValueSet ;
-    access:attributeValue :AdminDropFauxObjectPropertyValueSet ;
-
-    access:attributeValue :PublicEditFauxDataPropertyValueSet ;
-    access:attributeValue :EditorEditFauxDataPropertyValueSet ;
-    access:attributeValue :CuratorEditFauxDataPropertyValueSet ;
-    access:attributeValue :AdminEditFauxDataPropertyValueSet ;
-
-    access:attributeValue :PublicAddFauxDataPropertyValueSet ;
-    access:attributeValue :EditorAddFauxDataPropertyValueSet ;
-    access:attributeValue :CuratorAddFauxDataPropertyValueSet ;
-    access:attributeValue :AdminAddFauxDataPropertyValueSet ;
-
-    access:attributeValue :PublicDropFauxDataPropertyValueSet ;
-    access:attributeValue :EditorDropFauxDataPropertyValueSet ;
-    access:attributeValue :CuratorDropFauxDataPropertyValueSet ;
-    access:attributeValue :AdminDropFauxDataPropertyValueSet ;
+    access:values :PublicDisplayObjectPropertyValueSet ;
+    access:values :EditorDisplayObjectPropertyValueSet ;
+    access:values :CuratorDisplayObjectPropertyValueSet ;
+    access:values :AdminDisplayObjectPropertyValueSet ;
+
+    access:values :PublicDisplayDataPropertyValueSet ;
+    access:values :EditorDisplayDataPropertyValueSet ;
+    access:values :CuratorDisplayDataPropertyValueSet ;
+    access:values :AdminDisplayDataPropertyValueSet ;
+
+    access:values :PublicDisplayFauxObjectPropertyValueSet ;
+    access:values :EditorDisplayFauxObjectPropertyValueSet ;
+    access:values :CuratorDisplayFauxObjectPropertyValueSet ;
+    access:values :AdminDisplayFauxObjectPropertyValueSet ;
+
+    access:values :PublicDisplayFauxDataPropertyValueSet ;   
+    access:values :EditorDisplayFauxDataPropertyValueSet ;
+    access:values :CuratorDisplayFauxDataPropertyValueSet ;
+    access:values :AdminDisplayFauxDataPropertyValueSet ;
+
+    access:values :EditorPublishObjectPropertyValueSet ;
+    access:values :CuratorPublishObjectPropertyValueSet ;
+    access:values :AdminPublishObjectPropertyValueSet ;
+
+    access:values :EditorPublishDataPropertyValueSet ;
+    access:values :CuratorPublishDataPropertyValueSet ;
+    access:values :AdminPublishDataPropertyValueSet ;
+
+    access:values :EditorPublishFauxObjectPropertyValueSet ;
+    access:values :CuratorPublishFauxObjectPropertyValueSet ;
+    access:values :AdminPublishFauxObjectPropertyValueSet ;
+
+    access:values :EditorPublishFauxDataPropertyValueSet ;
+    access:values :CuratorPublishFauxDataPropertyValueSet ;
+    access:values :AdminPublishFauxDataPropertyValueSet ;
+
+    access:values :PublicEditObjectPropertyValueSet ;
+    access:values :EditorEditObjectPropertyValueSet ;
+    access:values :CuratorEditObjectPropertyValueSet ;
+    access:values :AdminEditObjectPropertyValueSet ;
+
+    access:values :PublicAddObjectPropertyValueSet ;
+    access:values :EditorAddObjectPropertyValueSet ;
+    access:values :CuratorAddObjectPropertyValueSet ;
+    access:values :AdminAddObjectPropertyValueSet ;
+
+    access:values :PublicDropObjectPropertyValueSet ;
+    access:values :EditorDropObjectPropertyValueSet ;
+    access:values :CuratorDropObjectPropertyValueSet ;
+    access:values :AdminDropObjectPropertyValueSet ;
+
+    access:values :PublicEditDataPropertyValueSet ;
+    access:values :EditorEditDataPropertyValueSet ;
+    access:values :CuratorEditDataPropertyValueSet ;
+    access:values :AdminEditDataPropertyValueSet ;
+
+    access:values :PublicAddDataPropertyValueSet ;
+    access:values :EditorAddDataPropertyValueSet ;
+    access:values :CuratorAddDataPropertyValueSet ;
+    access:values :AdminAddDataPropertyValueSet ;
+
+    access:values :PublicDropDataPropertyValueSet ;
+    access:values :EditorDropDataPropertyValueSet ;
+    access:values :CuratorDropDataPropertyValueSet ;
+    access:values :AdminDropDataPropertyValueSet ;
+
+    access:values :PublicEditFauxObjectPropertyValueSet ;
+    access:values :EditorEditFauxObjectPropertyValueSet ;
+    access:values :CuratorEditFauxObjectPropertyValueSet ;
+    access:values :AdminEditFauxObjectPropertyValueSet ;
+
+    access:values :PublicAddFauxObjectPropertyValueSet ;
+    access:values :EditorAddFauxObjectPropertyValueSet ;
+    access:values :CuratorAddFauxObjectPropertyValueSet ;
+    access:values :AdminAddFauxObjectPropertyValueSet ;
+
+    access:values :PublicDropFauxObjectPropertyValueSet ;
+    access:values :EditorDropFauxObjectPropertyValueSet ;
+    access:values :CuratorDropFauxObjectPropertyValueSet ;
+    access:values :AdminDropFauxObjectPropertyValueSet ;
+
+    access:values :PublicEditFauxDataPropertyValueSet ;
+    access:values :EditorEditFauxDataPropertyValueSet ;
+    access:values :CuratorEditFauxDataPropertyValueSet ;
+    access:values :AdminEditFauxDataPropertyValueSet ;
+
+    access:values :PublicAddFauxDataPropertyValueSet ;
+    access:values :EditorAddFauxDataPropertyValueSet ;
+    access:values :CuratorAddFauxDataPropertyValueSet ;
+    access:values :AdminAddFauxDataPropertyValueSet ;
+
+    access:values :PublicDropFauxDataPropertyValueSet ;
+    access:values :EditorDropFauxDataPropertyValueSet ;
+    access:values :CuratorDropFauxDataPropertyValueSet ;
+    access:values :AdminDropFauxDataPropertyValueSet ;
     .
 
 :AccessObjectUriContainsInDataSet a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:attributeValue :PublicDisplayObjectPropertyValueSet ;
-    access:attributeValue :EditorDisplayObjectPropertyValueSet ;
-    access:attributeValue :CuratorDisplayObjectPropertyValueSet ;
-    access:attributeValue :AdminDisplayObjectPropertyValueSet ;
-
-    access:attributeValue :PublicDisplayDataPropertyValueSet ;
-    access:attributeValue :EditorDisplayDataPropertyValueSet ;
-    access:attributeValue :CuratorDisplayDataPropertyValueSet ;
-    access:attributeValue :AdminDisplayDataPropertyValueSet ;
-
-    access:attributeValue :PublicDisplayFauxObjectPropertyValueSet ;
-    access:attributeValue :EditorDisplayFauxObjectPropertyValueSet ;
-    access:attributeValue :CuratorDisplayFauxObjectPropertyValueSet ;
-    access:attributeValue :AdminDisplayFauxObjectPropertyValueSet ;
-
-    access:attributeValue :PublicDisplayFauxDataPropertyValueSet ;   
-    access:attributeValue :EditorDisplayFauxDataPropertyValueSet ;
-    access:attributeValue :CuratorDisplayFauxDataPropertyValueSet ;
-    access:attributeValue :AdminDisplayFauxDataPropertyValueSet ;
-
-    access:attributeValue :EditorPublishObjectPropertyValueSet ;
-    access:attributeValue :CuratorPublishObjectPropertyValueSet ;
-    access:attributeValue :AdminPublishObjectPropertyValueSet ;
-
-    access:attributeValue :EditorPublishDataPropertyValueSet ;
-    access:attributeValue :CuratorPublishDataPropertyValueSet ;
-    access:attributeValue :AdminPublishDataPropertyValueSet ;
-
-    access:attributeValue :EditorPublishFauxObjectPropertyValueSet ;
-    access:attributeValue :CuratorPublishFauxObjectPropertyValueSet ;
-    access:attributeValue :AdminPublishFauxObjectPropertyValueSet ;
-
-    access:attributeValue :EditorPublishFauxDataPropertyValueSet ;
-    access:attributeValue :CuratorPublishFauxDataPropertyValueSet ;
-    access:attributeValue :AdminPublishFauxDataPropertyValueSet ;
-
-    access:attributeValue :PublicEditObjectPropertyValueSet ;
-    access:attributeValue :EditorEditObjectPropertyValueSet ;
-    access:attributeValue :CuratorEditObjectPropertyValueSet ;
-    access:attributeValue :AdminEditObjectPropertyValueSet ;
-
-    access:attributeValue :PublicAddObjectPropertyValueSet ;
-    access:attributeValue :EditorAddObjectPropertyValueSet ;
-    access:attributeValue :CuratorAddObjectPropertyValueSet ;
-    access:attributeValue :AdminAddObjectPropertyValueSet ;
-
-    access:attributeValue :PublicDropObjectPropertyValueSet ;
-    access:attributeValue :EditorDropObjectPropertyValueSet ;
-    access:attributeValue :CuratorDropObjectPropertyValueSet ;
-    access:attributeValue :AdminDropObjectPropertyValueSet ;
-
-    access:attributeValue :PublicEditDataPropertyValueSet ;
-    access:attributeValue :EditorEditDataPropertyValueSet ;
-    access:attributeValue :CuratorEditDataPropertyValueSet ;
-    access:attributeValue :AdminEditDataPropertyValueSet ;
-
-    access:attributeValue :PublicAddDataPropertyValueSet ;
-    access:attributeValue :EditorAddDataPropertyValueSet ;
-    access:attributeValue :CuratorAddDataPropertyValueSet ;
-    access:attributeValue :AdminAddDataPropertyValueSet ;
-
-    access:attributeValue :PublicDropDataPropertyValueSet ;
-    access:attributeValue :EditorDropDataPropertyValueSet ;
-    access:attributeValue :CuratorDropDataPropertyValueSet ;
-    access:attributeValue :AdminDropDataPropertyValueSet ;
-
-    access:attributeValue :PublicEditFauxObjectPropertyValueSet ;
-    access:attributeValue :EditorEditFauxObjectPropertyValueSet ;
-    access:attributeValue :CuratorEditFauxObjectPropertyValueSet ;
-    access:attributeValue :AdminEditFauxObjectPropertyValueSet ;
-
-    access:attributeValue :PublicAddFauxObjectPropertyValueSet ;
-    access:attributeValue :EditorAddFauxObjectPropertyValueSet ;
-    access:attributeValue :CuratorAddFauxObjectPropertyValueSet ;
-    access:attributeValue :AdminAddFauxObjectPropertyValueSet ;
-
-    access:attributeValue :PublicDropFauxObjectPropertyValueSet ;
-    access:attributeValue :EditorDropFauxObjectPropertyValueSet ;
-    access:attributeValue :CuratorDropFauxObjectPropertyValueSet ;
-    access:attributeValue :AdminDropFauxObjectPropertyValueSet ;
-
-    access:attributeValue :PublicEditFauxDataPropertyValueSet ;
-    access:attributeValue :EditorEditFauxDataPropertyValueSet ;
-    access:attributeValue :CuratorEditFauxDataPropertyValueSet ;
-    access:attributeValue :AdminEditFauxDataPropertyValueSet ;
-
-    access:attributeValue :PublicAddFauxDataPropertyValueSet ;
-    access:attributeValue :EditorAddFauxDataPropertyValueSet ;
-    access:attributeValue :CuratorAddFauxDataPropertyValueSet ;
-    access:attributeValue :AdminAddFauxDataPropertyValueSet ;
-
-    access:attributeValue :PublicDropFauxDataPropertyValueSet ;
-    access:attributeValue :EditorDropFauxDataPropertyValueSet ;
-    access:attributeValue :CuratorDropFauxDataPropertyValueSet ;
-    access:attributeValue :AdminDropFauxDataPropertyValueSet ;
+    access:values :PublicDisplayObjectPropertyValueSet ;
+    access:values :EditorDisplayObjectPropertyValueSet ;
+    access:values :CuratorDisplayObjectPropertyValueSet ;
+    access:values :AdminDisplayObjectPropertyValueSet ;
+
+    access:values :PublicDisplayDataPropertyValueSet ;
+    access:values :EditorDisplayDataPropertyValueSet ;
+    access:values :CuratorDisplayDataPropertyValueSet ;
+    access:values :AdminDisplayDataPropertyValueSet ;
+
+    access:values :PublicDisplayFauxObjectPropertyValueSet ;
+    access:values :EditorDisplayFauxObjectPropertyValueSet ;
+    access:values :CuratorDisplayFauxObjectPropertyValueSet ;
+    access:values :AdminDisplayFauxObjectPropertyValueSet ;
+
+    access:values :PublicDisplayFauxDataPropertyValueSet ;   
+    access:values :EditorDisplayFauxDataPropertyValueSet ;
+    access:values :CuratorDisplayFauxDataPropertyValueSet ;
+    access:values :AdminDisplayFauxDataPropertyValueSet ;
+
+    access:values :EditorPublishObjectPropertyValueSet ;
+    access:values :CuratorPublishObjectPropertyValueSet ;
+    access:values :AdminPublishObjectPropertyValueSet ;
+
+    access:values :EditorPublishDataPropertyValueSet ;
+    access:values :CuratorPublishDataPropertyValueSet ;
+    access:values :AdminPublishDataPropertyValueSet ;
+
+    access:values :EditorPublishFauxObjectPropertyValueSet ;
+    access:values :CuratorPublishFauxObjectPropertyValueSet ;
+    access:values :AdminPublishFauxObjectPropertyValueSet ;
+
+    access:values :EditorPublishFauxDataPropertyValueSet ;
+    access:values :CuratorPublishFauxDataPropertyValueSet ;
+    access:values :AdminPublishFauxDataPropertyValueSet ;
+
+    access:values :PublicEditObjectPropertyValueSet ;
+    access:values :EditorEditObjectPropertyValueSet ;
+    access:values :CuratorEditObjectPropertyValueSet ;
+    access:values :AdminEditObjectPropertyValueSet ;
+
+    access:values :PublicAddObjectPropertyValueSet ;
+    access:values :EditorAddObjectPropertyValueSet ;
+    access:values :CuratorAddObjectPropertyValueSet ;
+    access:values :AdminAddObjectPropertyValueSet ;
+
+    access:values :PublicDropObjectPropertyValueSet ;
+    access:values :EditorDropObjectPropertyValueSet ;
+    access:values :CuratorDropObjectPropertyValueSet ;
+    access:values :AdminDropObjectPropertyValueSet ;
+
+    access:values :PublicEditDataPropertyValueSet ;
+    access:values :EditorEditDataPropertyValueSet ;
+    access:values :CuratorEditDataPropertyValueSet ;
+    access:values :AdminEditDataPropertyValueSet ;
+
+    access:values :PublicAddDataPropertyValueSet ;
+    access:values :EditorAddDataPropertyValueSet ;
+    access:values :CuratorAddDataPropertyValueSet ;
+    access:values :AdminAddDataPropertyValueSet ;
+
+    access:values :PublicDropDataPropertyValueSet ;
+    access:values :EditorDropDataPropertyValueSet ;
+    access:values :CuratorDropDataPropertyValueSet ;
+    access:values :AdminDropDataPropertyValueSet ;
+
+    access:values :PublicEditFauxObjectPropertyValueSet ;
+    access:values :EditorEditFauxObjectPropertyValueSet ;
+    access:values :CuratorEditFauxObjectPropertyValueSet ;
+    access:values :AdminEditFauxObjectPropertyValueSet ;
+
+    access:values :PublicAddFauxObjectPropertyValueSet ;
+    access:values :EditorAddFauxObjectPropertyValueSet ;
+    access:values :CuratorAddFauxObjectPropertyValueSet ;
+    access:values :AdminAddFauxObjectPropertyValueSet ;
+
+    access:values :PublicDropFauxObjectPropertyValueSet ;
+    access:values :EditorDropFauxObjectPropertyValueSet ;
+    access:values :CuratorDropFauxObjectPropertyValueSet ;
+    access:values :AdminDropFauxObjectPropertyValueSet ;
+
+    access:values :PublicEditFauxDataPropertyValueSet ;
+    access:values :EditorEditFauxDataPropertyValueSet ;
+    access:values :CuratorEditFauxDataPropertyValueSet ;
+    access:values :AdminEditFauxDataPropertyValueSet ;
+
+    access:values :PublicAddFauxDataPropertyValueSet ;
+    access:values :EditorAddFauxDataPropertyValueSet ;
+    access:values :CuratorAddFauxDataPropertyValueSet ;
+    access:values :AdminAddFauxDataPropertyValueSet ;
+
+    access:values :PublicDropFauxDataPropertyValueSet ;
+    access:values :EditorDropFauxDataPropertyValueSet ;
+    access:values :CuratorDropFauxDataPropertyValueSet ;
+    access:values :AdminDropFauxDataPropertyValueSet ;
     .
 
 :PublicDropFauxDataPropertyValueSet a access:ValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index ce9f6439da..b3f55a4a18 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -148,10 +148,10 @@
 :AccessObjectTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ObjectPropertyValueSet ;
-    access:attributeValue access-individual:DataPropertyValueSet ;
-    access:attributeValue access-individual:FauxObjectPropertyValueSet ;
-    access:attributeValue access-individual:FauxDataPropertyValueSet ;
+    access:values access-individual:ObjectPropertyValueSet ;
+    access:values access-individual:DataPropertyValueSet ;
+    access:values access-individual:FauxObjectPropertyValueSet ;
+    access:values access-individual:FauxDataPropertyValueSet ;
     .
 
 :AllowMatchingPropertyStatement a access:Rule;
@@ -164,48 +164,48 @@
 :AccessObjectStatementTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ObjectPropertyStatementValueSet ;
-    access:attributeValue access-individual:DataPropertyStatementValueSet ;
-    access:attributeValue access-individual:FauxObjectPropertyStatementValueSet ;
-    access:attributeValue access-individual:FauxDataPropertyStatementValueSet ;
+    access:values access-individual:ObjectPropertyStatementValueSet ;
+    access:values access-individual:DataPropertyStatementValueSet ;
+    access:values access-individual:FauxObjectPropertyStatementValueSet ;
+    access:values access-individual:FauxDataPropertyStatementValueSet ;
     .
 
 :OperationCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:attributeValue access-individual:DisplayOperationValueSet ;
-    access:attributeValue access-individual:PublishOperationValueSet ;
+    access:values access-individual:DisplayOperationValueSet ;
+    access:values access-individual:PublishOperationValueSet ;
     .
 
 :SubjectRoleCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:attributeValue access-individual:SelfEditorRoleValueSet .
+    access:values access-individual:SelfEditorRoleValueSet .
 
 :StatementPredicateCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:attributeValue :SelfEditorDisplayObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorDisplayDataPropertyValueSet ;
-    access:attributeValue :SelfEditorDisplayFauxObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorDisplayFauxDataPropertyValueSet ;
-    access:attributeValue :SelfEditorPublishObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorPublishDataPropertyValueSet ;
-    access:attributeValue :SelfEditorPublishFauxObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorPublishFauxDataPropertyValueSet ;
+    access:values :SelfEditorDisplayObjectPropertyValueSet ;
+    access:values :SelfEditorDisplayDataPropertyValueSet ;
+    access:values :SelfEditorDisplayFauxObjectPropertyValueSet ;
+    access:values :SelfEditorDisplayFauxDataPropertyValueSet ;
+    access:values :SelfEditorPublishObjectPropertyValueSet ;
+    access:values :SelfEditorPublishDataPropertyValueSet ;
+    access:values :SelfEditorPublishFauxObjectPropertyValueSet ;
+    access:values :SelfEditorPublishFauxDataPropertyValueSet ;
     .
 
 :AccessObjectUriCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:attributeValue :SelfEditorDisplayObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorDisplayDataPropertyValueSet ;
-    access:attributeValue :SelfEditorDisplayFauxObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorDisplayFauxDataPropertyValueSet ;
-    access:attributeValue :SelfEditorPublishObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorPublishDataPropertyValueSet ;
-    access:attributeValue :SelfEditorPublishFauxObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorPublishFauxDataPropertyValueSet ;
+    access:values :SelfEditorDisplayObjectPropertyValueSet ;
+    access:values :SelfEditorDisplayDataPropertyValueSet ;
+    access:values :SelfEditorDisplayFauxObjectPropertyValueSet ;
+    access:values :SelfEditorDisplayFauxDataPropertyValueSet ;
+    access:values :SelfEditorPublishObjectPropertyValueSet ;
+    access:values :SelfEditorPublishDataPropertyValueSet ;
+    access:values :SelfEditorPublishFauxObjectPropertyValueSet ;
+    access:values :SelfEditorPublishFauxDataPropertyValueSet ;
     .
 
 :SelfEditorDisplayObjectPropertyValueSet a access:ValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index 42f3731828..f53bd5dae2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -58,32 +58,32 @@
 :PredicateUriStartWithProhibitedNamespace a access:Check ;
     access:operator access-individual:StartsWith ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:attributeValue :ProhibitedNamespaceValueSet .
+    access:values :ProhibitedNamespaceValueSet .
 
 :PredicateNotANamespaceException a access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:attributeValue :ProhibitedNamespaceExceptionsValueSet .
+    access:values :ProhibitedNamespaceExceptionsValueSet .
 
 :SubjectUriStartWithProhibitedNamespace a access:Check ;
     access:operator access-individual:StartsWith ;
     access:attribute access-individual:StatementSubjectUri ;
-    access:attributeValue :ProhibitedNamespaceValueSet .
+    access:values :ProhibitedNamespaceValueSet .
 
 :StatementSubjectNotOneOfProhibitedExceptions a access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:StatementSubjectUri ;
-    access:attributeValue :ProhibitedNamespaceExceptionsValueSet .
+    access:values :ProhibitedNamespaceExceptionsValueSet .
 
 :StatementObjectUriStartsWithProhibitedNameSpace a access:Check ;
     access:operator access-individual:StartsWith ;
     access:attribute access-individual:StatementObjectUri ;
-    access:attributeValue :ProhibitedNamespaceValueSet .
+    access:values :ProhibitedNamespaceValueSet .
 
 :ObjectUriNotOneOfProhibitedExceptions a access:Check ;
     access:operator access-individual:NotOneOf ;
     access:attribute access-individual:StatementObjectUri ;
-    access:attributeValue :ProhibitedNamespaceExceptionsValueSet .
+    access:values :ProhibitedNamespaceExceptionsValueSet .
 
 :NotModifiableStatementsPolicyDataSet a access:PolicyDataSet ;
     access:dataSetValues :ProhibitedNamespaceExceptionsValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 1315b319fb..dd779b7bf7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -108,11 +108,11 @@
 :PermissionNameAllowed a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:attributeValue :PublicSimplePermissionValueSet ;
-    access:attributeValue :SelfEditorSimplePermissionValueSet ;
-    access:attributeValue :EditorSimplePermissionValueSet ;
-    access:attributeValue :CuratorSimplePermissionValueSet ;
-    access:attributeValue :AdminSimplePermissionValueSet .
+    access:values :PublicSimplePermissionValueSet ;
+    access:values :SelfEditorSimplePermissionValueSet ;
+    access:values :EditorSimplePermissionValueSet ;
+    access:values :CuratorSimplePermissionValueSet ;
+    access:values :AdminSimplePermissionValueSet .
 
 :IsSimplePermission a access:Check ;
     access:operator access-individual:Equals ;
@@ -133,9 +133,9 @@
 :SubjectRoleEqualsDataSetRole a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:attributeValue access-individual:PublicRoleValueSet ;
-    access:attributeValue access-individual:SelfEditorRoleValueSet ;
-    access:attributeValue access-individual:EditorRoleValueSet ;
-    access:attributeValue access-individual:CuratorRoleValueSet ;
-    access:attributeValue access-individual:AdminRoleValueSet .
+    access:values access-individual:PublicRoleValueSet ;
+    access:values access-individual:SelfEditorRoleValueSet ;
+    access:values access-individual:EditorRoleValueSet ;
+    access:values access-individual:CuratorRoleValueSet ;
+    access:values access-individual:AdminRoleValueSet .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index b874db96a4..7a1579b0be 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -214,10 +214,10 @@
 :AccessObjectTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ObjectPropertyValueSet ;
-    access:attributeValue access-individual:DataPropertyValueSet ;
-    access:attributeValue access-individual:FauxObjectPropertyValueSet ;
-    access:attributeValue access-individual:FauxDataPropertyValueSet ;
+    access:values access-individual:ObjectPropertyValueSet ;
+    access:values access-individual:DataPropertyValueSet ;
+    access:values access-individual:FauxObjectPropertyValueSet ;
+    access:values access-individual:FauxDataPropertyValueSet ;
     .
 
 :AllowMatchingPropertyStatement a access:Rule;
@@ -236,61 +236,61 @@
 :AccessObjectStatementTypeCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
-    access:attributeValue access-individual:ObjectPropertyStatementValueSet ;
-    access:attributeValue access-individual:DataPropertyStatementValueSet ;
-    access:attributeValue access-individual:FauxObjectPropertyStatementValueSet ;
-    access:attributeValue access-individual:FauxDataPropertyStatementValueSet ;
+    access:values access-individual:ObjectPropertyStatementValueSet ;
+    access:values access-individual:DataPropertyStatementValueSet ;
+    access:values access-individual:FauxObjectPropertyStatementValueSet ;
+    access:values access-individual:FauxDataPropertyStatementValueSet ;
     .
 
 :OperationCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:attributeValue access-individual:AddOperationValueSet ;
-    access:attributeValue access-individual:DropOperationValueSet ;
-    access:attributeValue access-individual:EditOperationValueSet ;
+    access:values access-individual:AddOperationValueSet ;
+    access:values access-individual:DropOperationValueSet ;
+    access:values access-individual:EditOperationValueSet ;
     .
 
 :SubjectRoleCheck a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:attributeValue access-individual:SelfEditorRoleValueSet .
+    access:values access-individual:SelfEditorRoleValueSet .
 
 :StatementPredicateCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:StatementPredicateUri ;
-    access:attributeValue :SelfEditorAddObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorAddDataPropertyValueSet ;
-    access:attributeValue :SelfEditorAddFauxObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorAddFauxDataPropertyValueSet ;
-
-    access:attributeValue :SelfEditorEditObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorEditDataPropertyValueSet ;
-    access:attributeValue :SelfEditorEditFauxObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorEditFauxDataPropertyValueSet ;
-
-    access:attributeValue :SelfEditorDropObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorDropDataPropertyValueSet ;
-    access:attributeValue :SelfEditorDropFauxObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorDropFauxDataPropertyValueSet ;
+    access:values :SelfEditorAddObjectPropertyValueSet ;
+    access:values :SelfEditorAddDataPropertyValueSet ;
+    access:values :SelfEditorAddFauxObjectPropertyValueSet ;
+    access:values :SelfEditorAddFauxDataPropertyValueSet ;
+
+    access:values :SelfEditorEditObjectPropertyValueSet ;
+    access:values :SelfEditorEditDataPropertyValueSet ;
+    access:values :SelfEditorEditFauxObjectPropertyValueSet ;
+    access:values :SelfEditorEditFauxDataPropertyValueSet ;
+
+    access:values :SelfEditorDropObjectPropertyValueSet ;
+    access:values :SelfEditorDropDataPropertyValueSet ;
+    access:values :SelfEditorDropFauxObjectPropertyValueSet ;
+    access:values :SelfEditorDropFauxDataPropertyValueSet ;
     .
 
 :AccessObjectUriCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
-    access:attributeValue :SelfEditorAddObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorAddDataPropertyValueSet ;
-    access:attributeValue :SelfEditorAddFauxObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorAddFauxDataPropertyValueSet ;
-
-    access:attributeValue :SelfEditorEditObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorEditDataPropertyValueSet ;
-    access:attributeValue :SelfEditorEditFauxObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorEditFauxDataPropertyValueSet ;
-
-    access:attributeValue :SelfEditorDropObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorDropDataPropertyValueSet ;
-    access:attributeValue :SelfEditorDropFauxObjectPropertyValueSet ;
-    access:attributeValue :SelfEditorDropFauxDataPropertyValueSet ;
+    access:values :SelfEditorAddObjectPropertyValueSet ;
+    access:values :SelfEditorAddDataPropertyValueSet ;
+    access:values :SelfEditorAddFauxObjectPropertyValueSet ;
+    access:values :SelfEditorAddFauxDataPropertyValueSet ;
+
+    access:values :SelfEditorEditObjectPropertyValueSet ;
+    access:values :SelfEditorEditDataPropertyValueSet ;
+    access:values :SelfEditorEditFauxObjectPropertyValueSet ;
+    access:values :SelfEditorEditFauxDataPropertyValueSet ;
+
+    access:values :SelfEditorDropObjectPropertyValueSet ;
+    access:values :SelfEditorDropDataPropertyValueSet ;
+    access:values :SelfEditorDropFauxObjectPropertyValueSet ;
+    access:values :SelfEditorDropFauxDataPropertyValueSet ;
     .
 
 :SelfEditorAddObjectPropertyValueSet a access:ValueSet ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 5cad13e3c2..22e16af069 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -143,9 +143,9 @@
     rdfs:range [ a owl:Class ; owl:unionOf  ( :Attribute :ObjectType ) ] ;
     rdfs:domain [ a owl:Class ; owl:unionOf ( :ValueSet :ValueSetTemplate ) ] .
 
-:attributeValue a owl:ObjectProperty ;
-    rdfs:comment "Check contains value set";
-    rdfs:label "attribute value"@en-US ;
+:values a owl:ObjectProperty ;
+    rdfs:comment "Multiple values";
+    rdfs:label "values"@en-US ;
     rdfs:domain :Check ;
     rdfs:range :ValueSet .
 

From 7763bee73658971f2673f4ee26be27010b0312a5 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 23 Nov 2023 15:24:13 +0100
Subject: [PATCH 119/148] refact: renamed access:Attribute to
 access:AttributeType

---
 .../rdf/accessControl/firsttime/attributes.n3  | 18 +++++++++---------
 .../firsttime/vitro-access-control-ontology.n3 | 10 +++++-----
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3 b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
index 200b11499f..5eb157c322 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/attributes.n3
@@ -3,29 +3,29 @@
 @prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-access-individual:Subject a access:Attribute ;
+access-individual:Subject a access:AttributeType ;
     access:id "SUBJECT" .
 
-access-individual:SubjectRole a access:Attribute ;
+access-individual:SubjectRole a access:AttributeType ;
     access:id "SUBJECT_ROLE_URI" .
 
-access-individual:SubjectType a access:Attribute ;
+access-individual:SubjectType a access:AttributeType ;
     access:id "SUBJECT_TYPE" .
 
-access-individual:AccessObjectUri a access:Attribute ;
+access-individual:AccessObjectUri a access:AttributeType ;
     access:id "ACCESS_OBJECT_URI" .
 
-access-individual:AccessObjectType a access:Attribute ;
+access-individual:AccessObjectType a access:AttributeType ;
     access:id "ACCESS_OBJECT_TYPE" .
 
-access-individual:Operation a access:Attribute ;
+access-individual:Operation a access:AttributeType ;
     access:id "OPERATION" .
 
-access-individual:StatementPredicateUri a access:Attribute ;
+access-individual:StatementPredicateUri a access:AttributeType ;
     access:id "STATEMENT_PREDICATE_URI" .
 
-access-individual:StatementSubjectUri a access:Attribute ;
+access-individual:StatementSubjectUri a access:AttributeType ;
     access:id "STATEMENT_SUBJECT_URI" .
 
-access-individual:StatementObjectUri a access:Attribute ;
+access-individual:StatementObjectUri a access:AttributeType ;
     access:id "STATEMENT_OBJECT_URI" .
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 22e16af069..3e607872a6 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -51,7 +51,7 @@
     rdfs:comment "Type of subject(user, non-personal entity) requested access";
     rdfs:label "Subject type"@en-US .
 
-:Attribute a owl:Class ;
+:AttributeType a owl:Class ;
     rdfs:comment "Attribute to check";
     rdfs:label "Attribute"@en-US .
 
@@ -89,7 +89,7 @@
     owl:FunctionalProperty ;
     rdfs:comment "Set string identifier";
     rdfs:range xsd:string ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Operator :Operation :Decision :Value :SubjectType :Attribute :ObjectType ) ] ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Operator :Operation :Decision :Value :SubjectType :AttributeType :ObjectType ) ] ;
     rdfs:label "id"@en-US .
 
 :priority a owl:DatatypeProperty ,
@@ -129,7 +129,7 @@
     rdfs:comment "Set attribute that should be checked";
     rdfs:label "attribute"@en-US ;
     rdfs:domain :Check ;
-    rdfs:range :Attribute .
+    rdfs:range :AttributeType .
 
 :hasDefaultValue a owl:ObjectProperty ;
     rdfs:comment "default value to add into new value set";
@@ -140,7 +140,7 @@
     owl:FunctionalProperty ;
     rdfs:comment "Type of values for new value set";
     rdfs:label "set type template"@en-US ;
-    rdfs:range [ a owl:Class ; owl:unionOf  ( :Attribute :ObjectType ) ] ;
+    rdfs:range [ a owl:Class ; owl:unionOf  ( :AttributeType :ObjectType ) ] ;
     rdfs:domain [ a owl:Class ; owl:unionOf ( :ValueSet :ValueSetTemplate ) ] .
 
 :values a owl:ObjectProperty ;
@@ -172,7 +172,7 @@
     rdfs:comment "Attribute to use as a template key";
     rdfs:label "template key"@en-US ;
     rdfs:domain :DataSetTemplateKey ;
-    rdfs:range :Attribute .
+    rdfs:range :AttributeType .
 
 :requiresCheck a owl:ObjectProperty ;
     rdfs:comment "Requires check";

From f091bc3b032c23c2e4580767475df0c3fca62c0f Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 23 Nov 2023 17:04:16 +0100
Subject: [PATCH 120/148] renamed access:Value to access:AttributeValuePattern

---
 .../firsttime/policy_editable_pages.n3            |  4 ++--
 .../firsttime/profile_proximity_query.n3          |  2 +-
 .../template_not_modifiable_statements.n3         |  2 +-
 .../firsttime/vitro-access-control-ontology.n3    | 15 +++++++++------
 4 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index 443fceabad..ee86dbf2f7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -61,8 +61,8 @@
     access:attribute access-individual:AccessObjectType ;
     access:value access-individual:ObjectPropertyStatement .
 
-:SomeUri a access:Value ;
+:SomeUri a access:AttributeValuePattern ;
     access:id "?SOME_URI" .
 
-:SomeLiteral a access:Value ;
+:SomeLiteral a access:AttributeValuePattern ;
     access:id "?SOME_LITERAL" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3 b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
index bc846434cc..1c884aba4f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
@@ -3,7 +3,7 @@
 @prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-access-individual:PersonProfileProximityToResourceUri a access:Value ;
+access-individual:PersonProfileProximityToResourceUri a access:AttributeValuePattern ;
     access:id """
     SELECT ?resourceUri WHERE {
         {
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index f53bd5dae2..cc4096e8b4 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -110,6 +110,6 @@
     access:value  :prohibitedNamespacePrefix ; 
     .
 
-:prohibitedNamespacePrefix a access:Value ;
+:prohibitedNamespacePrefix a access:AttributeValuePattern ;
     access:id "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#" ;
     
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 3e607872a6..8fee343f51 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -40,22 +40,25 @@
     rdfs:label "Operator"@en-US .
 
 :Operation a owl:Class ;
+    rdfs:subClassOf :AttributeValuePattern ;
     rdfs:comment "Access operation";
     rdfs:label "Operation"@en-US .
 
 :ObjectType a owl:Class ;
+    rdfs:subClassOf :AttributeValuePattern ;
     rdfs:comment "Type of access object";
     rdfs:label "Object type"@en-US .
 
 :SubjectType a owl:Class ;
+    rdfs:subClassOf :AttributeValuePattern ;
     rdfs:comment "Type of subject(user, non-personal entity) requested access";
     rdfs:label "Subject type"@en-US .
 
 :AttributeType a owl:Class ;
-    rdfs:comment "Attribute to check";
-    rdfs:label "Attribute"@en-US .
+    rdfs:comment "Attribute type to check";
+    rdfs:label "Attribute type"@en-US .
 
-:Value a owl:Class ;
+:AttributeValuePattern a owl:Class ;
     rdfs:comment "Resource represents single value, usually specified as literal with :id ";
     rdfs:label "Value"@en-US .
 
@@ -89,7 +92,7 @@
     owl:FunctionalProperty ;
     rdfs:comment "Set string identifier";
     rdfs:range xsd:string ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Operator :Operation :Decision :Value :SubjectType :AttributeType :ObjectType ) ] ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Operator :Decision :AttributeValuePattern :AttributeType ) ] ;
     rdfs:label "id"@en-US .
 
 :priority a owl:DatatypeProperty ,
@@ -115,7 +118,7 @@
     rdfs:range :ValueSet .
 
 :value a owl:ObjectProperty ;
-    rdfs:comment "Assign one value (any URI or :Value with :id to define literal value)";
+    rdfs:comment "Assign one value (any URI or :AttributeValuePattern with :id to define literal value)";
     rdfs:label "value"@en-US ;
     rdfs:domain [ a owl:Class ; owl:unionOf  ( :ValueSet :Check ) ] .
 
@@ -140,7 +143,7 @@
     owl:FunctionalProperty ;
     rdfs:comment "Type of values for new value set";
     rdfs:label "set type template"@en-US ;
-    rdfs:range [ a owl:Class ; owl:unionOf  ( :AttributeType :ObjectType ) ] ;
+    rdfs:range [ a owl:Class ; owl:unionOf  ( :AttributeType :AttributeValuePattern ) ] ;
     rdfs:domain [ a owl:Class ; owl:unionOf ( :ValueSet :ValueSetTemplate ) ] .
 
 :values a owl:ObjectProperty ;

From 6c217e57953cba31a694423110a8ca7c85efa0a9 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 23 Nov 2023 17:36:52 +0100
Subject: [PATCH 121/148] renamed access:hasDefaultValue to access:value

---
 .../webapp/auth/policy/PolicyLoader.java      |  2 +-
 .../template_access_allowed_class.n3          |  6 +--
 .../template_access_allowed_property.n3       | 40 +++++++++----------
 .../firsttime/template_simple_permissions.n3  |  4 +-
 .../vitro-access-control-ontology.n3          |  7 +---
 5 files changed, 27 insertions(+), 32 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 272be8addb..d6c32ab3b9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -293,7 +293,7 @@ public class PolicyLoader {
             + "    ?valueSetTemplateUri access:relatedCheck ?relatedCheck .\n"
             + "    ?valueSetTemplateUri access:containsElementsOfType ?setElementsType .\n"
             + "    OPTIONAL {\n"
-            + "      ?valueSetTemplateUri access:hasDefaultValue ?dataValue .\n"
+            + "      ?valueSetTemplateUri access:value ?dataValue .\n"
             + "    }\n"
             + "    OPTIONAL {\n"
             + "      FILTER ( str(?setElementsType) = 'https://vivoweb.org/ontology/vitro-application/auth/individual/SubjectRole' )\n"
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 6ebda17141..3e862c2364 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -54,7 +54,7 @@
 
 :RoleDisplayClassValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriCheck ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:Class .
 
 #Role Update Class data set template
@@ -81,7 +81,7 @@
 
 :RoleUpdateClassValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriCheck ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:Class .
 
 #Role Publish Class data set template
@@ -108,7 +108,7 @@
 
 :RolePublishClassValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriCheck ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:Class .
 
 ### Public display class uri data sets
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 9a962b0cd0..f55872918c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -159,7 +159,7 @@
 :RoleDisplayObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role PublishObjectProperty data set template
@@ -188,7 +188,7 @@
 :RolePublishObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role AddObjectProperty data set template
@@ -217,7 +217,7 @@
 :RoleAddObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role DropObjectProperty data set template
@@ -246,7 +246,7 @@
 :RoleDropObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role EditObjectProperty data set template
@@ -275,7 +275,7 @@
 :RoleEditObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role DisplayDataProperty data set template
@@ -304,7 +304,7 @@
 :RoleDisplayDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:DataProperty .
 
 #Role PublishDataProperty data set template
@@ -333,7 +333,7 @@
 :RolePublishDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:DataProperty .
 
 #Role AddDataProperty data set template
@@ -362,7 +362,7 @@
 :RoleAddDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:DataProperty .
 
 #Role DropDataProperty data set template
@@ -391,7 +391,7 @@
 :RoleDropDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:DataProperty .
 
 #Role EditDataProperty data set template
@@ -420,7 +420,7 @@
 :RoleEditDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:DataProperty .
 
 #Role DisplayFauxObjectProperty data set template
@@ -449,7 +449,7 @@
 :RoleDisplayFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:FauxObjectProperty .
 
 #Role PublishFauxObjectProperty data set template
@@ -478,7 +478,7 @@
 :RolePublishFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:FauxObjectProperty .
 
 #Role AddFauxObjectProperty data set template
@@ -507,7 +507,7 @@
 :RoleAddFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:FauxObjectProperty .
 
 #Role DropFauxObjectProperty data set template
@@ -536,7 +536,7 @@
 :RoleDropFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:FauxObjectProperty .
 
 #Role EditFauxObjectProperty data set template
@@ -565,7 +565,7 @@
 :RoleEditFauxObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:FauxObjectProperty .
 
 #Role DisplayFauxDataProperty data set template
@@ -594,7 +594,7 @@
 :RoleDisplayFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:FauxDataProperty .
 
 #Role PublishFauxDataProperty data set template
@@ -623,7 +623,7 @@
 :RolePublishFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:FauxDataProperty .
 
 #Role AddFauxDataProperty data set template
@@ -652,7 +652,7 @@
 :RoleAddFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:FauxDataProperty .
 
 #Role DropFauxDataProperty data set template
@@ -681,7 +681,7 @@
 :RoleDropFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:FauxDataProperty .
 
 #Role EditFauxDataProperty data set template
@@ -710,7 +710,7 @@
 :RoleEditFauxDataPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:hasDefaultValue access-individual:defaultUri ;
+#    access:value access-individual:defaultUri ;
     access:containsElementsOfType access-individual:FauxDataProperty .
 
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index dd779b7bf7..a6b71365fc 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -38,8 +38,8 @@
 
 :RolePermissionValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :PermissionNameAllowed;
-    access:hasDefaultValue simplePermission:PageViewablePublic;
-    access:hasDefaultValue simplePermission:QueryFullModel ;
+    access:value simplePermission:PageViewablePublic;
+    access:value simplePermission:QueryFullModel ;
     access:containsElementsOfType access-individual:NamedObject .
 
 #Data sets
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 8fee343f51..e7bb5f62b6 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -120,7 +120,7 @@
 :value a owl:ObjectProperty ;
     rdfs:comment "Assign one value (any URI or :AttributeValuePattern with :id to define literal value)";
     rdfs:label "value"@en-US ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( :ValueSet :Check ) ] .
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :ValueSetTemplate :ValueSet :Check ) ] .
 
 :operator a owl:ObjectProperty ;
     rdfs:comment "Set type of check to perform";
@@ -134,11 +134,6 @@
     rdfs:domain :Check ;
     rdfs:range :AttributeType .
 
-:hasDefaultValue a owl:ObjectProperty ;
-    rdfs:comment "default value to add into new value set";
-    rdfs:label "has default value"@en-US ;
-    rdfs:domain :ValueSetTemplate .
-
 :containsElementsOfType a owl:ObjectProperty ,
     owl:FunctionalProperty ;
     rdfs:comment "Type of values for new value set";

From ffbc30c2faf280ed5b86cf5e2fe1e369c7a9652d Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 23 Nov 2023 18:54:52 +0100
Subject: [PATCH 122/148] created access:SubjectRoleUri class for RoleUri
 values

---
 .../auth/policy/EntityPolicyController.java   |   2 +-
 .../webapp/auth/policy/PolicyLoader.java      |  17 +-
 .../auth/policy/PolicyTemplateController.java |  33 ++--
 ...ccessAllowedClassesPolicyTemplateTest.java |   2 +-
 ...ssAllowedPropertiesPolicyTemplateTest.java |   2 +-
 ...edAllowedPropertiesPolicyTemplateTest.java |   2 +-
 .../webapp/auth/policy/PolicyLoaderTest.java  |   4 +-
 .../policy/SimplePermissionTemplateTest.java  |   4 +-
 ...edAllowedPropertiesPolicyTemplateTest.java |   2 +-
 .../webapp/auth/rules/data_set_templates.n3   |   2 +-
 .../webapp/auth/rules/test_policy_key.n3      |   2 +-
 .../firsttime/policy_editable_pages.n3        |   8 +-
 .../rdf/accessControl/firsttime/roles.n3      |  25 ++-
 .../template_access_allowed_class.n3          |  28 ++--
 .../template_access_allowed_property.n3       | 152 +++++++++---------
 ...emplate_access_related_allowed_property.n3 |  16 +-
 .../firsttime/template_simple_permissions.n3  |  10 +-
 ...emplate_update_related_allowed_property.n3 |  24 +--
 .../vitro-access-control-ontology.n3          |  12 ++
 19 files changed, 197 insertions(+), 150 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index c7b4be9e91..4bc049797a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -94,7 +94,7 @@ public static void grantAccess(String entityUri, AccessObjectType aot, AccessOpe
 
     private static void loadPolicy(AccessObjectType aot, AccessOperation ao, String role) {
         String dataSetUri =
-                getLoader().getDataSetUriByKey(new String[] { role }, new String[] { ao.toString(), aot.toString() });
+                getLoader().getDataSetUriByKey(new String[] { }, new String[] { ao.toString(), aot.toString(), role });
         if (dataSetUri != null) {
             DynamicPolicy policy = getLoader().loadPolicyFromTemplateDataSet(dataSetUri);
             if (policy != null) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index d6c32ab3b9..567f245ea3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -248,6 +248,10 @@ public class PolicyLoader {
             + "      ?keyComponent a access:Operation .\n"
             + "      BIND('OPERATION' as ?type)\n"
             + "    }\n"
+            + "    OPTIONAL {\n"
+            + "      ?keyComponent a access:SubjectRoleUri .\n"
+            + "      BIND('SUBJECT_ROLE_URI' as ?type)\n"
+            + "    }\n"
             + "  }\n"
             + "}\n";
 
@@ -429,8 +433,8 @@ protected void processQuerySolution(QuerySolution qs) {
     public Set<String> getDataSetValues(AccessOperation ao, AccessObjectType aot, String role) {
         Set<String> values = new HashSet<>();
         long expectedSize = 3;
-        String queryText = getDataSetByKeyQuery(new String[] { role },
-                new String[] { ao.toString(), aot.toString() });
+        String queryText = getDataSetByKeyQuery(new String[] {},
+                new String[] { ao.toString(), aot.toString(), role });
         ParameterizedSparqlString pss = new ParameterizedSparqlString(queryText);
         pss.setLiteral("setElementsId", aot.toString());
         queryText = pss.toString();
@@ -466,7 +470,7 @@ protected void processQuerySolution(QuerySolution qs) {
 
     public String getEntityValueSetUri(AccessOperation ao, AccessObjectType aot, String role) {
         long expectedSize = 3;
-        String queryText = getDataSetByKeyQuery(new String[] { role }, new String[] { ao.toString(), aot.toString() });
+        String queryText = getDataSetByKeyQuery(new String[] { }, new String[] { ao.toString(), aot.toString(), role });
         ParameterizedSparqlString pss = new ParameterizedSparqlString(queryText);
         pss.setLiteral("setElementsId", aot.toString());
         queryText = pss.toString();
@@ -496,8 +500,8 @@ protected void processQuerySolution(QuerySolution qs) {
 
     public void modifyPolicyDataSetValue(String entityUri, AccessOperation ao, AccessObjectType aot, String role,
             boolean isAdd) {
-        String queryText = getPolicyDataSetValueStatementByKeyQuery(entityUri, new String[] { role },
-                new String[] { ao.toString(), aot.toString() });
+        String queryText = getPolicyDataSetValueStatementByKeyQuery(entityUri, new String[] { },
+                new String[] { ao.toString(), aot.toString(), role });
         ParameterizedSparqlString pss = new ParameterizedSparqlString(queryText);
         pss.setLiteral("setElementsType", aot.toString());
         queryText = pss.toString();
@@ -834,6 +838,9 @@ protected void processQuerySolution(QuerySolution qs) {
                             if (Attribute.ACCESS_OBJECT_TYPE.toString().equals(type)) {
                                 compositeKey.setObjectType(AccessObjectType.valueOf(id));
                             }
+                            if (Attribute.SUBJECT_ROLE_URI.toString().equals(type)) {
+                                compositeKey.setRole(id);
+                            }
                         }
                     } else {
                         //assume keyComponent is a role
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
index d649e22685..c75acc5e78 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -1,8 +1,11 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
+import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.AUTH_VOCABULARY_PREFIX;
+
 import java.util.List;
 import java.util.Map;
 
+import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.adapters.VitroModelFactory;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -12,8 +15,6 @@
 public class PolicyTemplateController {
 
     private static final Log log = LogFactory.getLog(PolicyTemplateController.class);
-    private static final String PREFIX_AO = "https://vivoweb.org/ontology/vitro-application/auth/vocabulary/";
-
     public static void createRoleDataSets(String roleUri) {
 
         // Execute sparql query to get all data set templates that have ao:templateKey access-individual:SubjectRole .
@@ -31,36 +32,48 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
         PolicyLoader policyLoader = PolicyLoader.getInstance();
         List<String> keys = policyLoader.getDataSetKeysFromTemplate(dataSetTemplateUri);
         List<String> keyTemplates = policyLoader.getDataSetKeyTemplatesFromTemplate(dataSetTemplateUri);
+
+        Model dataSetModel = VitroModelFactory.createModel();
+
         for (String keyTemplate : keyTemplates) {
             if (keyTemplate.equals("https://vivoweb.org/ontology/vitro-application/auth/individual/SubjectRole")) {
-                keys.add(roleUri);
+                String roleKeyUri = dataSetUri + role + "RoleUri";
+                dataSetModel.add(new StatementImpl(dataSetModel.createResource(roleKeyUri),
+                        dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "id"),
+                        dataSetModel.createLiteral(roleUri)));
+                dataSetModel.add(new StatementImpl(dataSetModel.createResource(roleKeyUri),
+                        dataSetModel.createProperty(VitroVocabulary.RDF_TYPE),
+                        dataSetModel.createResource(AUTH_VOCABULARY_PREFIX + "SubjectRoleUri")));
+                keys.add(roleKeyUri);
             } else {
                 log.error(String.format("Not recognized key template found '%s'", keyTemplate));
                 return;
             }
         }
-        Model dataSetModel = VitroModelFactory.createModel();
         // Add ?dataSets ao:policyDataSet dataSetUri .
         dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetsUri),
-                dataSetModel.createProperty(PREFIX_AO + "policyDataSet"), dataSetModel.createResource(dataSetUri)));
+                dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "policyDataSet"),
+                dataSetModel.createResource(dataSetUri)));
 
         dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
                 dataSetModel.createProperty("http://www.w3.org/1999/02/22-rdf-syntax-ns#type"),
-                dataSetModel.createResource(PREFIX_AO + "PolicyDataSet")));
+                dataSetModel.createResource(AUTH_VOCABULARY_PREFIX + "PolicyDataSet")));
 
         dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
-                dataSetModel.createProperty(PREFIX_AO + "dataSetKey"), dataSetModel.createResource(dataSetKeyUri)));
+                dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "dataSetKey"),
+                dataSetModel.createResource(dataSetKeyUri)));
 
         for (String key : keys) {
             dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetKeyUri),
-                    dataSetModel.createProperty(PREFIX_AO + "keyComponent"), dataSetModel.createResource(key)));
+                    dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "keyComponent"),
+                    dataSetModel.createResource(key)));
         }
 
         List<String> valueSetUris = policyLoader.getDataSetValuesFromTemplate(dataSetTemplateUri);
         for (String valueSetUri : valueSetUris) {
             // Add ?dataSetUri ao:dataSetValues ?valueSetUri .
             dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
-                    dataSetModel.createProperty(PREFIX_AO + "dataSetValues"),
+                    dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "dataSetValues"),
                     dataSetModel.createResource(valueSetUri)));
         }
 
@@ -69,7 +82,7 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
         for (String valueSetTemplateUri : valueSetTemplateUris) {
             String valueSetUri = getUriFromTemplate(valueSetTemplateUri, role);
             dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
-                    dataSetModel.createProperty(PREFIX_AO + "dataSetValues"),
+                    dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "dataSetValues"),
                     dataSetModel.createResource(valueSetUri)));
 
             policyLoader.constructValueSet(valueSetTemplateUri, valueSetUri, roleUri, dataSetModel);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
index aedf3f463b..139c547671 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java
@@ -49,7 +49,7 @@ public void testPolicy() {
         EntityPolicyController.grantAccess("test:entity", type, ao, roleUri);
         DynamicPolicy policy = null;
         String dataSet =
-                loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
+                loader.getDataSetUriByKey(new String[] { }, new String[] { ao.toString(), type.toString(), roleUri });
         policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
         Set<String> values = loader.getDataSetValues(ao, type, roleUri);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
index 1f8768a2e2..5cd4826702 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedPropertiesPolicyTemplateTest.java
@@ -55,7 +55,7 @@ public void testPolicy() {
         EntityPolicyController.grantAccess("test:entity", type, ao, roleUri);
         DynamicPolicy policy = null;
         String dataSet =
-                loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
+                loader.getDataSetUriByKey(new String[] { }, new String[] { ao.toString(), type.toString(), roleUri });
         policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
         assertTrue(EntityPolicyController.isGranted("test:entity", type, ao, roleUri));
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
index fc038a0eca..60e90c7199 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -43,7 +43,7 @@ public void testPolicy() {
         EntityPolicyController.grantAccess("test:entity", type, ao, roleUri);
         DynamicPolicy policy = null;
         String dataSet =
-                loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
+                loader.getDataSetUriByKey(new String[] { }, new String[] { ao.toString(), type.toString(), roleUri });
         policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
         Set<String> values = loader.getDataSetValues(ao, type, roleUri);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
index 4d7abed550..dad3f964ed 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
@@ -50,8 +50,8 @@ public void getRoleDataSetDraftKeyTemplateTest() {
     @Test
     public void getDataSetUriByKeyTest() {
         load(DATA_SET);
-        String uri = PolicyLoader.getInstance().getDataSetUriByKey(new String[] { PUBLIC },
-                new String[] { NAMED_OBJECT.toString(), EXECUTE.toString() });
+        String uri = PolicyLoader.getInstance().getDataSetUriByKey(new String[] {  },
+                new String[] { NAMED_OBJECT.toString(), EXECUTE.toString(), PUBLIC });
         assertEquals(PREFIX + "PublicDataSet", uri);
     }
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
index 4bcec479e9..6ff3711777 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/SimplePermissionTemplateTest.java
@@ -134,8 +134,8 @@ public void testCustomRole() {
         // Create custom data set
         PolicyTemplateController.createRoleDataSets(CUSTOM);
         // Get data set uri by key: role uri and named object
-        String dataSetUri = loader.getDataSetUriByKey(new String[] { CUSTOM },
-                new String[] { AccessObjectType.NAMED_OBJECT.toString(), AccessOperation.EXECUTE.toString() });
+        String dataSetUri = loader.getDataSetUriByKey(new String[] {  },
+                new String[] { AccessObjectType.NAMED_OBJECT.toString(), AccessOperation.EXECUTE.toString(), CUSTOM });
 
         assertTrue(dataSetUri != null);
         DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
index beda01af9d..b8ac2077a4 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/UpdateRelatedAllowedPropertiesPolicyTemplateTest.java
@@ -44,7 +44,7 @@ public void testPolicy() {
         EntityPolicyController.grantAccess("test:entity", type, ao, roleUri);
         DynamicPolicy policy = null;
         String dataSet =
-                loader.getDataSetUriByKey(new String[] { roleUri }, new String[] { ao.toString(), type.toString() });
+                loader.getDataSetUriByKey(new String[] { }, new String[] { ao.toString(), type.toString(), roleUri });
         policy = loader.loadPolicyFromTemplateDataSet(dataSet);
         countRulesAndAttributes(policy, rulesCount, attrCount);
         Set<String> values = loader.getDataSetValues(ao, type, roleUri);
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index f049ce3b72..0c085142be 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -73,7 +73,7 @@
 :PublicDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:NamedObject ;
     access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponent auth:PUBLIC .
+    access:keyComponent access-individual:PublicRoleUri .
 
 access-individual:PublicSimplePermissionValueSet a access:ValueSet ;
     access:containsElementsOfType access-individual:NamedObject .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
index 205d1764a9..c5fdc7245d 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -22,5 +22,5 @@ access-individual:KeyTestAttribute rdf:type access:Check ;
 
 access-individual:PolicyKeyTest rdf:type access:PolicyKey ;
     access:keyComponent access-individual:ObjectPropertyAccesObject ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index ee86dbf2f7..da4fd01c79 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -19,14 +19,14 @@
 :SubjectRoleOneOfEditorsCheck a access:Check ;
     access:operator access-individual:OneOf ;
     access:attribute access-individual:SubjectRole ;
-    access:value auth:ADMIN ;
-    access:value auth:CURATOR ;
-    access:value auth:EDITOR .
+    access:value access-individual:AdminRoleUri ;
+    access:value access-individual:CuratorRoleUri ;
+    access:value access-individual:EditorRoleUri .
 
 :SubjectRoleIsSelfEditor a access:Check ;
     access:operator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
-    access:value auth:SELF_EDITOR .
+    access:value access-individual:SelfEditorRoleUri .
 
 :IsAddOperation a access:Check ;
     access:operator access-individual:Equals ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/roles.n3 b/home/src/main/resources/rdf/accessControl/firsttime/roles.n3
index 8e8cbb2184..de2c219e3f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/roles.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/roles.n3
@@ -4,17 +4,32 @@
 @prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
+access-individual:PublicRoleUri a access:SubjectRoleUri ;
+    access:id "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#PUBLIC" .
+
+access-individual:SelfEditorRoleUri a access:SubjectRoleUri ;
+    access:id "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#SELF_EDITOR" .
+
+access-individual:EditorRoleUri a access:SubjectRoleUri ;
+    access:id "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#EDITOR" .
+
+access-individual:CuratorRoleUri a access:SubjectRoleUri ;
+    access:id "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#CURATOR" .
+
+access-individual:AdminRoleUri a access:SubjectRoleUri ;
+    access:id "http://vitro.mannlib.cornell.edu/ns/vitro/authorization#ADMIN" .
+
 access-individual:PublicRoleValueSet a access:ValueSet ;
-    access:value auth:PUBLIC .
+    access:value access-individual:PublicRoleUri .
 
 access-individual:SelfEditorRoleValueSet a access:ValueSet ;
-    access:value auth:SELF_EDITOR .
+    access:value access-individual:SelfEditorRoleUri .
 
 access-individual:EditorRoleValueSet a access:ValueSet ;
-    access:value auth:EDITOR .
+    access:value access-individual:EditorRoleUri .
 
 access-individual:CuratorRoleValueSet a access:ValueSet ;
-    access:value auth:CURATOR .
+    access:value access-individual:CuratorRoleUri .
 
 access-individual:AdminRoleValueSet a access:ValueSet ;
-    access:value auth:ADMIN .
+    access:value access-individual:AdminRoleUri .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 3e862c2364..cbae764994 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -122,7 +122,7 @@
 
 :PublicDisplayClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Self editor display class uri data sets
@@ -136,7 +136,7 @@
 
 :SelfEditorDisplayClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Editor display class uri data sets
@@ -150,7 +150,7 @@
 
 :EditorDisplayClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Curator display class uri data sets
@@ -164,7 +164,7 @@
 
 :CuratorDisplayClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Admin display class uri data sets
@@ -178,7 +178,7 @@
 
 :AdminDisplayClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Public update class uri data sets
@@ -192,7 +192,7 @@
 
 :PublicUpdateClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:UpdateOperation .
 
 ### Self editor update class uri data sets
@@ -206,7 +206,7 @@
 
 :SelfEditorUpdateClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:UpdateOperation .
 
 ### Editor update class uri data sets
@@ -220,7 +220,7 @@
 
 :EditorUpdateClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:UpdateOperation .
 
 ### Curator update class uri data sets
@@ -234,7 +234,7 @@
 
 :CuratorUpdateClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:UpdateOperation .
 
 ### Admin update class uri data sets
@@ -248,7 +248,7 @@
 
 :AdminUpdateClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:UpdateOperation .
 
 ### Self editor publish class uri data sets
@@ -262,7 +262,7 @@
 
 :SelfEditorPublishClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 ### Editor publish class uri data sets
@@ -276,7 +276,7 @@
 
 :EditorPublishClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 ### Curator publish class uri data sets
@@ -290,7 +290,7 @@
 
 :CuratorPublishClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 ### Admin publish class uri data sets
@@ -304,7 +304,7 @@
 
 :AdminPublishClassDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:Class ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 :AllowMatchingClass a access:Rule;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index f55872918c..340fdb6e12 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -727,7 +727,7 @@
 
 :PublicDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 :EditorDropFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -740,7 +740,7 @@
 
 :EditorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 :CuratorDropFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -753,7 +753,7 @@
 
 :CuratorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 :AdminDropFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -766,7 +766,7 @@
 
 :AdminDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 ### Add faux data property data sets
@@ -781,7 +781,7 @@
 
 :PublicAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 :EditorAddFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -794,7 +794,7 @@
 
 :EditorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 :CuratorAddFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -807,7 +807,7 @@
 
 :CuratorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 :AdminAddFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -820,7 +820,7 @@
 
 :AdminAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 ### Edit faux data property data sets
@@ -835,7 +835,7 @@
 
 :PublicEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :EditorEditFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -848,7 +848,7 @@
 
 :EditorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :CuratorEditFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -861,7 +861,7 @@
 
 :CuratorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :AdminEditFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -874,7 +874,7 @@
 
 :AdminEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 ### Drop faux object property data sets
@@ -889,7 +889,7 @@
 
 :PublicDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 :EditorDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -902,7 +902,7 @@
 
 :EditorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 :CuratorDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -915,7 +915,7 @@
 
 :CuratorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 :AdminDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -928,7 +928,7 @@
 
 :AdminDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 ### Add faux object property data sets
@@ -943,7 +943,7 @@
 
 :PublicAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 :EditorAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -956,7 +956,7 @@
 
 :EditorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 :CuratorAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -969,7 +969,7 @@
 
 :CuratorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 :AdminAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -982,7 +982,7 @@
 
 :AdminAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 ### Edit faux object property data sets
@@ -997,7 +997,7 @@
 
 :PublicEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :EditorEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1010,7 +1010,7 @@
 
 :EditorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :CuratorEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1023,7 +1023,7 @@
 
 :CuratorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :AdminEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1036,7 +1036,7 @@
 
 :AdminEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 ### Drop data property data sets
@@ -1051,7 +1051,7 @@
 
 :PublicDropDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 :EditorDropDataPropertyDataSet a access:PolicyDataSet ;
@@ -1064,7 +1064,7 @@
 
 :EditorDropDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 :CuratorDropDataPropertyDataSet a access:PolicyDataSet ;
@@ -1077,7 +1077,7 @@
 
 :CuratorDropDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 :AdminDropDataPropertyDataSet a access:PolicyDataSet ;
@@ -1090,7 +1090,7 @@
 
 :AdminDropDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 ### Add data property data sets
@@ -1105,7 +1105,7 @@
 
 :PublicAddDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 :EditorAddDataPropertyDataSet a access:PolicyDataSet ;
@@ -1118,7 +1118,7 @@
 
 :EditorAddDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 :CuratorAddDataPropertyDataSet a access:PolicyDataSet ;
@@ -1131,7 +1131,7 @@
 
 :CuratorAddDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 :AdminAddDataPropertyDataSet a access:PolicyDataSet ;
@@ -1144,7 +1144,7 @@
 
 :AdminAddDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 ### Edit data property data sets
@@ -1159,7 +1159,7 @@
 
 :PublicEditDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :EditorEditDataPropertyDataSet a access:PolicyDataSet ;
@@ -1172,7 +1172,7 @@
 
 :EditorEditDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :CuratorEditDataPropertyDataSet a access:PolicyDataSet ;
@@ -1185,7 +1185,7 @@
 
 :CuratorEditDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :AdminEditDataPropertyDataSet a access:PolicyDataSet ;
@@ -1198,7 +1198,7 @@
 
 :AdminEditDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 ### Drop object property data sets
@@ -1213,7 +1213,7 @@
 
 :PublicDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 :EditorDropObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1226,7 +1226,7 @@
 
 :EditorDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 :CuratorDropObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1239,7 +1239,7 @@
 
 :CuratorDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 :AdminDropObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1252,7 +1252,7 @@
 
 :AdminDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 ### Add object property data sets
@@ -1267,7 +1267,7 @@
 
 :PublicAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 :EditorAddObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1280,7 +1280,7 @@
 
 :EditorAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 :CuratorAddObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1293,7 +1293,7 @@
 
 :CuratorAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 :AdminAddObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1306,7 +1306,7 @@
 
 :AdminAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 ### Edit object property data sets
@@ -1321,7 +1321,7 @@
 
 :PublicEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :EditorEditObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1334,7 +1334,7 @@
 
 :EditorEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :CuratorEditObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1347,7 +1347,7 @@
 
 :CuratorEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :AdminEditObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1360,7 +1360,7 @@
 
 :AdminEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 
@@ -1376,7 +1376,7 @@
 
 :PublicDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 :EditorDisplayObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1389,7 +1389,7 @@
 
 :EditorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 :CuratorDisplayObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1402,7 +1402,7 @@
 
 :CuratorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 :AdminDisplayObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1415,7 +1415,7 @@
 
 :AdminDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Display data property data sets
@@ -1430,7 +1430,7 @@
 
 :PublicDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 :EditorDisplayDataPropertyDataSet a access:PolicyDataSet ;
@@ -1443,7 +1443,7 @@
 
 :EditorDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 :CuratorDisplayDataPropertyDataSet a access:PolicyDataSet ;
@@ -1456,7 +1456,7 @@
 
 :CuratorDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 :AdminDisplayDataPropertyDataSet a access:PolicyDataSet ;
@@ -1469,7 +1469,7 @@
 
 :AdminDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Display faux object property data sets
@@ -1484,7 +1484,7 @@
 
 :PublicDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 :EditorDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1497,7 +1497,7 @@
 
 :EditorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 :CuratorDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1510,7 +1510,7 @@
 
 :CuratorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 :AdminDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1523,7 +1523,7 @@
 
 :AdminDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Display faux data property data sets
@@ -1538,7 +1538,7 @@
 
 :PublicDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:PUBLIC ;
+    access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 :EditorDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -1551,7 +1551,7 @@
 
 :EditorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 :CuratorDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -1564,7 +1564,7 @@
 
 :CuratorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 :AdminDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -1577,7 +1577,7 @@
 
 :AdminDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Publish object property data sets
@@ -1592,7 +1592,7 @@
 
 :EditorPublishObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 :CuratorPublishObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1605,7 +1605,7 @@
 
 :CuratorPublishObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 :AdminPublishObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1618,7 +1618,7 @@
 
 :AdminPublishObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 ### Publish data property data sets
@@ -1633,7 +1633,7 @@
 
 :EditorPublishDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 :CuratorPublishDataPropertyDataSet a access:PolicyDataSet ;
@@ -1646,7 +1646,7 @@
 
 :CuratorPublishDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 :AdminPublishDataPropertyDataSet a access:PolicyDataSet ;
@@ -1659,7 +1659,7 @@
 
 :AdminPublishDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 ### Publish faux object property data sets
@@ -1674,7 +1674,7 @@
 
 :EditorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 :CuratorPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1687,7 +1687,7 @@
 
 :CuratorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 :AdminPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
@@ -1700,7 +1700,7 @@
 
 :AdminPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 ### Publish faux data property data sets
@@ -1715,7 +1715,7 @@
 
 :EditorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:EDITOR ;
+    access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 :CuratorPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -1728,7 +1728,7 @@
 
 :CuratorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:CURATOR ;
+    access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 :AdminPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
@@ -1741,7 +1741,7 @@
 
 :AdminPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:ADMIN ;
+    access:keyComponent access-individual:AdminRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 :AllowMatchingProperty a access:Rule;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index b3f55a4a18..15ba4e1f4a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -31,7 +31,7 @@
 
 :SelfEditorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Display data property data sets
@@ -46,7 +46,7 @@
 
 :SelfEditorDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Display faux object property data sets
@@ -61,7 +61,7 @@
 
 :SelfEditorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Display faux data property data sets
@@ -76,7 +76,7 @@
 
 :SelfEditorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
 ### Publish object property data sets
@@ -91,7 +91,7 @@
 
 :SelfEditorPublishObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 ### Publish data property data sets
@@ -106,7 +106,7 @@
 
 :SelfEditorPublishDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 ### Publish faux object property data sets
@@ -121,7 +121,7 @@
 
 :SelfEditorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 ### Publish faux data property data sets
@@ -136,7 +136,7 @@
 
 :SelfEditorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
 :AllowMatchingProperty a access:Rule;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index a6b71365fc..dc0cee2c44 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -52,7 +52,7 @@
 :PublicDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:NamedObject ;
     access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponent auth:PUBLIC .
+    access:keyComponent access-individual:PublicRoleUri .
 
 :SelfEditorDataSet a access:PolicyDataSet ;
     access:dataSetKey :SelfEditorDataSetKey ;
@@ -62,7 +62,7 @@
 :SelfEditorDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:NamedObject ;
     access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponent auth:SELF_EDITOR .
+    access:keyComponent access-individual:SelfEditorRoleUri .
 
 :EditorDataSet a access:PolicyDataSet ;
     access:dataSetKey :EditorDataSetKey ;
@@ -72,7 +72,7 @@
 :EditorDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:NamedObject ;
     access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponent auth:EDITOR .
+    access:keyComponent access-individual:EditorRoleUri .
 
 :CuratorDataSet a access:PolicyDataSet ;
     access:dataSetKey :CuratorDataSetKey ;
@@ -82,7 +82,7 @@
 :CuratorDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:NamedObject ;
     access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponent auth:CURATOR .
+    access:keyComponent access-individual:CuratorRoleUri .
 
 :AdminDataSet a access:PolicyDataSet ;
     access:dataSetKey :AdminDataSetKey  ;
@@ -92,7 +92,7 @@
 :AdminDataSetKey  a access:DataSetKey ;
     access:keyComponent access-individual:NamedObject ;
     access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponent auth:ADMIN .
+    access:keyComponent access-individual:AdminRoleUri .
 
 :AllowSimplePermission a access:Rule;
     access:requiresCheck :IsSimplePermission ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 7a1579b0be..302f485a98 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -37,7 +37,7 @@
 
 :SelfEditorAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 ### Add data property data sets
@@ -52,7 +52,7 @@
 
 :SelfEditorAddDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 ### Add faux object property data sets
@@ -67,7 +67,7 @@
 
 :SelfEditorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 ### Add faux data property data sets
@@ -82,7 +82,7 @@
 
 :SelfEditorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
 ### Drop object property data sets
@@ -97,7 +97,7 @@
 
 :SelfEditorDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 ### Drop data property data sets
@@ -112,7 +112,7 @@
 
 :SelfEditorDropDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 ### Drop faux object property data sets
@@ -127,7 +127,7 @@
 
 :SelfEditorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 ### Drop faux data property data sets
@@ -142,7 +142,7 @@
 
 :SelfEditorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
 ### Edit object property data sets
@@ -157,7 +157,7 @@
 
 :SelfEditorEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 ### Edit data property data sets
@@ -172,7 +172,7 @@
 
 :SelfEditorEditDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:DataProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 ### Edit faux object property data sets
@@ -187,7 +187,7 @@
 
 :SelfEditorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 ### Edit faux data property data sets
@@ -202,7 +202,7 @@
 
 :SelfEditorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent auth:SELF_EDITOR ;
+    access:keyComponent access-individual:SelfEditorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
 :AllowMatchingProperty a access:Rule;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index e7bb5f62b6..0d6f619a0d 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -49,6 +49,11 @@
     rdfs:comment "Type of access object";
     rdfs:label "Object type"@en-US .
 
+:SubjectRoleUri a owl:Class ;
+    rdfs:subClassOf :AttributeValuePattern ;
+    rdfs:comment "Subject role uri pattern";
+    rdfs:label "subject role uri"@en-US .
+
 :SubjectType a owl:Class ;
     rdfs:subClassOf :AttributeValuePattern ;
     rdfs:comment "Type of subject(user, non-personal entity) requested access";
@@ -214,7 +219,14 @@
     rdfs:domain :PolicyTemplate ;
     rdfs:range :DataSetTemplate .
 
+:keyComponentTemplate a owl:ObjectProperty ;
+    rdfs:comment "Specify component of combined key";
+    rdfs:domain :DataSetKeyTemplate ;
+    rdfs:range :AttributeType ;
+    rdfs:label "key component"@en-US .
+
 :keyComponent a owl:ObjectProperty ;
     rdfs:comment "Specify component of combined key";
     rdfs:domain [ a owl:Class ; owl:unionOf ( :DataSetKeyTemplate :DataSetKey ) ] ;
+    rdfs:range :AttributeValuePattern ;
     rdfs:label "key component"@en-US .

From 3701bbb25dd08b5469737a6959811b1616d63db3 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 23 Nov 2023 19:03:05 +0100
Subject: [PATCH 123/148] checkstyle fixes

---
 .../cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java  | 2 +-
 .../vitro/webapp/auth/policy/EntityPolicyController.java        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java
index d6b50f5b54..1a18355be8 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/checks/CheckFactory.java
@@ -3,8 +3,8 @@
 package edu.cornell.mannlib.vitro.webapp.auth.checks;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.Attribute;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueKey;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.ValueSetFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import org.apache.jena.query.QuerySolution;
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
index 4bc049797a..98145a6f38 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
@@ -14,9 +14,9 @@
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueKey;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSet;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueSetRegistry;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueKey;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;

From 419aff77ba4ea9073e3e247ce6532f6c3640a544 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 09:23:51 +0100
Subject: [PATCH 124/148] renamed access:operator to access:useOperator

---
 .../vitro/webapp/auth/policy/PolicyLoader.java   |  4 ++--
 .../webapp/auth/rules/proximity_test_policy.n3   |  2 +-
 .../webapp/auth/rules/test_policy_broken1.n3     |  2 +-
 .../webapp/auth/rules/test_policy_broken2.n3     |  4 ++--
 .../webapp/auth/rules/test_policy_broken3.n3     |  4 ++--
 .../webapp/auth/rules/test_policy_broken4.n3     |  4 ++--
 .../webapp/auth/rules/test_policy_broken5.n3     |  4 ++--
 .../webapp/auth/rules/test_policy_broken_set.n3  |  4 ++--
 .../vitro/webapp/auth/rules/test_policy_key.n3   |  2 +-
 .../vitro/webapp/auth/rules/test_policy_valid.n3 |  2 +-
 .../webapp/auth/rules/test_policy_valid_set.n3   |  4 ++--
 .../firsttime/policy_editable_pages.n3           | 14 +++++++-------
 .../firsttime/policy_menu_items_editing.n3       | 10 +++++-----
 .../accessControl/firsttime/policy_root_user.n3  |  2 +-
 .../firsttime/template_access_allowed_class.n3   |  8 ++++----
 .../template_access_allowed_property.n3          | 12 ++++++------
 .../template_access_related_allowed_property.n3  | 12 ++++++------
 .../template_not_modifiable_statements.n3        | 16 ++++++++--------
 .../firsttime/template_simple_permissions.n3     |  8 ++++----
 .../template_update_related_allowed_property.n3  | 14 +++++++-------
 .../firsttime/vitro-access-control-ontology.n3   |  6 +++---
 21 files changed, 69 insertions(+), 69 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 567f245ea3..d8b2c8561f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -102,7 +102,7 @@ public class PolicyLoader {
             + "?policy access:hasRule ?rule . \n"
             + "?rule access:requiresCheck ?check .\n"
             + "OPTIONAL {\n"
-            + "  ?check access:operator ?checkTest .\n"
+            + "  ?check access:useOperator ?checkTest .\n"
             + "  OPTIONAL {\n"
             + "    ?checkTest access:id ?testId . \n"
             + "  }\n"
@@ -136,7 +136,7 @@ public class PolicyLoader {
             + "    ?rule access:requiresCheck ?check .\n"
             + "    ?check a access:Check .\n"
             + "    OPTIONAL {\n"
-            + "      ?check access:operator ?checkTest .\n"
+            + "      ?check access:useOperator ?checkTest .\n"
             + "      OPTIONAL {\n"
             + "        ?checkTest access:id ?testId .\n"
             + "      }\n"
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
index 4693c13e17..7d25ee348b 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
@@ -15,7 +15,7 @@ access-individual:AllowPersonEditOwnPublication rdf:type access:Rule ;
     access:requiresCheck access-individual:PublicationInProximityAttribute .
           
 access-individual:PublicationInProximityAttribute rdf:type access:Check ;
-    access:operator access-individual:SparqlSelectQueryContains ;
+    access:useOperator access-individual:SparqlSelectQueryContains ;
     access:attribute access-individual:StatementSubjectUri ;
     access:value access-individual:PublicationProximityToPerson .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
index 67a00409f7..e0e2b08c77 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
@@ -20,7 +20,7 @@ access-individual:BrokenTestAttribute rdf:type access:Check ;
     access:value access-individual:PublishOperation .
  
 access-individual:ValidTestAttribute rdf:type access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
index 68eeea5f3f..848a22226e 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
@@ -16,11 +16,11 @@ access-individual:BrokenTestRule rdf:type access:Rule ;
     access:requiresCheck access-individual:BrokenTestAttribute .
   
 access-individual:BrokenTestAttribute rdf:type access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:value access-individual:PublishOperation .
  
 access-individual:ValidTestAttribute rdf:type access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
index aa02263b5f..fd6d010f34 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
@@ -16,12 +16,12 @@ access-individual:BrokenTestRule rdf:type access:Rule ;
     access:requiresCheck access-individual:BrokenTestAttribute .
   
 access-individual:BrokenTestAttribute rdf:type access:Check ;
-    access:operator access-individual:UnknownTest ;
+    access:useOperator access-individual:UnknownTest ;
     access:attribute access-individual:Operation ;
     access:value access-individual:PublishOperation .
  
 access-individual:ValidTestAttribute rdf:type access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
index 5fcded4da5..58fd51f987 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
@@ -16,12 +16,12 @@ access-individual:BrokenTestRule rdf:type access:Rule ;
     access:requiresCheck access-individual:BrokenTestAttribute .
 
 access-individual:BrokenTestAttribute rdf:type access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:UnknownType ;
     access:value access-individual:PublishOperation .
 
 access-individual:ValidTestAttribute rdf:type access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index cacba78aac..45050e0d09 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -17,12 +17,12 @@ access-individual:BrokenRule rdf:type access:Rule ;
     access:requiresCheck access-individual:BrokenAttribute2 .
 
 access-individual:BrokenAttribute1 rdf:type access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:ObjectUri ;
     access:setValue access-individual:valueSet1 .
 
 access-individual:BrokenAttribute2 rdf:type access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:ObjectUri ;
     access:setValue access-individual:valueSet2 .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index d398931af0..6ff22de96a 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -18,13 +18,13 @@ access-individual:BrokenRule rdf:type access:Rule ;
     access:requiresCheck access-individual:BrokenSetAttribute2 .
     
 access-individual:BrokenSetAttribute1 rdf:type access:Check ;
-    access:operator access-individual:NotOneOf ;
+    access:useOperator access-individual:NotOneOf ;
     access:attribute access-individual:ObjectUri ;
     access:values access-individual:valueSet1 ;
     .
     
 access-individual:BrokenSetAttribute2 rdf:type access:Check ;
-    access:operator access-individual:NotOneOf ;
+    access:useOperator access-individual:NotOneOf ;
     access:attribute access-individual:ObjectUri ;
     access:values access-individual:valueSet2 ;
     .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
index c5fdc7245d..0b181ec05e 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -16,7 +16,7 @@ access-individual:KeyTestRule rdf:type access:Rule ;
     access:requiresCheck access-individual:KeyTestAttribute .
     
 access-individual:KeyTestAttribute rdf:type access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
index c5264dd755..ad4dcba404 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
@@ -15,7 +15,7 @@ access-individual:ValidRule rdf:type access:Rule ;
     access:requiresCheck access-individual:ValidAttribute .
     
 access-individual:ValidAttribute rdf:type access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index 128ab7bfea..6a9d9b8418 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -18,14 +18,14 @@ access-individual:ValidRule rdf:type access:Rule ;
     access:requiresCheck access-individual:ValidAttribute2 .
     
 access-individual:ValidAttribute1 rdf:type access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectUri ;
     access:values access-individual:valueSet1 ;
     access:values access-individual:valueSet3 ;
     .
     
 access-individual:ValidAttribute2 rdf:type access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectUri ;
     access:values access-individual:valueSet4 ;
     access:values access-individual:valueSet2 ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index da4fd01c79..e3abd38558 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -17,19 +17,19 @@
     access:requiresCheck :PredicateIsSomePredicate .
 
 :SubjectRoleOneOfEditorsCheck a access:Check ;
-    access:operator access-individual:OneOf ;
+    access:useOperator access-individual:OneOf ;
     access:attribute access-individual:SubjectRole ;
     access:value access-individual:AdminRoleUri ;
     access:value access-individual:CuratorRoleUri ;
     access:value access-individual:EditorRoleUri .
 
 :SubjectRoleIsSelfEditor a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
     access:value access-individual:SelfEditorRoleUri .
 
 :IsAddOperation a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:value access-individual:AddOperation .
 
@@ -42,22 +42,22 @@
     access:requiresCheck :PredicateIsSomePredicate .
 
 :PredicateIsSomePredicate a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:StatementPredicateUri ;
     access:value :SomeUri .
 
 :ObjectUriIsSomeUri a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:StatementObjectUri ;
     access:value :SomeUri .
 
 :SubjectUriIsProfileRelatedResource a access:Check ;
-    access:operator access-individual:SparqlSelectQueryContains ;
+    access:useOperator access-individual:SparqlSelectQueryContains ;
     access:attribute access-individual:StatementSubjectUri ;
     access:value access-individual:PersonProfileProximityToResourceUri .
 
 :IsObjectPropertyStatement a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:value access-individual:ObjectPropertyStatement .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
index 8d4ec9a8e9..28aa30e14c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
@@ -24,26 +24,26 @@
     access:requiresCheck :ObjectUriEqualsHasElement .
 
 :IsEditOperationCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:value access-individual:EditOperation .
 
 :IsDropOperationCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:value access-individual:DropOperation .
 
 :IsObjectPropertyStatement a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:value access-individual:ObjectPropertyStatement .
 
 :PredicateUriEqualsHomeMenuItem a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:StatementPredicateUri ;
     access:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem> .
 
 :ObjectUriEqualsHasElement a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:StatementObjectUri ;
     access:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
index d45cf7dc6d..26d5960403 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
@@ -12,7 +12,7 @@
     access:requiresCheck :IsRootUserCheck .
 
 :IsRootUserCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:SubjectType ;
     access:value access-individual:RootUserSubject .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index cbae764994..7b5a407e24 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -314,13 +314,13 @@
     access:requiresCheck :AccessObjectUriCheck .
 
 :AccessObjectTypeCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:values access-individual:ClassValueSet ;
     .
 
 :OperationCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:values access-individual:DisplayOperationValueSet ;
     access:values access-individual:PublishOperationValueSet ;
@@ -328,7 +328,7 @@
     .
 
 :SubjectRoleCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
     access:values access-individual:PublicRoleValueSet ;
     access:values access-individual:SelfEditorRoleValueSet ;
@@ -337,7 +337,7 @@
     access:values access-individual:AdminRoleValueSet .
 
 :AccessObjectUriCheck a access:Check ;
-    access:operator access-individual:OneOf ;
+    access:useOperator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
     access:values :AdminPublishClassValueSet ;
     access:values :AdminDisplayClassValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 340fdb6e12..5f1fa1db93 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -1751,7 +1751,7 @@
     access:requiresCheck :AccessObjectUriContainsInDataSet .
 
 :AccessObjectTypeEqualsDataSetValue a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:values access-individual:ObjectPropertyValueSet ;
     access:values access-individual:DataPropertyValueSet ;
@@ -1767,7 +1767,7 @@
     .
 
 :AccessObjectTypeStatementEquals a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:values access-individual:ObjectPropertyStatementValueSet ;
     access:values access-individual:DataPropertyStatementValueSet ;
@@ -1776,7 +1776,7 @@
     .
 
 :OperationEqualsDataSetOperation a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:values access-individual:DisplayOperationValueSet ;
     access:values access-individual:PublishOperationValueSet ;
@@ -1786,7 +1786,7 @@
     .
 
 :SubjectRoleEqualsDataSetRoleAttribute a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
     access:values access-individual:PublicRoleValueSet ;
     access:values access-individual:EditorRoleValueSet ;
@@ -1794,7 +1794,7 @@
     access:values access-individual:AdminRoleValueSet .
 
 :StatementPredicateEquals a access:Check ;
-    access:operator access-individual:OneOf ;
+    access:useOperator access-individual:OneOf ;
     access:attribute access-individual:StatementPredicateUri ;
     access:values :PublicDisplayObjectPropertyValueSet ;
     access:values :EditorDisplayObjectPropertyValueSet ;
@@ -1894,7 +1894,7 @@
     .
 
 :AccessObjectUriContainsInDataSet a access:Check ;
-    access:operator access-individual:OneOf ;
+    access:useOperator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
     access:values :PublicDisplayObjectPropertyValueSet ;
     access:values :EditorDisplayObjectPropertyValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 15ba4e1f4a..5aed6a5fcb 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -146,7 +146,7 @@
     access:requiresCheck :AccessObjectUriCheck .
 
 :AccessObjectTypeCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:values access-individual:ObjectPropertyValueSet ;
     access:values access-individual:DataPropertyValueSet ;
@@ -162,7 +162,7 @@
     .
 
 :AccessObjectStatementTypeCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:values access-individual:ObjectPropertyStatementValueSet ;
     access:values access-individual:DataPropertyStatementValueSet ;
@@ -171,19 +171,19 @@
     .
 
 :OperationCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:values access-individual:DisplayOperationValueSet ;
     access:values access-individual:PublishOperationValueSet ;
     .
 
 :SubjectRoleCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
     access:values access-individual:SelfEditorRoleValueSet .
 
 :StatementPredicateCheck a access:Check ;
-    access:operator access-individual:OneOf ;
+    access:useOperator access-individual:OneOf ;
     access:attribute access-individual:StatementPredicateUri ;
     access:values :SelfEditorDisplayObjectPropertyValueSet ;
     access:values :SelfEditorDisplayDataPropertyValueSet ;
@@ -196,7 +196,7 @@
     .
 
 :AccessObjectUriCheck a access:Check ;
-    access:operator access-individual:OneOf ;
+    access:useOperator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
     access:values :SelfEditorDisplayObjectPropertyValueSet ;
     access:values :SelfEditorDisplayDataPropertyValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index cc4096e8b4..dd3e841f3e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -45,43 +45,43 @@
     access:requiresCheck :PredicateNotANamespaceException .
 
 :IsObjectPropertyStatement a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:value access-individual:ObjectPropertyStatement .
 
 :IsDataPropertyStatement a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:value access-individual:DataPropertyStatement .
 
 ### Not modifiable property statement attributes
 :PredicateUriStartWithProhibitedNamespace a access:Check ;
-    access:operator access-individual:StartsWith ;
+    access:useOperator access-individual:StartsWith ;
     access:attribute access-individual:StatementPredicateUri ;
     access:values :ProhibitedNamespaceValueSet .
 
 :PredicateNotANamespaceException a access:Check ;
-    access:operator access-individual:NotOneOf ;
+    access:useOperator access-individual:NotOneOf ;
     access:attribute access-individual:StatementPredicateUri ;
     access:values :ProhibitedNamespaceExceptionsValueSet .
 
 :SubjectUriStartWithProhibitedNamespace a access:Check ;
-    access:operator access-individual:StartsWith ;
+    access:useOperator access-individual:StartsWith ;
     access:attribute access-individual:StatementSubjectUri ;
     access:values :ProhibitedNamespaceValueSet .
 
 :StatementSubjectNotOneOfProhibitedExceptions a access:Check ;
-    access:operator access-individual:NotOneOf ;
+    access:useOperator access-individual:NotOneOf ;
     access:attribute access-individual:StatementSubjectUri ;
     access:values :ProhibitedNamespaceExceptionsValueSet .
 
 :StatementObjectUriStartsWithProhibitedNameSpace a access:Check ;
-    access:operator access-individual:StartsWith ;
+    access:useOperator access-individual:StartsWith ;
     access:attribute access-individual:StatementObjectUri ;
     access:values :ProhibitedNamespaceValueSet .
 
 :ObjectUriNotOneOfProhibitedExceptions a access:Check ;
-    access:operator access-individual:NotOneOf ;
+    access:useOperator access-individual:NotOneOf ;
     access:attribute access-individual:StatementObjectUri ;
     access:values :ProhibitedNamespaceExceptionsValueSet .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index dc0cee2c44..630ecfa479 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -101,12 +101,12 @@
     access:requiresCheck :SubjectRoleEqualsDataSetRole .
 
 :IsExecuteOperation a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:value access-individual:ExecuteOperation .
 
 :PermissionNameAllowed a access:Check ;
-    access:operator access-individual:OneOf ;
+    access:useOperator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
     access:values :PublicSimplePermissionValueSet ;
     access:values :SelfEditorSimplePermissionValueSet ;
@@ -115,7 +115,7 @@
     access:values :AdminSimplePermissionValueSet .
 
 :IsSimplePermission a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:value access-individual:NamedObject .
 
@@ -131,7 +131,7 @@
     access:containsElementsOfType access-individual:NamedObject .
 
 :SubjectRoleEqualsDataSetRole a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
     access:values access-individual:PublicRoleValueSet ;
     access:values access-individual:SelfEditorRoleValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 302f485a98..2922d85345 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -212,7 +212,7 @@
     access:requiresCheck :AccessObjectUriCheck .
 
 :AccessObjectTypeCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:values access-individual:ObjectPropertyValueSet ;
     access:values access-individual:DataPropertyValueSet ;
@@ -229,12 +229,12 @@
     .
 
 :RelationCheck a access:Check ;
-    access:operator access-individual:SparqlSelectQueryContains ;
+    access:useOperator access-individual:SparqlSelectQueryContains ;
     access:attribute access-individual:StatementSubjectUri ;
     access:value access-individual:PersonProfileProximityToResourceUri .
 
 :AccessObjectStatementTypeCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:AccessObjectType ;
     access:values access-individual:ObjectPropertyStatementValueSet ;
     access:values access-individual:DataPropertyStatementValueSet ;
@@ -243,7 +243,7 @@
     .
 
 :OperationCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
     access:values access-individual:AddOperationValueSet ;
     access:values access-individual:DropOperationValueSet ;
@@ -251,12 +251,12 @@
     .
 
 :SubjectRoleCheck a access:Check ;
-    access:operator access-individual:Equals ;
+    access:useOperator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
     access:values access-individual:SelfEditorRoleValueSet .
 
 :StatementPredicateCheck a access:Check ;
-    access:operator access-individual:OneOf ;
+    access:useOperator access-individual:OneOf ;
     access:attribute access-individual:StatementPredicateUri ;
     access:values :SelfEditorAddObjectPropertyValueSet ;
     access:values :SelfEditorAddDataPropertyValueSet ;
@@ -275,7 +275,7 @@
     .
 
 :AccessObjectUriCheck a access:Check ;
-    access:operator access-individual:OneOf ;
+    access:useOperator access-individual:OneOf ;
     access:attribute access-individual:AccessObjectUri ;
     access:values :SelfEditorAddObjectPropertyValueSet ;
     access:values :SelfEditorAddDataPropertyValueSet ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 0d6f619a0d..2f4de6e3d5 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -127,9 +127,9 @@
     rdfs:label "value"@en-US ;
     rdfs:domain [ a owl:Class ; owl:unionOf  ( :ValueSetTemplate :ValueSet :Check ) ] .
 
-:operator a owl:ObjectProperty ;
-    rdfs:comment "Set type of check to perform";
-    rdfs:label "operator"@en-US ;
+:useOperator a owl:ObjectProperty ;
+    rdfs:comment "Use operator in :Check";
+    rdfs:label "use operator"@en-US ;
     rdfs:domain :Check ;
     rdfs:range :Operator .
 

From ba7e91c5fe50835f04c2ab272d11f9dfc3474a40 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 09:41:52 +0100
Subject: [PATCH 125/148] renamed access:policyDataSetTemplate to
 access:hasDataSetTemplate

---
 .../webapp/auth/policy/PolicyLoader.java      |  2 +-
 .../webapp/auth/rules/data_set_templates.n3   |  4 +-
 .../template_access_allowed_class.n3          |  6 +--
 .../template_access_allowed_property.n3       | 48 +++++++++----------
 .../firsttime/template_simple_permissions.n3  |  2 +-
 .../vitro-access-control-ontology.n3          |  6 +--
 6 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index d8b2c8561f..ac9708c492 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -212,7 +212,7 @@ public class PolicyLoader {
             + "SELECT ?dataSetTemplate ?policyTemplate ( COUNT(?key) AS ?keySize )\n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?policyTemplate access:policyDataSetTemplate ?dataSetTemplate .\n"
+            + "    ?policyTemplate access:hasDataSetTemplate ?dataSetTemplate .\n"
             + "    ?dataSetTemplate access:dataSetTemplateKey ?dataSetTemplateKey .\n"
             + "    ?dataSetTemplateKey access:templateKey access-individual:SubjectRole .\n"
             + "    ?dataSetTemplateKey access:templateKey ?key .\n"
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index 0c085142be..ca1ced294f 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -11,8 +11,8 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/template/test-data-set-templates/> .
 
 :PolicyTemplate a access:PolicyTemplate ;
-    access:policyDataSetTemplate :RoleDataSetTemplate1 ;
-    access:policyDataSetTemplate :RoleDataSetTemplate2 ;
+    access:hasDataSetTemplate :RoleDataSetTemplate1 ;
+    access:hasDataSetTemplate :RoleDataSetTemplate2 ;
     access:policyDataSet :PublicDataSet .
 
 #Role data set templates
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 7b5a407e24..665c8f97d6 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -25,9 +25,9 @@
     access:policyDataSet :CuratorPublishClassDataSet ;
     access:policyDataSet :AdminPublishClassDataSet ;
 
-    access:policyDataSetTemplate :RoleDisplayClassDataSetTemplate ;
-    access:policyDataSetTemplate :RoleUpdateClassDataSetTemplate ;
-    access:policyDataSetTemplate :RolePublishClassDataSetTemplate ;
+    access:hasDataSetTemplate :RoleDisplayClassDataSetTemplate ;
+    access:hasDataSetTemplate :RoleUpdateClassDataSetTemplate ;
+    access:hasDataSetTemplate :RolePublishClassDataSetTemplate ;
     .
 
 #Role Display Class data set template
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 5f1fa1db93..9cd23ff07d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -105,30 +105,30 @@
     access:policyDataSet :CuratorDropFauxDataPropertyDataSet ;
     access:policyDataSet :AdminDropFauxDataPropertyDataSet ;
 
-    access:policyDataSetTemplate :RoleDisplayObjectPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RolePublishObjectPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RoleAddObjectPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RoleDropObjectPropertyDataSetTemplate ;
-
-    access:policyDataSetTemplate :RoleEditObjectPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RoleDisplayDataPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RolePublishDataPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RoleAddDataPropertyDataSetTemplate ;
-
-    access:policyDataSetTemplate :RoleDropDataPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RoleEditDataPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RoleDisplayFauxObjectPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RolePublishFauxObjectPropertyDataSetTemplate ;
-
-    access:policyDataSetTemplate :RoleAddFauxObjectPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RoleDropFauxObjectPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RoleEditFauxObjectPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RoleDisplayFauxDataPropertyDataSetTemplate ;
-
-    access:policyDataSetTemplate :RolePublishFauxDataPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RoleAddFauxDataPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RoleDropFauxDataPropertyDataSetTemplate ;
-    access:policyDataSetTemplate :RoleEditFauxDataPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleDisplayObjectPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RolePublishObjectPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleAddObjectPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleDropObjectPropertyDataSetTemplate ;
+
+    access:hasDataSetTemplate :RoleEditObjectPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleDisplayDataPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RolePublishDataPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleAddDataPropertyDataSetTemplate ;
+
+    access:hasDataSetTemplate :RoleDropDataPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleEditDataPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleDisplayFauxObjectPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RolePublishFauxObjectPropertyDataSetTemplate ;
+
+    access:hasDataSetTemplate :RoleAddFauxObjectPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleDropFauxObjectPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleEditFauxObjectPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleDisplayFauxDataPropertyDataSetTemplate ;
+
+    access:hasDataSetTemplate :RolePublishFauxDataPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleAddFauxDataPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleDropFauxDataPropertyDataSetTemplate ;
+    access:hasDataSetTemplate :RoleEditFauxDataPropertyDataSetTemplate ;
     .
 
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 630ecfa479..6dac1c9bd4 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -9,7 +9,7 @@
 :PolicyTemplate a access:PolicyTemplate ;
     access:priority 1000 ;
     access:hasRule :AllowSimplePermission ;
-    access:policyDataSetTemplate :RoleDataSetTemplate ;
+    access:hasDataSetTemplate :RoleDataSetTemplate ;
     access:policyDataSet :PublicDataSet ;
     access:policyDataSet :SelfEditorDataSet ;
     access:policyDataSet :EditorDataSet ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 2f4de6e3d5..39a20a1689 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -213,9 +213,9 @@
     rdfs:domain :DataSetTemplate ;
     rdfs:range :DataSetKeyTemplate .
 
-:policyDataSetTemplate a owl:ObjectProperty ;
-    rdfs:comment "Assign data set template to policy data set";
-    rdfs:label "policy data set template"@en-US ;
+:hasDataSetTemplate a owl:ObjectProperty ;
+    rdfs:comment "Relates policy template to data set template";
+    rdfs:label "has data set template"@en-US ;
     rdfs:domain :PolicyTemplate ;
     rdfs:range :DataSetTemplate .
 

From f17391959dd3a6c9889233f7b6eb8cf8b6c4cc30 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 09:58:45 +0100
Subject: [PATCH 126/148] renamed access:policyDataSet to access:hasDataSet

---
 .../webapp/auth/policy/PolicyLoader.java      |  10 +-
 .../auth/policy/PolicyTemplateController.java |   4 +-
 .../webapp/auth/rules/data_set_templates.n3   |   2 +-
 .../webapp/auth/rules/test_policy_broken5.n3  |   2 +-
 .../auth/rules/test_policy_broken_set.n3      |   4 +-
 .../auth/rules/test_policy_valid_set.n3       |   4 +-
 .../template_access_allowed_class.n3          |  32 +--
 .../template_access_allowed_property.n3       | 190 +++++++++---------
 ...emplate_access_related_allowed_property.n3 |  16 +-
 .../template_not_modifiable_statements.n3     |   2 +-
 .../firsttime/template_simple_permissions.n3  |  10 +-
 ...emplate_update_related_allowed_property.n3 |  28 +--
 .../vitro-access-control-ontology.n3          |   6 +-
 13 files changed, 155 insertions(+), 155 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index ac9708c492..86a651b251 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -75,7 +75,7 @@ public class PolicyLoader {
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?policyTemplate access:priority ?set_priority .\n"
-            + "    ?policyTemplate access:policyDataSet ?dataSet .\n"
+            + "    ?policyTemplate access:hasDataSet ?dataSet .\n"
             + "    OPTIONAL {?policy access:priority ?policyPriority" + " . }\n"
             + "    OPTIONAL {?dataSet access:priority ?dataSetPriority" + " . }\n"
             + "    BIND(COALESCE(?dataSetPriority, ?policyPriority, 0 ) as ?" + PRIORITY + " ) .\n"
@@ -88,7 +88,7 @@ public class PolicyLoader {
             + "SELECT DISTINCT ?dataSet \n" + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "       ?policy a access:PolicyTemplate .\n"
-            + "       ?policy access:policyDataSet ?dataSet .\n"
+            + "       ?policy access:hasDataSet ?dataSet .\n"
             + "  }\n"
             + "} ORDER BY ?dataSet";
 
@@ -131,7 +131,7 @@ public class PolicyLoader {
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?policy a access:PolicyTemplate .\n"
-            + "    ?policy access:policyDataSet ?dataSet .\n"
+            + "    ?policy access:hasDataSet ?dataSet .\n"
             + "    ?policy access:hasRule ?rule .\n"
             + "    ?rule access:requiresCheck ?check .\n"
             + "    ?check a access:Check .\n"
@@ -177,7 +177,7 @@ public class PolicyLoader {
             + POLICY + " ?dataSet ?testData ?value ?valueId ?valueSet ( COUNT(?key) AS ?keySize ) \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "  ?" + POLICY + " access:policyDataSet ?dataSet .\n"
+            + "  ?" + POLICY + " access:hasDataSet ?dataSet .\n"
             + "  ?dataSet access:dataSetKey ?dataSetKeyUri .\n"
             + "  ?dataSet access:dataSetValues ?valueSet .\n"
             + "  ?valueSet access:containsElementsOfType ?setElementsType .\n"
@@ -199,7 +199,7 @@ public class PolicyLoader {
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "  ?dataSet access:dataSetKey ?dataSetKeyUri .\n"
-            + "  ?" + POLICY + " access:policyDataSet ?dataSet . \n"
+            + "  ?" + POLICY + " access:hasDataSet ?dataSet . \n"
             + "  ?dataSet access:dataSetValues ?valueSet . \n"
             + "  ?valueSet access:containsElementsOfType ?setElementsTypeUri . \n"
             + "  ?setElementsTypeUri access:id ?setElementsType . \n";
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
index c75acc5e78..85f3df46e4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -50,9 +50,9 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
                 return;
             }
         }
-        // Add ?dataSets ao:policyDataSet dataSetUri .
+        // Add ?dataSets ao:hasDataSet dataSetUri .
         dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetsUri),
-                dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "policyDataSet"),
+                dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "hasDataSet"),
                 dataSetModel.createResource(dataSetUri)));
 
         dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index ca1ced294f..ca7d445859 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -13,7 +13,7 @@
 :PolicyTemplate a access:PolicyTemplate ;
     access:hasDataSetTemplate :RoleDataSetTemplate1 ;
     access:hasDataSetTemplate :RoleDataSetTemplate2 ;
-    access:policyDataSet :PublicDataSet .
+    access:hasDataSet :PublicDataSet .
 
 #Role data set templates
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index 45050e0d09..5e107f07fb 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -9,7 +9,7 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenTestSetPolicy rdf:type access:Policy ;
-    access:policyDataSet access-individual:testDataSet1 ;
+    access:hasDataSet access-individual:testDataSet1 ;
     access:hasRule access-individual:BrokenRule .
 
 access-individual:BrokenRule rdf:type access:Rule ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index 6ff22de96a..1009c131ad 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -9,8 +9,8 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:BrokenTestSetPolicy rdf:type access:Policy ;
-    access:policyDataSet access-individual:testDataSet1 ;
-    access:policyDataSet access-individual:testDataSet2 ;
+    access:hasDataSet access-individual:testDataSet1 ;
+    access:hasDataSet access-individual:testDataSet2 ;
     access:hasRule access-individual:BrokenRule .
     
 access-individual:BrokenRule rdf:type access:Rule ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index 6a9d9b8418..f9f6a2ff5c 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -9,8 +9,8 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
 access-individual:ValidTestSetPolicy rdf:type access:PolicyTemplate ;
-    access:policyDataSet access-individual:testDataSet2 ;
-    access:policyDataSet access-individual:testDataSet1 ;
+    access:hasDataSet access-individual:testDataSet2 ;
+    access:hasDataSet access-individual:testDataSet1 ;
     access:hasRule access-individual:ValidRule .
     
 access-individual:ValidRule rdf:type access:Rule ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 665c8f97d6..96f6b99186 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -8,22 +8,22 @@
 :PolicyTemplate a access:PolicyTemplate ;
     access:hasRule :AllowMatchingClass ;
 
-    access:policyDataSet :PublicDisplayClassDataSet ;
-    access:policyDataSet :SelfEditorDisplayClassDataSet ;
-    access:policyDataSet :EditorDisplayClassDataSet ;
-    access:policyDataSet :CuratorDisplayClassDataSet ;
-    access:policyDataSet :AdminDisplayClassDataSet ;
-
-    access:policyDataSet :PublicUpdateClassDataSet ;
-    access:policyDataSet :SelfEditorUpdateClassDataSet ;
-    access:policyDataSet :EditorUpdateClassDataSet ;
-    access:policyDataSet :CuratorUpdateClassDataSet ;
-    access:policyDataSet :AdminUpdateClassDataSet ;
-
-    access:policyDataSet :SelfEditorPublishClassDataSet ;
-    access:policyDataSet :EditorPublishClassDataSet ;
-    access:policyDataSet :CuratorPublishClassDataSet ;
-    access:policyDataSet :AdminPublishClassDataSet ;
+    access:hasDataSet :PublicDisplayClassDataSet ;
+    access:hasDataSet :SelfEditorDisplayClassDataSet ;
+    access:hasDataSet :EditorDisplayClassDataSet ;
+    access:hasDataSet :CuratorDisplayClassDataSet ;
+    access:hasDataSet :AdminDisplayClassDataSet ;
+
+    access:hasDataSet :PublicUpdateClassDataSet ;
+    access:hasDataSet :SelfEditorUpdateClassDataSet ;
+    access:hasDataSet :EditorUpdateClassDataSet ;
+    access:hasDataSet :CuratorUpdateClassDataSet ;
+    access:hasDataSet :AdminUpdateClassDataSet ;
+
+    access:hasDataSet :SelfEditorPublishClassDataSet ;
+    access:hasDataSet :EditorPublishClassDataSet ;
+    access:hasDataSet :CuratorPublishClassDataSet ;
+    access:hasDataSet :AdminPublishClassDataSet ;
 
     access:hasDataSetTemplate :RoleDisplayClassDataSetTemplate ;
     access:hasDataSetTemplate :RoleUpdateClassDataSetTemplate ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 9cd23ff07d..4c9a159d72 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -9,101 +9,101 @@
     access:hasRule :AllowMatchingPropertyStatement ;
     access:hasRule :AllowMatchingProperty ;
 
-    access:policyDataSet :PublicDisplayObjectPropertyDataSet ;
-    access:policyDataSet :EditorDisplayObjectPropertyDataSet ;
-    access:policyDataSet :CuratorDisplayObjectPropertyDataSet ;
-    access:policyDataSet :AdminDisplayObjectPropertyDataSet ;
-
-    access:policyDataSet :PublicDisplayDataPropertyDataSet ;
-    access:policyDataSet :EditorDisplayDataPropertyDataSet ;
-    access:policyDataSet :CuratorDisplayDataPropertyDataSet ;
-    access:policyDataSet :AdminDisplayDataPropertyDataSet ;
-
-    access:policyDataSet :PublicDisplayFauxObjectPropertyDataSet ;
-    access:policyDataSet :EditorDisplayFauxObjectPropertyDataSet ;
-    access:policyDataSet :CuratorDisplayFauxObjectPropertyDataSet ;
-    access:policyDataSet :AdminDisplayFauxObjectPropertyDataSet ;
-
-    access:policyDataSet :PublicDisplayFauxDataPropertyDataSet ;
-    access:policyDataSet :EditorDisplayFauxDataPropertyDataSet ;
-    access:policyDataSet :CuratorDisplayFauxDataPropertyDataSet ;
-    access:policyDataSet :AdminDisplayFauxDataPropertyDataSet ;
-
-    access:policyDataSet :EditorPublishObjectPropertyDataSet ;
-    access:policyDataSet :CuratorPublishObjectPropertyDataSet ;
-    access:policyDataSet :AdminPublishObjectPropertyDataSet ;
-
-    access:policyDataSet :EditorPublishDataPropertyDataSet ;
-    access:policyDataSet :CuratorPublishDataPropertyDataSet ;
-    access:policyDataSet :AdminPublishDataPropertyDataSet ;
-
-    access:policyDataSet :EditorPublishFauxObjectPropertyDataSet ;
-    access:policyDataSet :CuratorPublishFauxObjectPropertyDataSet ;
-    access:policyDataSet :AdminPublishFauxObjectPropertyDataSet ;
-
-    access:policyDataSet :EditorPublishFauxDataPropertyDataSet ;
-    access:policyDataSet :CuratorPublishFauxDataPropertyDataSet ;
-    access:policyDataSet :AdminPublishFauxDataPropertyDataSet ;
-
-    access:policyDataSet :PublicEditObjectPropertyDataSet ;
-    access:policyDataSet :EditorEditObjectPropertyDataSet ;
-    access:policyDataSet :CuratorEditObjectPropertyDataSet ;
-    access:policyDataSet :AdminEditObjectPropertyDataSet ;
-
-    access:policyDataSet :PublicAddObjectPropertyDataSet ;
-    access:policyDataSet :EditorAddObjectPropertyDataSet ;
-    access:policyDataSet :CuratorAddObjectPropertyDataSet ;
-    access:policyDataSet :AdminAddObjectPropertyDataSet ;
-
-    access:policyDataSet :PublicDropObjectPropertyDataSet ;
-    access:policyDataSet :EditorDropObjectPropertyDataSet ;
-    access:policyDataSet :CuratorDropObjectPropertyDataSet ;
-    access:policyDataSet :AdminDropObjectPropertyDataSet ;
-
-    access:policyDataSet :PublicEditDataPropertyDataSet ;
-    access:policyDataSet :EditorEditDataPropertyDataSet ;
-    access:policyDataSet :CuratorEditDataPropertyDataSet ;
-    access:policyDataSet :AdminEditDataPropertyDataSet ;
-
-    access:policyDataSet :PublicAddDataPropertyDataSet ;
-    access:policyDataSet :EditorAddDataPropertyDataSet ;
-    access:policyDataSet :CuratorAddDataPropertyDataSet ;
-    access:policyDataSet :AdminAddDataPropertyDataSet ;
-
-    access:policyDataSet :PublicDropDataPropertyDataSet ;
-    access:policyDataSet :EditorDropDataPropertyDataSet ;
-    access:policyDataSet :CuratorDropDataPropertyDataSet ;
-    access:policyDataSet :AdminDropDataPropertyDataSet ;
-
-    access:policyDataSet :PublicEditFauxObjectPropertyDataSet ;
-    access:policyDataSet :EditorEditFauxObjectPropertyDataSet ;
-    access:policyDataSet :CuratorEditFauxObjectPropertyDataSet ;
-    access:policyDataSet :AdminEditFauxObjectPropertyDataSet ;
-
-    access:policyDataSet :PublicAddFauxObjectPropertyDataSet ;
-    access:policyDataSet :EditorAddFauxObjectPropertyDataSet ;
-    access:policyDataSet :CuratorAddFauxObjectPropertyDataSet ;
-    access:policyDataSet :AdminAddFauxObjectPropertyDataSet ;
-
-    access:policyDataSet :PublicDropFauxObjectPropertyDataSet ;
-    access:policyDataSet :EditorDropFauxObjectPropertyDataSet ;
-    access:policyDataSet :CuratorDropFauxObjectPropertyDataSet ;
-    access:policyDataSet :AdminDropFauxObjectPropertyDataSet ;
-
-    access:policyDataSet :PublicEditFauxDataPropertyDataSet ;
-    access:policyDataSet :EditorEditFauxDataPropertyDataSet ;
-    access:policyDataSet :CuratorEditFauxDataPropertyDataSet ;
-    access:policyDataSet :AdminEditFauxDataPropertyDataSet ;
-
-    access:policyDataSet :PublicAddFauxDataPropertyDataSet ;
-    access:policyDataSet :EditorAddFauxDataPropertyDataSet ;
-    access:policyDataSet :CuratorAddFauxDataPropertyDataSet ;
-    access:policyDataSet :AdminAddFauxDataPropertyDataSet ;
-
-    access:policyDataSet :PublicDropFauxDataPropertyDataSet ;
-    access:policyDataSet :EditorDropFauxDataPropertyDataSet ;
-    access:policyDataSet :CuratorDropFauxDataPropertyDataSet ;
-    access:policyDataSet :AdminDropFauxDataPropertyDataSet ;
+    access:hasDataSet :PublicDisplayObjectPropertyDataSet ;
+    access:hasDataSet :EditorDisplayObjectPropertyDataSet ;
+    access:hasDataSet :CuratorDisplayObjectPropertyDataSet ;
+    access:hasDataSet :AdminDisplayObjectPropertyDataSet ;
+
+    access:hasDataSet :PublicDisplayDataPropertyDataSet ;
+    access:hasDataSet :EditorDisplayDataPropertyDataSet ;
+    access:hasDataSet :CuratorDisplayDataPropertyDataSet ;
+    access:hasDataSet :AdminDisplayDataPropertyDataSet ;
+
+    access:hasDataSet :PublicDisplayFauxObjectPropertyDataSet ;
+    access:hasDataSet :EditorDisplayFauxObjectPropertyDataSet ;
+    access:hasDataSet :CuratorDisplayFauxObjectPropertyDataSet ;
+    access:hasDataSet :AdminDisplayFauxObjectPropertyDataSet ;
+
+    access:hasDataSet :PublicDisplayFauxDataPropertyDataSet ;
+    access:hasDataSet :EditorDisplayFauxDataPropertyDataSet ;
+    access:hasDataSet :CuratorDisplayFauxDataPropertyDataSet ;
+    access:hasDataSet :AdminDisplayFauxDataPropertyDataSet ;
+
+    access:hasDataSet :EditorPublishObjectPropertyDataSet ;
+    access:hasDataSet :CuratorPublishObjectPropertyDataSet ;
+    access:hasDataSet :AdminPublishObjectPropertyDataSet ;
+
+    access:hasDataSet :EditorPublishDataPropertyDataSet ;
+    access:hasDataSet :CuratorPublishDataPropertyDataSet ;
+    access:hasDataSet :AdminPublishDataPropertyDataSet ;
+
+    access:hasDataSet :EditorPublishFauxObjectPropertyDataSet ;
+    access:hasDataSet :CuratorPublishFauxObjectPropertyDataSet ;
+    access:hasDataSet :AdminPublishFauxObjectPropertyDataSet ;
+
+    access:hasDataSet :EditorPublishFauxDataPropertyDataSet ;
+    access:hasDataSet :CuratorPublishFauxDataPropertyDataSet ;
+    access:hasDataSet :AdminPublishFauxDataPropertyDataSet ;
+
+    access:hasDataSet :PublicEditObjectPropertyDataSet ;
+    access:hasDataSet :EditorEditObjectPropertyDataSet ;
+    access:hasDataSet :CuratorEditObjectPropertyDataSet ;
+    access:hasDataSet :AdminEditObjectPropertyDataSet ;
+
+    access:hasDataSet :PublicAddObjectPropertyDataSet ;
+    access:hasDataSet :EditorAddObjectPropertyDataSet ;
+    access:hasDataSet :CuratorAddObjectPropertyDataSet ;
+    access:hasDataSet :AdminAddObjectPropertyDataSet ;
+
+    access:hasDataSet :PublicDropObjectPropertyDataSet ;
+    access:hasDataSet :EditorDropObjectPropertyDataSet ;
+    access:hasDataSet :CuratorDropObjectPropertyDataSet ;
+    access:hasDataSet :AdminDropObjectPropertyDataSet ;
+
+    access:hasDataSet :PublicEditDataPropertyDataSet ;
+    access:hasDataSet :EditorEditDataPropertyDataSet ;
+    access:hasDataSet :CuratorEditDataPropertyDataSet ;
+    access:hasDataSet :AdminEditDataPropertyDataSet ;
+
+    access:hasDataSet :PublicAddDataPropertyDataSet ;
+    access:hasDataSet :EditorAddDataPropertyDataSet ;
+    access:hasDataSet :CuratorAddDataPropertyDataSet ;
+    access:hasDataSet :AdminAddDataPropertyDataSet ;
+
+    access:hasDataSet :PublicDropDataPropertyDataSet ;
+    access:hasDataSet :EditorDropDataPropertyDataSet ;
+    access:hasDataSet :CuratorDropDataPropertyDataSet ;
+    access:hasDataSet :AdminDropDataPropertyDataSet ;
+
+    access:hasDataSet :PublicEditFauxObjectPropertyDataSet ;
+    access:hasDataSet :EditorEditFauxObjectPropertyDataSet ;
+    access:hasDataSet :CuratorEditFauxObjectPropertyDataSet ;
+    access:hasDataSet :AdminEditFauxObjectPropertyDataSet ;
+
+    access:hasDataSet :PublicAddFauxObjectPropertyDataSet ;
+    access:hasDataSet :EditorAddFauxObjectPropertyDataSet ;
+    access:hasDataSet :CuratorAddFauxObjectPropertyDataSet ;
+    access:hasDataSet :AdminAddFauxObjectPropertyDataSet ;
+
+    access:hasDataSet :PublicDropFauxObjectPropertyDataSet ;
+    access:hasDataSet :EditorDropFauxObjectPropertyDataSet ;
+    access:hasDataSet :CuratorDropFauxObjectPropertyDataSet ;
+    access:hasDataSet :AdminDropFauxObjectPropertyDataSet ;
+
+    access:hasDataSet :PublicEditFauxDataPropertyDataSet ;
+    access:hasDataSet :EditorEditFauxDataPropertyDataSet ;
+    access:hasDataSet :CuratorEditFauxDataPropertyDataSet ;
+    access:hasDataSet :AdminEditFauxDataPropertyDataSet ;
+
+    access:hasDataSet :PublicAddFauxDataPropertyDataSet ;
+    access:hasDataSet :EditorAddFauxDataPropertyDataSet ;
+    access:hasDataSet :CuratorAddFauxDataPropertyDataSet ;
+    access:hasDataSet :AdminAddFauxDataPropertyDataSet ;
+
+    access:hasDataSet :PublicDropFauxDataPropertyDataSet ;
+    access:hasDataSet :EditorDropFauxDataPropertyDataSet ;
+    access:hasDataSet :CuratorDropFauxDataPropertyDataSet ;
+    access:hasDataSet :AdminDropFauxDataPropertyDataSet ;
 
     access:hasDataSetTemplate :RoleDisplayObjectPropertyDataSetTemplate ;
     access:hasDataSetTemplate :RolePublishObjectPropertyDataSetTemplate ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 5aed6a5fcb..53203fb517 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -9,14 +9,14 @@
     access:hasRule :AllowMatchingPropertyStatement ;
     access:hasRule :AllowMatchingProperty ;
 
-    access:policyDataSet :SelfEditorDisplayObjectPropertyDataSet ;
-    access:policyDataSet :SelfEditorDisplayDataPropertyDataSet ;
-    access:policyDataSet :SelfEditorDisplayFauxObjectPropertyDataSet ;
-    access:policyDataSet :SelfEditorDisplayFauxDataPropertyDataSet ;
-    access:policyDataSet :SelfEditorPublishObjectPropertyDataSet ;
-    access:policyDataSet :SelfEditorPublishDataPropertyDataSet ;
-    access:policyDataSet :SelfEditorPublishFauxObjectPropertyDataSet ;
-    access:policyDataSet :SelfEditorPublishFauxDataPropertyDataSet ;
+    access:hasDataSet :SelfEditorDisplayObjectPropertyDataSet ;
+    access:hasDataSet :SelfEditorDisplayDataPropertyDataSet ;
+    access:hasDataSet :SelfEditorDisplayFauxObjectPropertyDataSet ;
+    access:hasDataSet :SelfEditorDisplayFauxDataPropertyDataSet ;
+    access:hasDataSet :SelfEditorPublishObjectPropertyDataSet ;
+    access:hasDataSet :SelfEditorPublishDataPropertyDataSet ;
+    access:hasDataSet :SelfEditorPublishFauxObjectPropertyDataSet ;
+    access:hasDataSet :SelfEditorPublishFauxDataPropertyDataSet ;
     .
 
 ### Display object property data sets
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index dd3e841f3e..44c5d16c7a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -6,7 +6,7 @@
 
 :PolicyTemplate a access:PolicyTemplate ;
     access:priority 8000 ;
-    access:policyDataSet :NotModifiableStatementsPolicyDataSet ;
+    access:hasDataSet :NotModifiableStatementsPolicyDataSet ;
     access:hasRule :RestrictObjectPropertyStatementsWithNotModifiablePredicate ;
     access:hasRule :RestrictObjectPropertyStatementsWithNotModifiableSubject ;
     access:hasRule :RestrictObjectPropertyStatementsWithNotModifiableObject ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 6dac1c9bd4..47fb74155a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -10,11 +10,11 @@
     access:priority 1000 ;
     access:hasRule :AllowSimplePermission ;
     access:hasDataSetTemplate :RoleDataSetTemplate ;
-    access:policyDataSet :PublicDataSet ;
-    access:policyDataSet :SelfEditorDataSet ;
-    access:policyDataSet :EditorDataSet ;
-    access:policyDataSet :CuratorDataSet ;
-    access:policyDataSet :AdminDataSet .
+    access:hasDataSet :PublicDataSet ;
+    access:hasDataSet :SelfEditorDataSet ;
+    access:hasDataSet :EditorDataSet ;
+    access:hasDataSet :CuratorDataSet ;
+    access:hasDataSet :AdminDataSet .
 
 #Role data set template
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 2922d85345..e409fae340 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -9,20 +9,20 @@
     access:hasRule :AllowMatchingPropertyStatement ;
     access:hasRule :AllowMatchingProperty ;
  
-    access:policyDataSet :SelfEditorAddObjectPropertyDataSet ;
-    access:policyDataSet :SelfEditorAddDataPropertyDataSet ;
-    access:policyDataSet :SelfEditorAddFauxObjectPropertyDataSet ;
-    access:policyDataSet :SelfEditorAddFauxDataPropertyDataSet ;
-
-    access:policyDataSet :SelfEditorEditObjectPropertyDataSet ;
-    access:policyDataSet :SelfEditorEditDataPropertyDataSet ;
-    access:policyDataSet :SelfEditorEditFauxObjectPropertyDataSet ;
-    access:policyDataSet :SelfEditorEditFauxDataPropertyDataSet ;
-
-    access:policyDataSet :SelfEditorDropObjectPropertyDataSet ;
-    access:policyDataSet :SelfEditorDropDataPropertyDataSet ;
-    access:policyDataSet :SelfEditorDropFauxObjectPropertyDataSet ;
-    access:policyDataSet :SelfEditorDropFauxDataPropertyDataSet ;
+    access:hasDataSet :SelfEditorAddObjectPropertyDataSet ;
+    access:hasDataSet :SelfEditorAddDataPropertyDataSet ;
+    access:hasDataSet :SelfEditorAddFauxObjectPropertyDataSet ;
+    access:hasDataSet :SelfEditorAddFauxDataPropertyDataSet ;
+
+    access:hasDataSet :SelfEditorEditObjectPropertyDataSet ;
+    access:hasDataSet :SelfEditorEditDataPropertyDataSet ;
+    access:hasDataSet :SelfEditorEditFauxObjectPropertyDataSet ;
+    access:hasDataSet :SelfEditorEditFauxDataPropertyDataSet ;
+
+    access:hasDataSet :SelfEditorDropObjectPropertyDataSet ;
+    access:hasDataSet :SelfEditorDropDataPropertyDataSet ;
+    access:hasDataSet :SelfEditorDropFauxObjectPropertyDataSet ;
+    access:hasDataSet :SelfEditorDropFauxDataPropertyDataSet ;
     .
 
 ### Add object property data sets
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 39a20a1689..1ac7e89b76 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -189,9 +189,9 @@
     rdfs:domain :Rule ;
     rdfs:range :Decision .    
 
-:policyDataSet a owl:ObjectProperty ;
-    rdfs:comment "Contain policy data set";
-    rdfs:label "policy data set"@en-US ;
+:hasDataSet a owl:ObjectProperty ;
+    rdfs:comment "Relates policy template to data set";
+    rdfs:label "has data set"@en-US ;
     rdfs:domain :PolicyTemplate ;
     rdfs:range :PolicyDataSet .
 

From 1164640ee10737e94aea8ec2066439dfe0ee706e Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 10:12:18 +0100
Subject: [PATCH 127/148] renamed PolicyDataSet to DataSet

---
 .../webapp/auth/rules/data_set_templates.n3   |   2 +-
 .../webapp/auth/rules/test_policy_broken5.n3  |   2 +-
 .../auth/rules/test_policy_broken_set.n3      |   4 +-
 .../auth/rules/test_policy_valid_set.n3       |   4 +-
 .../template_access_allowed_class.n3          |  28 ++--
 .../template_access_allowed_property.n3       | 152 +++++++++---------
 ...emplate_access_related_allowed_property.n3 |  16 +-
 .../template_not_modifiable_statements.n3     |   2 +-
 .../firsttime/template_simple_permissions.n3  |  10 +-
 ...emplate_update_related_allowed_property.n3 |  24 +--
 .../vitro-access-control-ontology.n3          |  14 +-
 11 files changed, 129 insertions(+), 129 deletions(-)

diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index ca7d445859..dd5affd4c7 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -65,7 +65,7 @@
     access:relatedCheck :TypeValueSet;
     access:containsElementsOfType access-individual:NamedObject .
 
-:PublicDataSet a access:PolicyDataSet ;
+:PublicDataSet a access:DataSet ;
     access:dataSetKey :PublicDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:PublicSimplePermissionValueSet .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index 5e107f07fb..894d3e443b 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -26,7 +26,7 @@ access-individual:BrokenAttribute2 rdf:type access:Check ;
     access:attribute access-individual:ObjectUri ;
     access:setValue access-individual:valueSet2 .
 
-access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
+access-individual:testDataSet1 rdf:type access:DataSet ;
     access:dataSetValues access-individual:valueSet1 .
 
 access-individual:valueSet1 rdf:type access:ValueSet ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index 1009c131ad..bab49392bf 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -29,10 +29,10 @@ access-individual:BrokenSetAttribute2 rdf:type access:Check ;
     access:values access-individual:valueSet2 ;
     .
 
-access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
+access-individual:testDataSet1 rdf:type access:DataSet ;
     access:dataSetValues access-individual:valueSet1 .
 
-access-individual:testDataSet2 rdf:type access:PolicyDataSet ;
+access-individual:testDataSet2 rdf:type access:DataSet ;
     access:dataSetValues access-individual:valueSet2 .
 
 access-individual:valueSet1 rdf:type access:ValueSet ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index f9f6a2ff5c..aa438a3b84 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -31,11 +31,11 @@ access-individual:ValidAttribute2 rdf:type access:Check ;
     access:values access-individual:valueSet2 ;
     .
 
-access-individual:testDataSet1 rdf:type access:PolicyDataSet ;
+access-individual:testDataSet1 rdf:type access:DataSet ;
     access:dataSetValues access-individual:valueSet2 ;
     access:dataSetValues access-individual:valueSet1 .
     
-access-individual:testDataSet2 rdf:type access:PolicyDataSet ;
+access-individual:testDataSet2 rdf:type access:DataSet ;
     access:dataSetValues access-individual:valueSet3 ;
     access:dataSetValues access-individual:valueSet4 .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 96f6b99186..bb7784ca6b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -113,7 +113,7 @@
 
 ### Public display class uri data sets
 
-:PublicDisplayClassDataSet a access:PolicyDataSet ;
+:PublicDisplayClassDataSet a access:DataSet ;
     access:dataSetKey :PublicDisplayClassDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -127,7 +127,7 @@
 
 ### Self editor display class uri data sets
 
-:SelfEditorDisplayClassDataSet a access:PolicyDataSet ;
+:SelfEditorDisplayClassDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorDisplayClassDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -141,7 +141,7 @@
 
 ### Editor display class uri data sets
 
-:EditorDisplayClassDataSet a access:PolicyDataSet ;
+:EditorDisplayClassDataSet a access:DataSet ;
     access:dataSetKey :EditorDisplayClassDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -155,7 +155,7 @@
 
 ### Curator display class uri data sets
 
-:CuratorDisplayClassDataSet a access:PolicyDataSet ;
+:CuratorDisplayClassDataSet a access:DataSet ;
     access:dataSetKey :CuratorDisplayClassDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -169,7 +169,7 @@
 
 ### Admin display class uri data sets
 
-:AdminDisplayClassDataSet a access:PolicyDataSet ;
+:AdminDisplayClassDataSet a access:DataSet ;
     access:dataSetKey :AdminDisplayClassDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -183,7 +183,7 @@
 
 ### Public update class uri data sets
 
-:PublicUpdateClassDataSet a access:PolicyDataSet ;
+:PublicUpdateClassDataSet a access:DataSet ;
     access:dataSetKey :PublicUpdateClassDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -197,7 +197,7 @@
 
 ### Self editor update class uri data sets
 
-:SelfEditorUpdateClassDataSet a access:PolicyDataSet ;
+:SelfEditorUpdateClassDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorUpdateClassDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -211,7 +211,7 @@
 
 ### Editor update class uri data sets
 
-:EditorUpdateClassDataSet a access:PolicyDataSet ;
+:EditorUpdateClassDataSet a access:DataSet ;
     access:dataSetKey :EditorUpdateClassDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -225,7 +225,7 @@
 
 ### Curator update class uri data sets
 
-:CuratorUpdateClassDataSet a access:PolicyDataSet ;
+:CuratorUpdateClassDataSet a access:DataSet ;
     access:dataSetKey :CuratorUpdateClassDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -239,7 +239,7 @@
 
 ### Admin update class uri data sets
 
-:AdminUpdateClassDataSet a access:PolicyDataSet ;
+:AdminUpdateClassDataSet a access:DataSet ;
     access:dataSetKey :AdminUpdateClassDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -253,7 +253,7 @@
 
 ### Self editor publish class uri data sets
 
-:SelfEditorPublishClassDataSet a access:PolicyDataSet ;
+:SelfEditorPublishClassDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorPublishClassDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -267,7 +267,7 @@
 
 ### Editor publish class uri data sets
 
-:EditorPublishClassDataSet a access:PolicyDataSet ;
+:EditorPublishClassDataSet a access:DataSet ;
     access:dataSetKey :EditorPublishClassDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -281,7 +281,7 @@
 
 ### Curator publish class uri data sets
 
-:CuratorPublishClassDataSet a access:PolicyDataSet ;
+:CuratorPublishClassDataSet a access:DataSet ;
     access:dataSetKey :CuratorPublishClassDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
@@ -295,7 +295,7 @@
 
 ### Admin publish class uri data sets
 
-:AdminPublishClassDataSet a access:PolicyDataSet ;
+:AdminPublishClassDataSet a access:DataSet ;
     access:dataSetKey :AdminPublishClassDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index 4c9a159d72..cfe20b88cb 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -717,7 +717,7 @@
 
 ### Drop faux data property data sets
 
-:PublicDropFauxDataPropertyDataSet a access:PolicyDataSet ;
+:PublicDropFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicDropFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -730,7 +730,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
-:EditorDropFauxDataPropertyDataSet a access:PolicyDataSet ;
+:EditorDropFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorDropFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -743,7 +743,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
-:CuratorDropFauxDataPropertyDataSet a access:PolicyDataSet ;
+:CuratorDropFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorDropFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -756,7 +756,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
-:AdminDropFauxDataPropertyDataSet a access:PolicyDataSet ;
+:AdminDropFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminDropFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -771,7 +771,7 @@
 
 ### Add faux data property data sets
 
-:PublicAddFauxDataPropertyDataSet a access:PolicyDataSet ;
+:PublicAddFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicAddFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -784,7 +784,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
-:EditorAddFauxDataPropertyDataSet a access:PolicyDataSet ;
+:EditorAddFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorAddFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -797,7 +797,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
-:CuratorAddFauxDataPropertyDataSet a access:PolicyDataSet ;
+:CuratorAddFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorAddFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -810,7 +810,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
-:AdminAddFauxDataPropertyDataSet a access:PolicyDataSet ;
+:AdminAddFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminAddFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -825,7 +825,7 @@
 
 ### Edit faux data property data sets
 
-:PublicEditFauxDataPropertyDataSet a access:PolicyDataSet ;
+:PublicEditFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicEditFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -838,7 +838,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
-:EditorEditFauxDataPropertyDataSet a access:PolicyDataSet ;
+:EditorEditFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorEditFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -851,7 +851,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
-:CuratorEditFauxDataPropertyDataSet a access:PolicyDataSet ;
+:CuratorEditFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorEditFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -864,7 +864,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
-:AdminEditFauxDataPropertyDataSet a access:PolicyDataSet ;
+:AdminEditFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminEditFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -879,7 +879,7 @@
 
 ### Drop faux object property data sets
 
-:PublicDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:PublicDropFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicDropFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -892,7 +892,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
-:EditorDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:EditorDropFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorDropFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -905,7 +905,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
-:CuratorDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:CuratorDropFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorDropFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -918,7 +918,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
-:AdminDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:AdminDropFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminDropFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -933,7 +933,7 @@
 
 ### Add faux object property data sets
 
-:PublicAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:PublicAddFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicAddFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -946,7 +946,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
-:EditorAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:EditorAddFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorAddFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -959,7 +959,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
-:CuratorAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:CuratorAddFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorAddFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -972,7 +972,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
-:AdminAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:AdminAddFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminAddFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -987,7 +987,7 @@
 
 ### Edit faux object property data sets
 
-:PublicEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:PublicEditFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicEditFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -1000,7 +1000,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
-:EditorEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:EditorEditFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorEditFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -1013,7 +1013,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
-:CuratorEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:CuratorEditFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorEditFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -1026,7 +1026,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
-:AdminEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:AdminEditFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminEditFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -1041,7 +1041,7 @@
 
 ### Drop data property data sets
 
-:PublicDropDataPropertyDataSet a access:PolicyDataSet ;
+:PublicDropDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicDropDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1054,7 +1054,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
-:EditorDropDataPropertyDataSet a access:PolicyDataSet ;
+:EditorDropDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorDropDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1067,7 +1067,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
-:CuratorDropDataPropertyDataSet a access:PolicyDataSet ;
+:CuratorDropDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorDropDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1080,7 +1080,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
-:AdminDropDataPropertyDataSet a access:PolicyDataSet ;
+:AdminDropDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminDropDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1095,7 +1095,7 @@
 
 ### Add data property data sets
 
-:PublicAddDataPropertyDataSet a access:PolicyDataSet ;
+:PublicAddDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicAddDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1108,7 +1108,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
-:EditorAddDataPropertyDataSet a access:PolicyDataSet ;
+:EditorAddDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorAddDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1121,7 +1121,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
-:CuratorAddDataPropertyDataSet a access:PolicyDataSet ;
+:CuratorAddDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorAddDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1134,7 +1134,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
-:AdminAddDataPropertyDataSet a access:PolicyDataSet ;
+:AdminAddDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminAddDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1149,7 +1149,7 @@
 
 ### Edit data property data sets
 
-:PublicEditDataPropertyDataSet a access:PolicyDataSet ;
+:PublicEditDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicEditDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1162,7 +1162,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
-:EditorEditDataPropertyDataSet a access:PolicyDataSet ;
+:EditorEditDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorEditDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1175,7 +1175,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
-:CuratorEditDataPropertyDataSet a access:PolicyDataSet ;
+:CuratorEditDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorEditDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1188,7 +1188,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
-:AdminEditDataPropertyDataSet a access:PolicyDataSet ;
+:AdminEditDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminEditDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1203,7 +1203,7 @@
 
 ### Drop object property data sets
 
-:PublicDropObjectPropertyDataSet a access:PolicyDataSet ;
+:PublicDropObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicDropObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1216,7 +1216,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
-:EditorDropObjectPropertyDataSet a access:PolicyDataSet ;
+:EditorDropObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorDropObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1229,7 +1229,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
-:CuratorDropObjectPropertyDataSet a access:PolicyDataSet ;
+:CuratorDropObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorDropObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1242,7 +1242,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DropOperation .
 
-:AdminDropObjectPropertyDataSet a access:PolicyDataSet ;
+:AdminDropObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminDropObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1257,7 +1257,7 @@
 
 ### Add object property data sets
 
-:PublicAddObjectPropertyDataSet a access:PolicyDataSet ;
+:PublicAddObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicAddObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1270,7 +1270,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
-:EditorAddObjectPropertyDataSet a access:PolicyDataSet ;
+:EditorAddObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorAddObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1283,7 +1283,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
-:CuratorAddObjectPropertyDataSet a access:PolicyDataSet ;
+:CuratorAddObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorAddObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1296,7 +1296,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:AddOperation .
 
-:AdminAddObjectPropertyDataSet a access:PolicyDataSet ;
+:AdminAddObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminAddObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1311,7 +1311,7 @@
 
 ### Edit object property data sets
 
-:PublicEditObjectPropertyDataSet a access:PolicyDataSet ;
+:PublicEditObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicEditObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1324,7 +1324,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
-:EditorEditObjectPropertyDataSet a access:PolicyDataSet ;
+:EditorEditObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorEditObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1337,7 +1337,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
-:CuratorEditObjectPropertyDataSet a access:PolicyDataSet ;
+:CuratorEditObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorEditObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1350,7 +1350,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:EditOperation .
 
-:AdminEditObjectPropertyDataSet a access:PolicyDataSet ;
+:AdminEditObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminEditObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1366,7 +1366,7 @@
 
 ### Display object property data sets
 
-:PublicDisplayObjectPropertyDataSet a access:PolicyDataSet ;
+:PublicDisplayObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicDisplayObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1379,7 +1379,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
-:EditorDisplayObjectPropertyDataSet a access:PolicyDataSet ;
+:EditorDisplayObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorDisplayObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1392,7 +1392,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
-:CuratorDisplayObjectPropertyDataSet a access:PolicyDataSet ;
+:CuratorDisplayObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorDisplayObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1405,7 +1405,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
-:AdminDisplayObjectPropertyDataSet a access:PolicyDataSet ;
+:AdminDisplayObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminDisplayObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1420,7 +1420,7 @@
 
 ### Display data property data sets
 
-:PublicDisplayDataPropertyDataSet a access:PolicyDataSet ;
+:PublicDisplayDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicDisplayDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1433,7 +1433,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
-:EditorDisplayDataPropertyDataSet a access:PolicyDataSet ;
+:EditorDisplayDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorDisplayDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1446,7 +1446,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
-:CuratorDisplayDataPropertyDataSet a access:PolicyDataSet ;
+:CuratorDisplayDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorDisplayDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1459,7 +1459,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
-:AdminDisplayDataPropertyDataSet a access:PolicyDataSet ;
+:AdminDisplayDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminDisplayDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1474,7 +1474,7 @@
 
 ### Display faux object property data sets
 
-:PublicDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:PublicDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicDisplayFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -1487,7 +1487,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
-:EditorDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:EditorDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorDisplayFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -1500,7 +1500,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
-:CuratorDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:CuratorDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorDisplayFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -1513,7 +1513,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
-:AdminDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:AdminDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminDisplayFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -1528,7 +1528,7 @@
 
 ### Display faux data property data sets
 
-:PublicDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
+:PublicDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :PublicDisplayFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -1541,7 +1541,7 @@
     access:keyComponent access-individual:PublicRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
-:EditorDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
+:EditorDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorDisplayFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -1554,7 +1554,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
-:CuratorDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
+:CuratorDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorDisplayFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -1567,7 +1567,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:DisplayOperation .
 
-:AdminDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
+:AdminDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminDisplayFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -1582,7 +1582,7 @@
 
 ### Publish object property data sets
 
-:EditorPublishObjectPropertyDataSet a access:PolicyDataSet ;
+:EditorPublishObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorPublishObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1595,7 +1595,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
-:CuratorPublishObjectPropertyDataSet a access:PolicyDataSet ;
+:CuratorPublishObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorPublishObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1608,7 +1608,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
-:AdminPublishObjectPropertyDataSet a access:PolicyDataSet ;
+:AdminPublishObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminPublishObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -1623,7 +1623,7 @@
 
 ### Publish data property data sets
 
-:EditorPublishDataPropertyDataSet a access:PolicyDataSet ;
+:EditorPublishDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorPublishDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1636,7 +1636,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
-:CuratorPublishDataPropertyDataSet a access:PolicyDataSet ;
+:CuratorPublishDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorPublishDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1649,7 +1649,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
-:AdminPublishDataPropertyDataSet a access:PolicyDataSet ;
+:AdminPublishDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminPublishDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -1664,7 +1664,7 @@
 
 ### Publish faux object property data sets
 
-:EditorPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:EditorPublishFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorPublishFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -1677,7 +1677,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
-:CuratorPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:CuratorPublishFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorPublishFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -1690,7 +1690,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
-:AdminPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:AdminPublishFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminPublishFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -1705,7 +1705,7 @@
 
 ### Publish faux data property data sets
 
-:EditorPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
+:EditorPublishFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :EditorPublishFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -1718,7 +1718,7 @@
     access:keyComponent access-individual:EditorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
-:CuratorPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
+:CuratorPublishFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :CuratorPublishFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -1731,7 +1731,7 @@
     access:keyComponent access-individual:CuratorRoleUri ;
     access:keyComponent access-individual:PublishOperation .
 
-:AdminPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
+:AdminPublishFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :AdminPublishFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 53203fb517..e96dcc5477 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -21,7 +21,7 @@
 
 ### Display object property data sets
 
-:SelfEditorDisplayObjectPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorDisplayObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorDisplayObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -36,7 +36,7 @@
 
 ### Display data property data sets
 
-:SelfEditorDisplayDataPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorDisplayDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorDisplayDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -51,7 +51,7 @@
 
 ### Display faux object property data sets
 
-:SelfEditorDisplayFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorDisplayFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -66,7 +66,7 @@
 
 ### Display faux data property data sets
 
-:SelfEditorDisplayFauxDataPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorDisplayFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -81,7 +81,7 @@
 
 ### Publish object property data sets
 
-:SelfEditorPublishObjectPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorPublishObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorPublishObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -96,7 +96,7 @@
 
 ### Publish data property data sets
 
-:SelfEditorPublishDataPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorPublishDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorPublishDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -111,7 +111,7 @@
 
 ### Publish faux object property data sets
 
-:SelfEditorPublishFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorPublishFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorPublishFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -126,7 +126,7 @@
 
 ### Publish faux data property data sets
 
-:SelfEditorPublishFauxDataPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorPublishFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorPublishFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index 44c5d16c7a..9fa52cbeb8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -85,7 +85,7 @@
     access:attribute access-individual:StatementObjectUri ;
     access:values :ProhibitedNamespaceExceptionsValueSet .
 
-:NotModifiableStatementsPolicyDataSet a access:PolicyDataSet ;
+:NotModifiableStatementsPolicyDataSet a access:DataSet ;
     access:dataSetValues :ProhibitedNamespaceExceptionsValueSet ;
     access:dataSetValues :ProhibitedNamespaceValueSet .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 47fb74155a..384a3636b0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -44,7 +44,7 @@
 
 #Data sets
 
-:PublicDataSet a access:PolicyDataSet ;
+:PublicDataSet a access:DataSet ;
     access:dataSetKey :PublicDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues :PublicSimplePermissionValueSet .
@@ -54,7 +54,7 @@
     access:keyComponent access-individual:ExecuteOperation ;
     access:keyComponent access-individual:PublicRoleUri .
 
-:SelfEditorDataSet a access:PolicyDataSet ;
+:SelfEditorDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues :SelfEditorSimplePermissionValueSet .
@@ -64,7 +64,7 @@
     access:keyComponent access-individual:ExecuteOperation ;
     access:keyComponent access-individual:SelfEditorRoleUri .
 
-:EditorDataSet a access:PolicyDataSet ;
+:EditorDataSet a access:DataSet ;
     access:dataSetKey :EditorDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues :EditorSimplePermissionValueSet .
@@ -74,7 +74,7 @@
     access:keyComponent access-individual:ExecuteOperation ;
     access:keyComponent access-individual:EditorRoleUri .
 
-:CuratorDataSet a access:PolicyDataSet ;
+:CuratorDataSet a access:DataSet ;
     access:dataSetKey :CuratorDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues :CuratorSimplePermissionValueSet .
@@ -84,7 +84,7 @@
     access:keyComponent access-individual:ExecuteOperation ;
     access:keyComponent access-individual:CuratorRoleUri .
 
-:AdminDataSet a access:PolicyDataSet ;
+:AdminDataSet a access:DataSet ;
     access:dataSetKey :AdminDataSetKey  ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues :AdminSimplePermissionValueSet .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index e409fae340..20428b3fcc 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -27,7 +27,7 @@
 
 ### Add object property data sets
 
-:SelfEditorAddObjectPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorAddObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorAddObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -42,7 +42,7 @@
 
 ### Add data property data sets
 
-:SelfEditorAddDataPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorAddDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorAddDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -57,7 +57,7 @@
 
 ### Add faux object property data sets
 
-:SelfEditorAddFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorAddFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorAddFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -72,7 +72,7 @@
 
 ### Add faux data property data sets
 
-:SelfEditorAddFauxDataPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorAddFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorAddFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -87,7 +87,7 @@
 
 ### Drop object property data sets
 
-:SelfEditorDropObjectPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorDropObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorDropObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -102,7 +102,7 @@
 
 ### Drop data property data sets
 
-:SelfEditorDropDataPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorDropDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorDropDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -117,7 +117,7 @@
 
 ### Drop faux object property data sets
 
-:SelfEditorDropFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorDropFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorDropFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -132,7 +132,7 @@
 
 ### Drop faux data property data sets
 
-:SelfEditorDropFauxDataPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorDropFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorDropFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
@@ -147,7 +147,7 @@
 
 ### Edit object property data sets
 
-:SelfEditorEditObjectPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorEditObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorEditObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
@@ -162,7 +162,7 @@
 
 ### Edit data property data sets
 
-:SelfEditorEditDataPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorEditDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorEditDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
@@ -177,7 +177,7 @@
 
 ### Edit faux object property data sets
 
-:SelfEditorEditFauxObjectPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorEditFauxObjectPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorEditFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
@@ -192,7 +192,7 @@
 
 ### Edit faux data property data sets
 
-:SelfEditorEditFauxDataPropertyDataSet a access:PolicyDataSet ;
+:SelfEditorEditFauxDataPropertyDataSet a access:DataSet ;
     access:dataSetKey :SelfEditorEditFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 1ac7e89b76..d860c5c498 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -19,9 +19,9 @@
     rdfs:comment "Policy to define access rules" ; 
     rdfs:label "Policy"@en-US .
 
-:PolicyDataSet a owl:Class ;
+:DataSet a owl:Class ;
     rdfs:comment "Data set to load policy instance with values defined in it. Contains value sets used by checks. While loading policy from data set value containers not specified in current data set are ignored (not used by checks)." ;
-    rdfs:label "Policy dataset"@en-US .
+    rdfs:label "Dataset"@en-US .
 
 :ValueSet a owl:Class ;
     rdfs:comment "Container for values" ; 
@@ -102,9 +102,9 @@
 
 :priority a owl:DatatypeProperty ,
     owl:FunctionalProperty ;
-    rdfs:comment "Set priority to :Policy, :PolicyTemplate or :PolicyDataSet";
+    rdfs:comment "Set priority to :Policy, :PolicyTemplate or :DataSet";
     rdfs:range xsd:integer ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Policy :PolicyTemplate :PolicyDataSet ) ] ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :Policy :PolicyTemplate :DataSet ) ] ;
     rdfs:label "priority"@en-US . 
     
 :version a owl:DatatypeProperty ,
@@ -119,7 +119,7 @@
 :dataSetValues a owl:ObjectProperty ;
     rdfs:comment "Data set/data set template contains value set";
     rdfs:label "data set values"@en-US ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( :DataSetTemplate :PolicyDataSet ) ] ;
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :DataSetTemplate :DataSet ) ] ;
     rdfs:range :ValueSet .
 
 :value a owl:ObjectProperty ;
@@ -193,7 +193,7 @@
     rdfs:comment "Relates policy template to data set";
     rdfs:label "has data set"@en-US ;
     rdfs:domain :PolicyTemplate ;
-    rdfs:range :PolicyDataSet .
+    rdfs:range :DataSet .
 
 :hasRule a owl:ObjectProperty ;
     rdfs:comment "Assgins a rule to a policy or policy template";
@@ -204,7 +204,7 @@
 :dataSetKey a owl:ObjectProperty ;
     rdfs:comment "Assign data set template to policy data set";
     rdfs:label "data set key"@en-US ;
-    rdfs:domain :PolicyDataSet ;
+    rdfs:domain :DataSet ;
     rdfs:range :DataSetKey .
 
 :dataSetKeyTemplate a owl:ObjectProperty ;

From c72fa706b7e1f5bf450cbe96d1f62b8b55652d85 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 10:29:25 +0100
Subject: [PATCH 128/148] renamed :dataSetTemplateKey to hasDataSetTemplateKey

---
 .../webapp/auth/policy/PolicyLoader.java      |  2 +-
 .../webapp/auth/rules/data_set_templates.n3   |  4 +-
 .../template_access_allowed_class.n3          |  6 +--
 .../template_access_allowed_property.n3       | 40 +++++++++----------
 .../firsttime/template_simple_permissions.n3  |  2 +-
 .../vitro-access-control-ontology.n3          |  4 +-
 6 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 86a651b251..6540509a13 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -213,7 +213,7 @@ public class PolicyLoader {
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?policyTemplate access:hasDataSetTemplate ?dataSetTemplate .\n"
-            + "    ?dataSetTemplate access:dataSetTemplateKey ?dataSetTemplateKey .\n"
+            + "    ?dataSetTemplate access:hasDataSetTemplateKey ?dataSetTemplateKey .\n"
             + "    ?dataSetTemplateKey access:templateKey access-individual:SubjectRole .\n"
             + "    ?dataSetTemplateKey access:templateKey ?key .\n"
             + "  }\n"
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index dd5affd4c7..f208f5c578 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -19,7 +19,7 @@
 
 
 :RoleDataSetTemplate1 a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleDataSetTemplateKey1 ;
+    access:hasDataSetTemplateKey :RoleDataSetTemplateKey1 ;
     access:dataSetKeyTemplate :RoleDataSetKeyTemplate1 ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValueTemplate :RoleValueSetTemplate1 ;
@@ -45,7 +45,7 @@
 
 
 :RoleDataSetTemplate2 a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleDataSetTemplateKey2 ;
+    access:hasDataSetTemplateKey :RoleDataSetTemplateKey2 ;
     access:dataSetKeyTemplate :RoleDataSetKeyTemplate2 ;
     access:dataSetValueTemplate :RoleValueSetTemplate2 ;
     access:dataSetValueTemplate :RolePermissionValueSetTemplate2 .  
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index bb7784ca6b..e2655abee0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -33,7 +33,7 @@
 #Role Display Class data set template
 
 :RoleDisplayClassDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleDisplayClassDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleDisplayClassDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDisplayClassDataSetKeyTemplate ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:DisplayOperationValueSet ;
@@ -60,7 +60,7 @@
 #Role Update Class data set template
 
 :RoleUpdateClassDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleUpdateClassDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleUpdateClassDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleUpdateClassDataSetKeyTemplate ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:UpdateOperationValueSet ;
@@ -87,7 +87,7 @@
 #Role Publish Class data set template
 
 :RolePublishClassDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RolePublishClassDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RolePublishClassDataSetTemplateKey ;
     access:dataSetKeyTemplate :RolePublishClassDataSetKeyTemplate ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:PublishOperationValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index cfe20b88cb..b79824c9c7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -136,7 +136,7 @@
 #Role DisplayObjectProperty data set template
 
 :RoleDisplayObjectPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleDisplayObjectPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleDisplayObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDisplayObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -165,7 +165,7 @@
 #Role PublishObjectProperty data set template
 
 :RolePublishObjectPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RolePublishObjectPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RolePublishObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RolePublishObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -194,7 +194,7 @@
 #Role AddObjectProperty data set template
 
 :RoleAddObjectPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleAddObjectPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleAddObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleAddObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -223,7 +223,7 @@
 #Role DropObjectProperty data set template
 
 :RoleDropObjectPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleDropObjectPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleDropObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDropObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -252,7 +252,7 @@
 #Role EditObjectProperty data set template
 
 :RoleEditObjectPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleEditObjectPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleEditObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleEditObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -281,7 +281,7 @@
 #Role DisplayDataProperty data set template
 
 :RoleDisplayDataPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleDisplayDataPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleDisplayDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDisplayDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -310,7 +310,7 @@
 #Role PublishDataProperty data set template
 
 :RolePublishDataPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RolePublishDataPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RolePublishDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RolePublishDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -339,7 +339,7 @@
 #Role AddDataProperty data set template
 
 :RoleAddDataPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleAddDataPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleAddDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleAddDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -368,7 +368,7 @@
 #Role DropDataProperty data set template
 
 :RoleDropDataPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleDropDataPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleDropDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDropDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -397,7 +397,7 @@
 #Role EditDataProperty data set template
 
 :RoleEditDataPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleEditDataPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleEditDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleEditDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -426,7 +426,7 @@
 #Role DisplayFauxObjectProperty data set template
 
 :RoleDisplayFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleDisplayFauxObjectPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleDisplayFauxObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDisplayFauxObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -455,7 +455,7 @@
 #Role PublishFauxObjectProperty data set template
 
 :RolePublishFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RolePublishFauxObjectPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RolePublishFauxObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RolePublishFauxObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -484,7 +484,7 @@
 #Role AddFauxObjectProperty data set template
 
 :RoleAddFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleAddFauxObjectPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleAddFauxObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleAddFauxObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -513,7 +513,7 @@
 #Role DropFauxObjectProperty data set template
 
 :RoleDropFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleDropFauxObjectPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleDropFauxObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDropFauxObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -542,7 +542,7 @@
 #Role EditFauxObjectProperty data set template
 
 :RoleEditFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleEditFauxObjectPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleEditFauxObjectPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleEditFauxObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -571,7 +571,7 @@
 #Role DisplayFauxDataProperty data set template
 
 :RoleDisplayFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleDisplayFauxDataPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleDisplayFauxDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDisplayFauxDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -600,7 +600,7 @@
 #Role PublishFauxDataProperty data set template
 
 :RolePublishFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RolePublishFauxDataPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RolePublishFauxDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RolePublishFauxDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -629,7 +629,7 @@
 #Role AddFauxDataProperty data set template
 
 :RoleAddFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleAddFauxDataPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleAddFauxDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleAddFauxDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -658,7 +658,7 @@
 #Role DropFauxDataProperty data set template
 
 :RoleDropFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleDropFauxDataPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleDropFauxDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDropFauxDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -687,7 +687,7 @@
 #Role EditFauxDataProperty data set template
 
 :RoleEditFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleEditFauxDataPropertyDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleEditFauxDataPropertyDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleEditFauxDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 384a3636b0..0015d2520d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -19,7 +19,7 @@
 #Role data set template
 
 :RoleDataSetTemplate a access:DataSetTemplate ;
-    access:dataSetTemplateKey :RoleDataSetTemplateKey ;
+    access:hasDataSetTemplateKey :RoleDataSetTemplateKey ;
     access:dataSetKeyTemplate :RoleDataSetKeyTemplate ;
     access:dataSetValueTemplate :RoleValueSetTemplate ;
     access:dataSetValueTemplate :RolePermissionValueSetTemplate .  
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index d860c5c498..a6f9f287e7 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -158,10 +158,10 @@
     rdfs:domain :ValueSetTemplate ;
     rdfs:range :Check .
 
-:dataSetTemplateKey a owl:ObjectProperty, 
+:hasDataSetTemplateKey a owl:ObjectProperty, 
     owl:FunctionalProperty ;
     rdfs:comment "Specify data set template key";
-    rdfs:label "data set template key"@en-US ;
+    rdfs:label "has data set template key"@en-US ;
     rdfs:domain :DataSetTemplate ;
     rdfs:range :DataSetTemplateKey .
 

From 9cdd825774b7f54d698da0e656e386f37d9259bb Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 10:32:51 +0100
Subject: [PATCH 129/148] renamed :dataSetKey to hasDataSetKey and
 :dataSetKeyTemplate to :hasDataSetKeyTemplate

---
 .../webapp/auth/policy/PolicyLoader.java      |  10 +-
 .../auth/policy/PolicyTemplateController.java |   2 +-
 .../webapp/auth/rules/data_set_templates.n3   |   6 +-
 .../template_access_allowed_class.n3          |  34 ++--
 .../template_access_allowed_property.n3       | 192 +++++++++---------
 ...emplate_access_related_allowed_property.n3 |  16 +-
 .../firsttime/template_simple_permissions.n3  |  12 +-
 ...emplate_update_related_allowed_property.n3 |  24 +--
 .../vitro-access-control-ontology.n3          |   4 +-
 9 files changed, 150 insertions(+), 150 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 6540509a13..a0abed6e98 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -178,7 +178,7 @@ public class PolicyLoader {
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "  ?" + POLICY + " access:hasDataSet ?dataSet .\n"
-            + "  ?dataSet access:dataSetKey ?dataSetKeyUri .\n"
+            + "  ?dataSet access:hasDataSetKey ?dataSetKeyUri .\n"
             + "  ?dataSet access:dataSetValues ?valueSet .\n"
             + "  ?valueSet access:containsElementsOfType ?setElementsType .\n"
             + "  ?setElementsType access:id ?setElementsId .\n"
@@ -198,7 +198,7 @@ public class PolicyLoader {
             + "}\n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "  ?dataSet access:dataSetKey ?dataSetKeyUri .\n"
+            + "  ?dataSet access:hasDataSetKey ?dataSetKeyUri .\n"
             + "  ?" + POLICY + " access:hasDataSet ?dataSet . \n"
             + "  ?dataSet access:dataSetValues ?valueSet . \n"
             + "  ?valueSet access:containsElementsOfType ?setElementsTypeUri . \n"
@@ -225,7 +225,7 @@ public class PolicyLoader {
             + "SELECT ?keyComponent \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSetTemplate access:dataSetKeyTemplate ?dataSetKeyTemplate .\n"
+            + "    ?dataSetTemplate access:hasDataSetKeyTemplate ?dataSetKeyTemplate .\n"
             + "    ?dataSetKeyTemplate access:keyComponent ?keyComponent .\n"
             + "  }\n"
             + "}\n";
@@ -235,7 +235,7 @@ public class PolicyLoader {
             + "SELECT ?keyComponent ?id ?type \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSet access:dataSetKey ?dataSetKey ."
+            + "    ?dataSet access:hasDataSetKey ?dataSetKey ."
             + "    ?dataSetKey access:keyComponent ?keyComponent .\n"
             + "    OPTIONAL {\n"
             + "      ?keyComponent access:id ?id .\n"
@@ -260,7 +260,7 @@ public class PolicyLoader {
             + "SELECT ?keyComponentTemplate \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSetTemplate access:dataSetKeyTemplate ?dataSetKeyTemplate .\n"
+            + "    ?dataSetTemplate access:hasDataSetKeyTemplate ?dataSetKeyTemplate .\n"
             + "    ?dataSetKeyTemplate access:keyComponentTemplate ?keyComponentTemplate .\n"
             + "  }\n"
             + "}\n";
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
index 85f3df46e4..0afb4a746d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -60,7 +60,7 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
                 dataSetModel.createResource(AUTH_VOCABULARY_PREFIX + "PolicyDataSet")));
 
         dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
-                dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "dataSetKey"),
+                dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "hasDataSetKey"),
                 dataSetModel.createResource(dataSetKeyUri)));
 
         for (String key : keys) {
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index f208f5c578..35b9144f5d 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -20,7 +20,7 @@
 
 :RoleDataSetTemplate1 a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDataSetTemplateKey1 ;
-    access:dataSetKeyTemplate :RoleDataSetKeyTemplate1 ;
+    access:hasDataSetKeyTemplate :RoleDataSetKeyTemplate1 ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValueTemplate :RoleValueSetTemplate1 ;
     access:dataSetValueTemplate :RolePermissionValueSetTemplate1 .  
@@ -46,7 +46,7 @@
 
 :RoleDataSetTemplate2 a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDataSetTemplateKey2 ;
-    access:dataSetKeyTemplate :RoleDataSetKeyTemplate2 ;
+    access:hasDataSetKeyTemplate :RoleDataSetKeyTemplate2 ;
     access:dataSetValueTemplate :RoleValueSetTemplate2 ;
     access:dataSetValueTemplate :RolePermissionValueSetTemplate2 .  
 
@@ -66,7 +66,7 @@
     access:containsElementsOfType access-individual:NamedObject .
 
 :PublicDataSet a access:DataSet ;
-    access:dataSetKey :PublicDataSetKey ;
+    access:hasDataSetKey :PublicDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:PublicSimplePermissionValueSet .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index e2655abee0..aa8584390f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -34,7 +34,7 @@
 
 :RoleDisplayClassDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDisplayClassDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleDisplayClassDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleDisplayClassDataSetKeyTemplate ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:DisplayOperationValueSet ;
     access:dataSetValueTemplate :RoleDisplayClassRoleValueSetTemplate ;
@@ -61,7 +61,7 @@
 
 :RoleUpdateClassDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleUpdateClassDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleUpdateClassDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleUpdateClassDataSetKeyTemplate ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:UpdateOperationValueSet ;
     access:dataSetValueTemplate :RoleUpdateClassRoleValueSetTemplate ;
@@ -88,7 +88,7 @@
 
 :RolePublishClassDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RolePublishClassDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RolePublishClassDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RolePublishClassDataSetKeyTemplate ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:PublishOperationValueSet ;
     access:dataSetValueTemplate :RolePublishClassRoleValueSetTemplate ;
@@ -114,7 +114,7 @@
 ### Public display class uri data sets
 
 :PublicDisplayClassDataSet a access:DataSet ;
-    access:dataSetKey :PublicDisplayClassDataSetKey ;
+    access:hasDataSetKey :PublicDisplayClassDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:DisplayOperationValueSet ;
@@ -128,7 +128,7 @@
 ### Self editor display class uri data sets
 
 :SelfEditorDisplayClassDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorDisplayClassDataSetKey ;
+    access:hasDataSetKey :SelfEditorDisplayClassDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:DisplayOperationValueSet ;
@@ -142,7 +142,7 @@
 ### Editor display class uri data sets
 
 :EditorDisplayClassDataSet a access:DataSet ;
-    access:dataSetKey :EditorDisplayClassDataSetKey ;
+    access:hasDataSetKey :EditorDisplayClassDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:DisplayOperationValueSet ;
@@ -156,7 +156,7 @@
 ### Curator display class uri data sets
 
 :CuratorDisplayClassDataSet a access:DataSet ;
-    access:dataSetKey :CuratorDisplayClassDataSetKey ;
+    access:hasDataSetKey :CuratorDisplayClassDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:DisplayOperationValueSet ;
@@ -170,7 +170,7 @@
 ### Admin display class uri data sets
 
 :AdminDisplayClassDataSet a access:DataSet ;
-    access:dataSetKey :AdminDisplayClassDataSetKey ;
+    access:hasDataSetKey :AdminDisplayClassDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:DisplayOperationValueSet ;
@@ -184,7 +184,7 @@
 ### Public update class uri data sets
 
 :PublicUpdateClassDataSet a access:DataSet ;
-    access:dataSetKey :PublicUpdateClassDataSetKey ;
+    access:hasDataSetKey :PublicUpdateClassDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:UpdateOperationValueSet ;
@@ -198,7 +198,7 @@
 ### Self editor update class uri data sets
 
 :SelfEditorUpdateClassDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorUpdateClassDataSetKey ;
+    access:hasDataSetKey :SelfEditorUpdateClassDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:UpdateOperationValueSet ;
@@ -212,7 +212,7 @@
 ### Editor update class uri data sets
 
 :EditorUpdateClassDataSet a access:DataSet ;
-    access:dataSetKey :EditorUpdateClassDataSetKey ;
+    access:hasDataSetKey :EditorUpdateClassDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:UpdateOperationValueSet ;
@@ -226,7 +226,7 @@
 ### Curator update class uri data sets
 
 :CuratorUpdateClassDataSet a access:DataSet ;
-    access:dataSetKey :CuratorUpdateClassDataSetKey ;
+    access:hasDataSetKey :CuratorUpdateClassDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:UpdateOperationValueSet ;
@@ -240,7 +240,7 @@
 ### Admin update class uri data sets
 
 :AdminUpdateClassDataSet a access:DataSet ;
-    access:dataSetKey :AdminUpdateClassDataSetKey ;
+    access:hasDataSetKey :AdminUpdateClassDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:UpdateOperationValueSet ;
@@ -254,7 +254,7 @@
 ### Self editor publish class uri data sets
 
 :SelfEditorPublishClassDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorPublishClassDataSetKey ;
+    access:hasDataSetKey :SelfEditorPublishClassDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:PublishOperationValueSet ;
@@ -268,7 +268,7 @@
 ### Editor publish class uri data sets
 
 :EditorPublishClassDataSet a access:DataSet ;
-    access:dataSetKey :EditorPublishClassDataSetKey ;
+    access:hasDataSetKey :EditorPublishClassDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:PublishOperationValueSet ;
@@ -282,7 +282,7 @@
 ### Curator publish class uri data sets
 
 :CuratorPublishClassDataSet a access:DataSet ;
-    access:dataSetKey :CuratorPublishClassDataSetKey ;
+    access:hasDataSetKey :CuratorPublishClassDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:PublishOperationValueSet ;
@@ -296,7 +296,7 @@
 ### Admin publish class uri data sets
 
 :AdminPublishClassDataSet a access:DataSet ;
-    access:dataSetKey :AdminPublishClassDataSetKey ;
+    access:hasDataSetKey :AdminPublishClassDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ClassValueSet ;
     access:dataSetValues access-individual:PublishOperationValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index b79824c9c7..b6834291bd 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -137,7 +137,7 @@
 
 :RoleDisplayObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDisplayObjectPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleDisplayObjectPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleDisplayObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
     access:dataSetValues access-individual:DisplayOperationValueSet ;
@@ -166,7 +166,7 @@
 
 :RolePublishObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RolePublishObjectPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RolePublishObjectPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RolePublishObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
     access:dataSetValues access-individual:PublishOperationValueSet ;
@@ -195,7 +195,7 @@
 
 :RoleAddObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleAddObjectPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleAddObjectPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleAddObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
     access:dataSetValues access-individual:AddOperationValueSet ;
@@ -224,7 +224,7 @@
 
 :RoleDropObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDropObjectPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleDropObjectPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleDropObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
     access:dataSetValues access-individual:DropOperationValueSet ;
@@ -253,7 +253,7 @@
 
 :RoleEditObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleEditObjectPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleEditObjectPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleEditObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
     access:dataSetValues access-individual:EditOperationValueSet ;
@@ -282,7 +282,7 @@
 
 :RoleDisplayDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDisplayDataPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleDisplayDataPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleDisplayDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
     access:dataSetValues access-individual:DisplayOperationValueSet ;
@@ -311,7 +311,7 @@
 
 :RolePublishDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RolePublishDataPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RolePublishDataPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RolePublishDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
     access:dataSetValues access-individual:PublishOperationValueSet ;
@@ -340,7 +340,7 @@
 
 :RoleAddDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleAddDataPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleAddDataPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleAddDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
     access:dataSetValues access-individual:AddOperationValueSet ;
@@ -369,7 +369,7 @@
 
 :RoleDropDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDropDataPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleDropDataPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleDropDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
     access:dataSetValues access-individual:DropOperationValueSet ;
@@ -398,7 +398,7 @@
 
 :RoleEditDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleEditDataPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleEditDataPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleEditDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
     access:dataSetValues access-individual:EditOperationValueSet ;
@@ -427,7 +427,7 @@
 
 :RoleDisplayFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDisplayFauxObjectPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleDisplayFauxObjectPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleDisplayFauxObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
     access:dataSetValues access-individual:DisplayOperationValueSet ;
@@ -456,7 +456,7 @@
 
 :RolePublishFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RolePublishFauxObjectPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RolePublishFauxObjectPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RolePublishFauxObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
     access:dataSetValues access-individual:PublishOperationValueSet ;
@@ -485,7 +485,7 @@
 
 :RoleAddFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleAddFauxObjectPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleAddFauxObjectPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleAddFauxObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
     access:dataSetValues access-individual:AddOperationValueSet ;
@@ -514,7 +514,7 @@
 
 :RoleDropFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDropFauxObjectPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleDropFauxObjectPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleDropFauxObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
     access:dataSetValues access-individual:DropOperationValueSet ;
@@ -543,7 +543,7 @@
 
 :RoleEditFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleEditFauxObjectPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleEditFauxObjectPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleEditFauxObjectPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
     access:dataSetValues access-individual:EditOperationValueSet ;
@@ -572,7 +572,7 @@
 
 :RoleDisplayFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDisplayFauxDataPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleDisplayFauxDataPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleDisplayFauxDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
     access:dataSetValues access-individual:DisplayOperationValueSet ;
@@ -601,7 +601,7 @@
 
 :RolePublishFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RolePublishFauxDataPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RolePublishFauxDataPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RolePublishFauxDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
     access:dataSetValues access-individual:PublishOperationValueSet ;
@@ -630,7 +630,7 @@
 
 :RoleAddFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleAddFauxDataPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleAddFauxDataPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleAddFauxDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
     access:dataSetValues access-individual:AddOperationValueSet ;
@@ -659,7 +659,7 @@
 
 :RoleDropFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDropFauxDataPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleDropFauxDataPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleDropFauxDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
     access:dataSetValues access-individual:DropOperationValueSet ;
@@ -688,7 +688,7 @@
 
 :RoleEditFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleEditFauxDataPropertyDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleEditFauxDataPropertyDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleEditFauxDataPropertyDataSetKeyTemplate ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
     access:dataSetValues access-individual:EditOperationValueSet ;
@@ -718,7 +718,7 @@
 ### Drop faux data property data sets
 
 :PublicDropFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicDropFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :PublicDropFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -731,7 +731,7 @@
     access:keyComponent access-individual:DropOperation .
 
 :EditorDropFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorDropFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :EditorDropFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -744,7 +744,7 @@
     access:keyComponent access-individual:DropOperation .
 
 :CuratorDropFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorDropFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorDropFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -757,7 +757,7 @@
     access:keyComponent access-individual:DropOperation .
 
 :AdminDropFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminDropFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :AdminDropFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -772,7 +772,7 @@
 ### Add faux data property data sets
 
 :PublicAddFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicAddFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :PublicAddFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -785,7 +785,7 @@
     access:keyComponent access-individual:AddOperation .
 
 :EditorAddFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorAddFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :EditorAddFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -798,7 +798,7 @@
     access:keyComponent access-individual:AddOperation .
 
 :CuratorAddFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorAddFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorAddFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -811,7 +811,7 @@
     access:keyComponent access-individual:AddOperation .
 
 :AdminAddFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminAddFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :AdminAddFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -826,7 +826,7 @@
 ### Edit faux data property data sets
 
 :PublicEditFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicEditFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :PublicEditFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -839,7 +839,7 @@
     access:keyComponent access-individual:EditOperation .
 
 :EditorEditFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorEditFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :EditorEditFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -852,7 +852,7 @@
     access:keyComponent access-individual:EditOperation .
 
 :CuratorEditFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorEditFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorEditFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -865,7 +865,7 @@
     access:keyComponent access-individual:EditOperation .
 
 :AdminEditFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminEditFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :AdminEditFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -880,7 +880,7 @@
 ### Drop faux object property data sets
 
 :PublicDropFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicDropFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :PublicDropFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -893,7 +893,7 @@
     access:keyComponent access-individual:DropOperation .
 
 :EditorDropFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorDropFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :EditorDropFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -906,7 +906,7 @@
     access:keyComponent access-individual:DropOperation .
 
 :CuratorDropFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorDropFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorDropFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -919,7 +919,7 @@
     access:keyComponent access-individual:DropOperation .
 
 :AdminDropFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminDropFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :AdminDropFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -934,7 +934,7 @@
 ### Add faux object property data sets
 
 :PublicAddFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicAddFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :PublicAddFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -947,7 +947,7 @@
     access:keyComponent access-individual:AddOperation .
 
 :EditorAddFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorAddFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :EditorAddFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -960,7 +960,7 @@
     access:keyComponent access-individual:AddOperation .
 
 :CuratorAddFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorAddFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorAddFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -973,7 +973,7 @@
     access:keyComponent access-individual:AddOperation .
 
 :AdminAddFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminAddFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :AdminAddFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -988,7 +988,7 @@
 ### Edit faux object property data sets
 
 :PublicEditFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicEditFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :PublicEditFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -1001,7 +1001,7 @@
     access:keyComponent access-individual:EditOperation .
 
 :EditorEditFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorEditFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :EditorEditFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -1014,7 +1014,7 @@
     access:keyComponent access-individual:EditOperation .
 
 :CuratorEditFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorEditFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorEditFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -1027,7 +1027,7 @@
     access:keyComponent access-individual:EditOperation .
 
 :AdminEditFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminEditFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :AdminEditFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -1042,7 +1042,7 @@
 ### Drop data property data sets
 
 :PublicDropDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicDropDataPropertyDataSetKey ;
+    access:hasDataSetKey :PublicDropDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1055,7 +1055,7 @@
     access:keyComponent access-individual:DropOperation .
 
 :EditorDropDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorDropDataPropertyDataSetKey ;
+    access:hasDataSetKey :EditorDropDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1068,7 +1068,7 @@
     access:keyComponent access-individual:DropOperation .
 
 :CuratorDropDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorDropDataPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorDropDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1081,7 +1081,7 @@
     access:keyComponent access-individual:DropOperation .
 
 :AdminDropDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminDropDataPropertyDataSetKey ;
+    access:hasDataSetKey :AdminDropDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1096,7 +1096,7 @@
 ### Add data property data sets
 
 :PublicAddDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicAddDataPropertyDataSetKey ;
+    access:hasDataSetKey :PublicAddDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1109,7 +1109,7 @@
     access:keyComponent access-individual:AddOperation .
 
 :EditorAddDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorAddDataPropertyDataSetKey ;
+    access:hasDataSetKey :EditorAddDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1122,7 +1122,7 @@
     access:keyComponent access-individual:AddOperation .
 
 :CuratorAddDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorAddDataPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorAddDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1135,7 +1135,7 @@
     access:keyComponent access-individual:AddOperation .
 
 :AdminAddDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminAddDataPropertyDataSetKey ;
+    access:hasDataSetKey :AdminAddDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1150,7 +1150,7 @@
 ### Edit data property data sets
 
 :PublicEditDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicEditDataPropertyDataSetKey ;
+    access:hasDataSetKey :PublicEditDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1163,7 +1163,7 @@
     access:keyComponent access-individual:EditOperation .
 
 :EditorEditDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorEditDataPropertyDataSetKey ;
+    access:hasDataSetKey :EditorEditDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1176,7 +1176,7 @@
     access:keyComponent access-individual:EditOperation .
 
 :CuratorEditDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorEditDataPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorEditDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1189,7 +1189,7 @@
     access:keyComponent access-individual:EditOperation .
 
 :AdminEditDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminEditDataPropertyDataSetKey ;
+    access:hasDataSetKey :AdminEditDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1204,7 +1204,7 @@
 ### Drop object property data sets
 
 :PublicDropObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicDropObjectPropertyDataSetKey ;
+    access:hasDataSetKey :PublicDropObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1217,7 +1217,7 @@
     access:keyComponent access-individual:DropOperation .
 
 :EditorDropObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorDropObjectPropertyDataSetKey ;
+    access:hasDataSetKey :EditorDropObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1230,7 +1230,7 @@
     access:keyComponent access-individual:DropOperation .
 
 :CuratorDropObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorDropObjectPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorDropObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1243,7 +1243,7 @@
     access:keyComponent access-individual:DropOperation .
 
 :AdminDropObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminDropObjectPropertyDataSetKey ;
+    access:hasDataSetKey :AdminDropObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1258,7 +1258,7 @@
 ### Add object property data sets
 
 :PublicAddObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicAddObjectPropertyDataSetKey ;
+    access:hasDataSetKey :PublicAddObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1271,7 +1271,7 @@
     access:keyComponent access-individual:AddOperation .
 
 :EditorAddObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorAddObjectPropertyDataSetKey ;
+    access:hasDataSetKey :EditorAddObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1284,7 +1284,7 @@
     access:keyComponent access-individual:AddOperation .
 
 :CuratorAddObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorAddObjectPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorAddObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1297,7 +1297,7 @@
     access:keyComponent access-individual:AddOperation .
 
 :AdminAddObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminAddObjectPropertyDataSetKey ;
+    access:hasDataSetKey :AdminAddObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1312,7 +1312,7 @@
 ### Edit object property data sets
 
 :PublicEditObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicEditObjectPropertyDataSetKey ;
+    access:hasDataSetKey :PublicEditObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1325,7 +1325,7 @@
     access:keyComponent access-individual:EditOperation .
 
 :EditorEditObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorEditObjectPropertyDataSetKey ;
+    access:hasDataSetKey :EditorEditObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1338,7 +1338,7 @@
     access:keyComponent access-individual:EditOperation .
 
 :CuratorEditObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorEditObjectPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorEditObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1351,7 +1351,7 @@
     access:keyComponent access-individual:EditOperation .
 
 :AdminEditObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminEditObjectPropertyDataSetKey ;
+    access:hasDataSetKey :AdminEditObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1367,7 +1367,7 @@
 ### Display object property data sets
 
 :PublicDisplayObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicDisplayObjectPropertyDataSetKey ;
+    access:hasDataSetKey :PublicDisplayObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1380,7 +1380,7 @@
     access:keyComponent access-individual:DisplayOperation .
 
 :EditorDisplayObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorDisplayObjectPropertyDataSetKey ;
+    access:hasDataSetKey :EditorDisplayObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1393,7 +1393,7 @@
     access:keyComponent access-individual:DisplayOperation .
 
 :CuratorDisplayObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorDisplayObjectPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorDisplayObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1406,7 +1406,7 @@
     access:keyComponent access-individual:DisplayOperation .
 
 :AdminDisplayObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminDisplayObjectPropertyDataSetKey ;
+    access:hasDataSetKey :AdminDisplayObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1421,7 +1421,7 @@
 ### Display data property data sets
 
 :PublicDisplayDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicDisplayDataPropertyDataSetKey ;
+    access:hasDataSetKey :PublicDisplayDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1434,7 +1434,7 @@
     access:keyComponent access-individual:DisplayOperation .
 
 :EditorDisplayDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorDisplayDataPropertyDataSetKey ;
+    access:hasDataSetKey :EditorDisplayDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1447,7 +1447,7 @@
     access:keyComponent access-individual:DisplayOperation .
 
 :CuratorDisplayDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorDisplayDataPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorDisplayDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1460,7 +1460,7 @@
     access:keyComponent access-individual:DisplayOperation .
 
 :AdminDisplayDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminDisplayDataPropertyDataSetKey ;
+    access:hasDataSetKey :AdminDisplayDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1475,7 +1475,7 @@
 ### Display faux object property data sets
 
 :PublicDisplayFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicDisplayFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :PublicDisplayFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -1488,7 +1488,7 @@
     access:keyComponent access-individual:DisplayOperation .
 
 :EditorDisplayFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorDisplayFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :EditorDisplayFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -1501,7 +1501,7 @@
     access:keyComponent access-individual:DisplayOperation .
 
 :CuratorDisplayFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorDisplayFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorDisplayFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -1514,7 +1514,7 @@
     access:keyComponent access-individual:DisplayOperation .
 
 :AdminDisplayFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminDisplayFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :AdminDisplayFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -1529,7 +1529,7 @@
 ### Display faux data property data sets
 
 :PublicDisplayFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :PublicDisplayFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :PublicDisplayFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -1542,7 +1542,7 @@
     access:keyComponent access-individual:DisplayOperation .
 
 :EditorDisplayFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorDisplayFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :EditorDisplayFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -1555,7 +1555,7 @@
     access:keyComponent access-individual:DisplayOperation .
 
 :CuratorDisplayFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorDisplayFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorDisplayFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -1568,7 +1568,7 @@
     access:keyComponent access-individual:DisplayOperation .
 
 :AdminDisplayFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminDisplayFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :AdminDisplayFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -1583,7 +1583,7 @@
 ### Publish object property data sets
 
 :EditorPublishObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorPublishObjectPropertyDataSetKey ;
+    access:hasDataSetKey :EditorPublishObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1596,7 +1596,7 @@
     access:keyComponent access-individual:PublishOperation .
 
 :CuratorPublishObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorPublishObjectPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorPublishObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1609,7 +1609,7 @@
     access:keyComponent access-individual:PublishOperation .
 
 :AdminPublishObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminPublishObjectPropertyDataSetKey ;
+    access:hasDataSetKey :AdminPublishObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -1624,7 +1624,7 @@
 ### Publish data property data sets
 
 :EditorPublishDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorPublishDataPropertyDataSetKey ;
+    access:hasDataSetKey :EditorPublishDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1637,7 +1637,7 @@
     access:keyComponent access-individual:PublishOperation .
 
 :CuratorPublishDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorPublishDataPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorPublishDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1650,7 +1650,7 @@
     access:keyComponent access-individual:PublishOperation .
 
 :AdminPublishDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminPublishDataPropertyDataSetKey ;
+    access:hasDataSetKey :AdminPublishDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -1665,7 +1665,7 @@
 ### Publish faux object property data sets
 
 :EditorPublishFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorPublishFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :EditorPublishFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -1678,7 +1678,7 @@
     access:keyComponent access-individual:PublishOperation .
 
 :CuratorPublishFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorPublishFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorPublishFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -1691,7 +1691,7 @@
     access:keyComponent access-individual:PublishOperation .
 
 :AdminPublishFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminPublishFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :AdminPublishFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -1706,7 +1706,7 @@
 ### Publish faux data property data sets
 
 :EditorPublishFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :EditorPublishFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :EditorPublishFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -1719,7 +1719,7 @@
     access:keyComponent access-individual:PublishOperation .
 
 :CuratorPublishFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :CuratorPublishFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :CuratorPublishFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -1732,7 +1732,7 @@
     access:keyComponent access-individual:PublishOperation .
 
 :AdminPublishFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :AdminPublishFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :AdminPublishFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index e96dcc5477..9ff824e142 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -22,7 +22,7 @@
 ### Display object property data sets
 
 :SelfEditorDisplayObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorDisplayObjectPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorDisplayObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -37,7 +37,7 @@
 ### Display data property data sets
 
 :SelfEditorDisplayDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorDisplayDataPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorDisplayDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -52,7 +52,7 @@
 ### Display faux object property data sets
 
 :SelfEditorDisplayFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorDisplayFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorDisplayFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -67,7 +67,7 @@
 ### Display faux data property data sets
 
 :SelfEditorDisplayFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorDisplayFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorDisplayFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -82,7 +82,7 @@
 ### Publish object property data sets
 
 :SelfEditorPublishObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorPublishObjectPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorPublishObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -97,7 +97,7 @@
 ### Publish data property data sets
 
 :SelfEditorPublishDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorPublishDataPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorPublishDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -112,7 +112,7 @@
 ### Publish faux object property data sets
 
 :SelfEditorPublishFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorPublishFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorPublishFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -127,7 +127,7 @@
 ### Publish faux data property data sets
 
 :SelfEditorPublishFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorPublishFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorPublishFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 0015d2520d..7b3d582d57 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -20,7 +20,7 @@
 
 :RoleDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDataSetTemplateKey ;
-    access:dataSetKeyTemplate :RoleDataSetKeyTemplate ;
+    access:hasDataSetKeyTemplate :RoleDataSetKeyTemplate ;
     access:dataSetValueTemplate :RoleValueSetTemplate ;
     access:dataSetValueTemplate :RolePermissionValueSetTemplate .  
 
@@ -45,7 +45,7 @@
 #Data sets
 
 :PublicDataSet a access:DataSet ;
-    access:dataSetKey :PublicDataSetKey ;
+    access:hasDataSetKey :PublicDataSetKey ;
     access:dataSetValues access-individual:PublicRoleValueSet ;
     access:dataSetValues :PublicSimplePermissionValueSet .
 
@@ -55,7 +55,7 @@
     access:keyComponent access-individual:PublicRoleUri .
 
 :SelfEditorDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorDataSetKey ;
+    access:hasDataSetKey :SelfEditorDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues :SelfEditorSimplePermissionValueSet .
 
@@ -65,7 +65,7 @@
     access:keyComponent access-individual:SelfEditorRoleUri .
 
 :EditorDataSet a access:DataSet ;
-    access:dataSetKey :EditorDataSetKey ;
+    access:hasDataSetKey :EditorDataSetKey ;
     access:dataSetValues access-individual:EditorRoleValueSet ;
     access:dataSetValues :EditorSimplePermissionValueSet .
 
@@ -75,7 +75,7 @@
     access:keyComponent access-individual:EditorRoleUri .
 
 :CuratorDataSet a access:DataSet ;
-    access:dataSetKey :CuratorDataSetKey ;
+    access:hasDataSetKey :CuratorDataSetKey ;
     access:dataSetValues access-individual:CuratorRoleValueSet ;
     access:dataSetValues :CuratorSimplePermissionValueSet .
 
@@ -85,7 +85,7 @@
     access:keyComponent access-individual:CuratorRoleUri .
 
 :AdminDataSet a access:DataSet ;
-    access:dataSetKey :AdminDataSetKey  ;
+    access:hasDataSetKey :AdminDataSetKey  ;
     access:dataSetValues access-individual:AdminRoleValueSet ;
     access:dataSetValues :AdminSimplePermissionValueSet .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 20428b3fcc..e3b424cd4f 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -28,7 +28,7 @@
 ### Add object property data sets
 
 :SelfEditorAddObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorAddObjectPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorAddObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -43,7 +43,7 @@
 ### Add data property data sets
 
 :SelfEditorAddDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorAddDataPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorAddDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -58,7 +58,7 @@
 ### Add faux object property data sets
 
 :SelfEditorAddFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorAddFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorAddFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -73,7 +73,7 @@
 ### Add faux data property data sets
 
 :SelfEditorAddFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorAddFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorAddFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -88,7 +88,7 @@
 ### Drop object property data sets
 
 :SelfEditorDropObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorDropObjectPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorDropObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -103,7 +103,7 @@
 ### Drop data property data sets
 
 :SelfEditorDropDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorDropDataPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorDropDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -118,7 +118,7 @@
 ### Drop faux object property data sets
 
 :SelfEditorDropFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorDropFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorDropFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -133,7 +133,7 @@
 ### Drop faux data property data sets
 
 :SelfEditorDropFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorDropFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorDropFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
@@ -148,7 +148,7 @@
 ### Edit object property data sets
 
 :SelfEditorEditObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorEditObjectPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorEditObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:ObjectPropertyValueSet ;
     access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
@@ -163,7 +163,7 @@
 ### Edit data property data sets
 
 :SelfEditorEditDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorEditDataPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorEditDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:DataPropertyValueSet ;
     access:dataSetValues access-individual:DataPropertyStatementValueSet ;
@@ -178,7 +178,7 @@
 ### Edit faux object property data sets
 
 :SelfEditorEditFauxObjectPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorEditFauxObjectPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorEditFauxObjectPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
     access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
@@ -193,7 +193,7 @@
 ### Edit faux data property data sets
 
 :SelfEditorEditFauxDataPropertyDataSet a access:DataSet ;
-    access:dataSetKey :SelfEditorEditFauxDataPropertyDataSetKey ;
+    access:hasDataSetKey :SelfEditorEditFauxDataPropertyDataSetKey ;
     access:dataSetValues access-individual:SelfEditorRoleValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyValueSet ;
     access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index a6f9f287e7..a146b35433 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -201,13 +201,13 @@
     rdfs:domain [ a owl:Class ; owl:unionOf  ( :Policy :PolicyTemplate ) ] ;
     rdfs:range :Rule .
 
-:dataSetKey a owl:ObjectProperty ;
+:hasDataSetKey a owl:ObjectProperty ;
     rdfs:comment "Assign data set template to policy data set";
     rdfs:label "data set key"@en-US ;
     rdfs:domain :DataSet ;
     rdfs:range :DataSetKey .
 
-:dataSetKeyTemplate a owl:ObjectProperty ;
+:hasDataSetKeyTemplate a owl:ObjectProperty ;
     rdfs:comment "Assign data set key template to data set template";
     rdfs:label "data set key template"@en-US ;
     rdfs:domain :DataSetTemplate ;

From c6cbfae231aae96a0717d60ca9d337268bce533d Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 10:53:32 +0100
Subject: [PATCH 130/148] renamed :templateKey to hasTemplateKeyComponent

---
 .../webapp/auth/policy/PolicyLoader.java      |  4 +-
 .../auth/policy/PolicyTemplateController.java |  2 +-
 .../webapp/auth/rules/data_set_templates.n3   |  4 +-
 .../template_access_allowed_class.n3          |  6 +--
 .../template_access_allowed_property.n3       | 40 +++++++++----------
 .../firsttime/template_simple_permissions.n3  |  2 +-
 .../vitro-access-control-ontology.n3          |  2 +-
 7 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index a0abed6e98..5a377c548a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -214,8 +214,8 @@ public class PolicyLoader {
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?policyTemplate access:hasDataSetTemplate ?dataSetTemplate .\n"
             + "    ?dataSetTemplate access:hasDataSetTemplateKey ?dataSetTemplateKey .\n"
-            + "    ?dataSetTemplateKey access:templateKey access-individual:SubjectRole .\n"
-            + "    ?dataSetTemplateKey access:templateKey ?key .\n"
+            + "    ?dataSetTemplateKey access:hasTemplateKeyComponent access-individual:SubjectRole .\n"
+            + "    ?dataSetTemplateKey access:hasTemplateKeyComponent ?key .\n"
             + "  }\n"
             + "}\n"
             + "GROUP BY ?dataSetTemplate ?policyTemplate";
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
index 0afb4a746d..3300268217 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -17,7 +17,7 @@ public class PolicyTemplateController {
     private static final Log log = LogFactory.getLog(PolicyTemplateController.class);
     public static void createRoleDataSets(String roleUri) {
 
-        // Execute sparql query to get all data set templates that have ao:templateKey access-individual:SubjectRole .
+        // Execute sparql query to get all data set templates that have ao:hasTemplateKeyComponent access-individual:SubjectRole .
         Map<String, String> templates = PolicyLoader.getInstance().getRoleDataSetTemplates();
         for (String templateUri : templates.keySet()) {
             createRoleDataSet(templateUri, roleUri, templates.get(templateUri));
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index 35b9144f5d..efc568a0ec 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -26,7 +26,7 @@
     access:dataSetValueTemplate :RolePermissionValueSetTemplate1 .  
 
 :RoleDataSetTemplateKey1 a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDataSetKeyTemplate1 a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:NamedObject ;
@@ -51,7 +51,7 @@
     access:dataSetValueTemplate :RolePermissionValueSetTemplate2 .  
 
 :RoleDataSetTemplateKey2 a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDataSetKeyTemplate2 a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:ObjectPropertyAccesObject ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index aa8584390f..fa5689ace0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -41,7 +41,7 @@
     access:dataSetValueTemplate :RoleDisplayClassValueSetTemplate .  
 
 :RoleDisplayClassDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDisplayClassDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:Class ;
@@ -68,7 +68,7 @@
     access:dataSetValueTemplate :RoleUpdateClassValueSetTemplate .  
 
 :RoleUpdateClassDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleUpdateClassDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:Class ;
@@ -95,7 +95,7 @@
     access:dataSetValueTemplate :RolePublishClassValueSetTemplate .  
 
 :RolePublishClassDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RolePublishClassDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:Class ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index b6834291bd..f496f7d94b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -145,7 +145,7 @@
     access:dataSetValueTemplate :RoleDisplayObjectPropertyEntityValueSetTemplate .  
 
 :RoleDisplayObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDisplayObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -174,7 +174,7 @@
     access:dataSetValueTemplate :RolePublishObjectPropertyEntityValueSetTemplate .  
 
 :RolePublishObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RolePublishObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -203,7 +203,7 @@
     access:dataSetValueTemplate :RoleAddObjectPropertyEntityValueSetTemplate .  
 
 :RoleAddObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleAddObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -232,7 +232,7 @@
     access:dataSetValueTemplate :RoleDropObjectPropertyEntityValueSetTemplate .  
 
 :RoleDropObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDropObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -261,7 +261,7 @@
     access:dataSetValueTemplate :RoleEditObjectPropertyEntityValueSetTemplate .  
 
 :RoleEditObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleEditObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:ObjectProperty ;
@@ -290,7 +290,7 @@
     access:dataSetValueTemplate :RoleDisplayDataPropertyEntityValueSetTemplate .  
 
 :RoleDisplayDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDisplayDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:DataProperty ;
@@ -319,7 +319,7 @@
     access:dataSetValueTemplate :RolePublishDataPropertyEntityValueSetTemplate .  
 
 :RolePublishDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RolePublishDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:DataProperty ;
@@ -348,7 +348,7 @@
     access:dataSetValueTemplate :RoleAddDataPropertyEntityValueSetTemplate .  
 
 :RoleAddDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleAddDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:DataProperty ;
@@ -377,7 +377,7 @@
     access:dataSetValueTemplate :RoleDropDataPropertyEntityValueSetTemplate .  
 
 :RoleDropDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDropDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:DataProperty ;
@@ -406,7 +406,7 @@
     access:dataSetValueTemplate :RoleEditDataPropertyEntityValueSetTemplate .  
 
 :RoleEditDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleEditDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:DataProperty ;
@@ -435,7 +435,7 @@
     access:dataSetValueTemplate :RoleDisplayFauxObjectPropertyEntityValueSetTemplate .  
 
 :RoleDisplayFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDisplayFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -464,7 +464,7 @@
     access:dataSetValueTemplate :RolePublishFauxObjectPropertyEntityValueSetTemplate .  
 
 :RolePublishFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RolePublishFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -493,7 +493,7 @@
     access:dataSetValueTemplate :RoleAddFauxObjectPropertyEntityValueSetTemplate .  
 
 :RoleAddFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleAddFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -522,7 +522,7 @@
     access:dataSetValueTemplate :RoleDropFauxObjectPropertyEntityValueSetTemplate .  
 
 :RoleDropFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDropFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -551,7 +551,7 @@
     access:dataSetValueTemplate :RoleEditFauxObjectPropertyEntityValueSetTemplate .  
 
 :RoleEditFauxObjectPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleEditFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:FauxObjectProperty ;
@@ -580,7 +580,7 @@
     access:dataSetValueTemplate :RoleDisplayFauxDataPropertyEntityValueSetTemplate .  
 
 :RoleDisplayFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDisplayFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -609,7 +609,7 @@
     access:dataSetValueTemplate :RolePublishFauxDataPropertyEntityValueSetTemplate .  
 
 :RolePublishFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RolePublishFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -638,7 +638,7 @@
     access:dataSetValueTemplate :RoleAddFauxDataPropertyEntityValueSetTemplate .  
 
 :RoleAddFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleAddFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -667,7 +667,7 @@
     access:dataSetValueTemplate :RoleDropFauxDataPropertyEntityValueSetTemplate .  
 
 :RoleDropFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDropFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:FauxDataProperty ;
@@ -696,7 +696,7 @@
     access:dataSetValueTemplate :RoleEditFauxDataPropertyEntityValueSetTemplate .  
 
 :RoleEditFauxDataPropertyDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleEditFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:FauxDataProperty ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 7b3d582d57..93d9e47e5b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -25,7 +25,7 @@
     access:dataSetValueTemplate :RolePermissionValueSetTemplate .  
 
 :RoleDataSetTemplateKey a access:DataSetTemplateKey ;
-    access:templateKey access-individual:SubjectRole .
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDataSetKeyTemplate a access:DataSetKeyTemplate ;
     access:keyComponent access-individual:NamedObject ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index a146b35433..c4bc374b48 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -171,7 +171,7 @@
     rdfs:domain :DataSetTemplate ;
     rdfs:range :ValueSetTemplate .
 
-:templateKey a owl:ObjectProperty ;
+:hasTemplateKeyComponent a owl:ObjectProperty ;
     rdfs:comment "Attribute to use as a template key";
     rdfs:label "template key"@en-US ;
     rdfs:domain :DataSetTemplateKey ;

From dce9e8c0257697cfa4087ae36521f91e8dcbc4be Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 11:05:01 +0100
Subject: [PATCH 131/148] renamed :keyComponent to :hasKeyComponent and
 :keyComponentTemplate to :hasKeyComponentTemplate

---
 .../webapp/auth/policy/PolicyLoader.java      |  16 +-
 .../auth/policy/PolicyTemplateController.java |   9 +-
 .../webapp/auth/rules/data_set_templates.n3   |  16 +-
 .../webapp/auth/rules/test_policy_key.n3      |   6 +-
 .../template_access_allowed_class.n3          | 102 ++--
 .../template_access_allowed_property.n3       | 576 +++++++++---------
 ...emplate_access_related_allowed_property.n3 |  48 +-
 .../firsttime/template_simple_permissions.n3  |  36 +-
 ...emplate_update_related_allowed_property.n3 |  72 +--
 .../vitro-access-control-ontology.n3          |  12 +-
 10 files changed, 447 insertions(+), 446 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 5a377c548a..6718de2b7f 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -185,7 +185,7 @@ public class PolicyLoader {
             + "  OPTIONAL { ?valueSet access:value ?value .\n"
             + "    OPTIONAL { ?value access:id ?valueId . }\n"
             + "  }\n"
-            + "  ?dataSetKeyUri access:keyComponent ?key .\n";
+            + "  ?dataSetKeyUri access:hasKeyComponent ?key .\n";
 
     private static final String policyKeyTemplateSuffix =
             "}} GROUP BY ?" + POLICY + " ?dataSet ?value ?valueId ?testData ?valueSet";
@@ -226,7 +226,7 @@ public class PolicyLoader {
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?dataSetTemplate access:hasDataSetKeyTemplate ?dataSetKeyTemplate .\n"
-            + "    ?dataSetKeyTemplate access:keyComponent ?keyComponent .\n"
+            + "    ?dataSetKeyTemplate access:hasKeyComponent ?keyComponent .\n"
             + "  }\n"
             + "}\n";
 
@@ -236,7 +236,7 @@ public class PolicyLoader {
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?dataSet access:hasDataSetKey ?dataSetKey ."
-            + "    ?dataSetKey access:keyComponent ?keyComponent .\n"
+            + "    ?dataSetKey access:hasKeyComponent ?keyComponent .\n"
             + "    OPTIONAL {\n"
             + "      ?keyComponent access:id ?id .\n"
             + "    }\n"
@@ -261,7 +261,7 @@ public class PolicyLoader {
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "    ?dataSetTemplate access:hasDataSetKeyTemplate ?dataSetKeyTemplate .\n"
-            + "    ?dataSetKeyTemplate access:keyComponentTemplate ?keyComponentTemplate .\n"
+            + "    ?dataSetKeyTemplate access:hasKeyComponentTemplate ?keyComponentTemplate .\n"
             + "  }\n"
             + "}\n";
 
@@ -557,11 +557,11 @@ private static String getPolicyDataSetValueStatementByKeyQuery(String entityUri,
         StringBuilder query = new StringBuilder();
         query.append(String.format(policyStatementByKeyTemplatePrefix, entityUri));
         for (String uri : uris) {
-            query.append(String.format("  ?dataSetKeyUri access:keyComponent <%s> . \n", uri));
+            query.append(String.format("  ?dataSetKeyUri access:hasKeyComponent <%s> . \n", uri));
         }
         int i = 0;
         for (String id : ids) {
-            query.append(String.format("  ?dataSetKeyUri access:keyComponent ?uri%d . ?uri%d access:id \"%s\" . \n", i,
+            query.append(String.format("  ?dataSetKeyUri access:hasKeyComponent ?uri%d . ?uri%d access:id \"%s\" . \n", i,
                     i, id));
             i++;
         }
@@ -572,11 +572,11 @@ private static String getPolicyDataSetValueStatementByKeyQuery(String entityUri,
     private static String getDataSetByKeyQuery(String[] uris, String[] ids) {
         StringBuilder query = new StringBuilder(policyKeyTemplatePrefix);
         for (String uri : uris) {
-            query.append(String.format("  ?dataSetKeyUri access:keyComponent <%s> . \n", uri));
+            query.append(String.format("  ?dataSetKeyUri access:hasKeyComponent <%s> . \n", uri));
         }
         int i = 0;
         for (String id : ids) {
-            query.append(String.format("  ?dataSetKeyUri access:keyComponent ?uri%d .\n  ?uri%d access:id \"%s\" . \n",
+            query.append(String.format("  ?dataSetKeyUri access:hasKeyComponent ?uri%d .\n  ?uri%d access:id \"%s\" . \n",
                     i, i, id));
             i++;
         }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
index 3300268217..1336e08852 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -1,11 +1,12 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
 import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.AUTH_VOCABULARY_PREFIX;
+import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.RDF_TYPE;
+
 
 import java.util.List;
 import java.util.Map;
 
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.adapters.VitroModelFactory;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -42,7 +43,7 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
                         dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "id"),
                         dataSetModel.createLiteral(roleUri)));
                 dataSetModel.add(new StatementImpl(dataSetModel.createResource(roleKeyUri),
-                        dataSetModel.createProperty(VitroVocabulary.RDF_TYPE),
+                        dataSetModel.createProperty(RDF_TYPE),
                         dataSetModel.createResource(AUTH_VOCABULARY_PREFIX + "SubjectRoleUri")));
                 keys.add(roleKeyUri);
             } else {
@@ -56,7 +57,7 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
                 dataSetModel.createResource(dataSetUri)));
 
         dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
-                dataSetModel.createProperty("http://www.w3.org/1999/02/22-rdf-syntax-ns#type"),
+                dataSetModel.createProperty(RDF_TYPE),
                 dataSetModel.createResource(AUTH_VOCABULARY_PREFIX + "PolicyDataSet")));
 
         dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
@@ -65,7 +66,7 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
 
         for (String key : keys) {
             dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetKeyUri),
-                    dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "keyComponent"),
+                    dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "hasKeyComponent"),
                     dataSetModel.createResource(key)));
         }
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index efc568a0ec..c9d6607df9 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -29,9 +29,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDataSetKeyTemplate1 a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:NamedObject ;
-    access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:NamedObject ;
+    access:hasKeyComponent access-individual:ExecuteOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleValueSetTemplate1 a access:ValueSetTemplate ;
     access:relatedCheck :RoleValueSet;
@@ -54,8 +54,8 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDataSetKeyTemplate2 a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:ObjectPropertyAccesObject ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:ObjectPropertyAccesObject ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleValueSetTemplate2 a access:ValueSetTemplate ;
     access:relatedCheck :RoleValueSet;
@@ -71,9 +71,9 @@
     access:dataSetValues access-individual:PublicSimplePermissionValueSet .
 
 :PublicDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:NamedObject ;
-    access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponent access-individual:PublicRoleUri .
+    access:hasKeyComponent access-individual:NamedObject ;
+    access:hasKeyComponent access-individual:ExecuteOperation ;
+    access:hasKeyComponent access-individual:PublicRoleUri .
 
 access-individual:PublicSimplePermissionValueSet a access:ValueSet ;
     access:containsElementsOfType access-individual:NamedObject .
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
index 0b181ec05e..6ed9f8b2b4 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -21,6 +21,6 @@ access-individual:KeyTestAttribute rdf:type access:Check ;
     access:value access-individual:PublishOperation .
 
 access-individual:PolicyKeyTest rdf:type access:PolicyKey ;
-    access:keyComponent access-individual:ObjectPropertyAccesObject ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:ObjectPropertyAccesObject ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index fa5689ace0..d40e1c018e 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -44,9 +44,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDisplayClassDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:DisplayOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:DisplayOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayClassRoleValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleCheck;
@@ -71,9 +71,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleUpdateClassDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:UpdateOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:UpdateOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleUpdateClassRoleValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleCheck;
@@ -98,9 +98,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RolePublishClassDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:PublishOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:PublishOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishClassRoleValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleCheck;
@@ -121,9 +121,9 @@
     access:dataSetValues :PublicDisplayClassValueSet .
 
 :PublicDisplayClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Self editor display class uri data sets
 
@@ -135,9 +135,9 @@
     access:dataSetValues :SelfEditorDisplayClassValueSet .
 
 :SelfEditorDisplayClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Editor display class uri data sets
 
@@ -149,9 +149,9 @@
     access:dataSetValues :EditorDisplayClassValueSet .
 
 :EditorDisplayClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Curator display class uri data sets
 
@@ -163,9 +163,9 @@
     access:dataSetValues :CuratorDisplayClassValueSet .
 
 :CuratorDisplayClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Admin display class uri data sets
 
@@ -177,9 +177,9 @@
     access:dataSetValues :AdminDisplayClassValueSet .
 
 :AdminDisplayClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Public update class uri data sets
 
@@ -191,9 +191,9 @@
     access:dataSetValues :PublicUpdateClassValueSet .
 
 :PublicUpdateClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:UpdateOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:UpdateOperation .
 
 ### Self editor update class uri data sets
 
@@ -205,9 +205,9 @@
     access:dataSetValues :SelfEditorUpdateClassValueSet .
 
 :SelfEditorUpdateClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:UpdateOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:UpdateOperation .
 
 ### Editor update class uri data sets
 
@@ -219,9 +219,9 @@
     access:dataSetValues :EditorUpdateClassValueSet .
 
 :EditorUpdateClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:UpdateOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:UpdateOperation .
 
 ### Curator update class uri data sets
 
@@ -233,9 +233,9 @@
     access:dataSetValues :CuratorUpdateClassValueSet .
 
 :CuratorUpdateClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:UpdateOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:UpdateOperation .
 
 ### Admin update class uri data sets
 
@@ -247,9 +247,9 @@
     access:dataSetValues :AdminUpdateClassValueSet .
 
 :AdminUpdateClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:UpdateOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:UpdateOperation .
 
 ### Self editor publish class uri data sets
 
@@ -261,9 +261,9 @@
     access:dataSetValues :SelfEditorPublishClassValueSet .
 
 :SelfEditorPublishClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 ### Editor publish class uri data sets
 
@@ -275,9 +275,9 @@
     access:dataSetValues :EditorPublishClassValueSet .
 
 :EditorPublishClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 ### Curator publish class uri data sets
 
@@ -289,9 +289,9 @@
     access:dataSetValues :CuratorPublishClassValueSet .
 
 :CuratorPublishClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 ### Admin publish class uri data sets
 
@@ -303,9 +303,9 @@
     access:dataSetValues :AdminPublishClassValueSet .
 
 :AdminPublishClassDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:Class ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:Class ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 :AllowMatchingClass a access:Rule;
     access:requiresCheck :SubjectRoleCheck ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index f496f7d94b..f58abd2640 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -148,9 +148,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDisplayObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:DisplayOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:DisplayOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -177,9 +177,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RolePublishObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:PublishOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:PublishOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -206,9 +206,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleAddObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:AddOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:AddOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleAddObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -235,9 +235,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDropObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:DropOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:DropOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleDropObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -264,9 +264,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleEditObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:EditOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:EditOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleEditObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -293,9 +293,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDisplayDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:DisplayOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:DisplayOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -322,9 +322,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RolePublishDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:PublishOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:PublishOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -351,9 +351,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleAddDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:AddOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:AddOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleAddDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -380,9 +380,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDropDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:DropOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:DropOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleDropDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -409,9 +409,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleEditDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:EditOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:EditOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleEditDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -438,9 +438,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDisplayFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:DisplayOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:DisplayOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -467,9 +467,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RolePublishFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:PublishOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:PublishOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -496,9 +496,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleAddFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:AddOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:AddOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleAddFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -525,9 +525,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDropFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:DropOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:DropOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleDropFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -554,9 +554,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleEditFauxObjectPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:EditOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:EditOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleEditFauxObjectPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -583,9 +583,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDisplayFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:DisplayOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:DisplayOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleDisplayFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -612,9 +612,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RolePublishFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:PublishOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:PublishOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RolePublishFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -641,9 +641,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleAddFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:AddOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:AddOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleAddFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -670,9 +670,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDropFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:DropOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:DropOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleDropFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -699,9 +699,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleEditFauxDataPropertyDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:EditOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:EditOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleEditFauxDataPropertyValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRoleAttribute;
@@ -726,9 +726,9 @@
     access:dataSetValues :PublicDropFauxDataPropertyValueSet .
 
 :PublicDropFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 :EditorDropFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDropFauxDataPropertyDataSetKey ;
@@ -739,9 +739,9 @@
     access:dataSetValues :EditorDropFauxDataPropertyValueSet .
 
 :EditorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 :CuratorDropFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDropFauxDataPropertyDataSetKey ;
@@ -752,9 +752,9 @@
     access:dataSetValues :CuratorDropFauxDataPropertyValueSet .
 
 :CuratorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 :AdminDropFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDropFauxDataPropertyDataSetKey ;
@@ -765,9 +765,9 @@
     access:dataSetValues :AdminDropFauxDataPropertyValueSet .
 
 :AdminDropFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 ### Add faux data property data sets
 
@@ -780,9 +780,9 @@
     access:dataSetValues :PublicAddFauxDataPropertyValueSet .
 
 :PublicAddFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 :EditorAddFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorAddFauxDataPropertyDataSetKey ;
@@ -793,9 +793,9 @@
     access:dataSetValues :EditorAddFauxDataPropertyValueSet .
 
 :EditorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 :CuratorAddFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorAddFauxDataPropertyDataSetKey ;
@@ -806,9 +806,9 @@
     access:dataSetValues :CuratorAddFauxDataPropertyValueSet .
 
 :CuratorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 :AdminAddFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminAddFauxDataPropertyDataSetKey ;
@@ -819,9 +819,9 @@
     access:dataSetValues :AdminAddFauxDataPropertyValueSet .
 
 :AdminAddFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 ### Edit faux data property data sets
 
@@ -834,9 +834,9 @@
     access:dataSetValues :PublicEditFauxDataPropertyValueSet .
 
 :PublicEditFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :EditorEditFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorEditFauxDataPropertyDataSetKey ;
@@ -847,9 +847,9 @@
     access:dataSetValues :EditorEditFauxDataPropertyValueSet .
 
 :EditorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :CuratorEditFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorEditFauxDataPropertyDataSetKey ;
@@ -860,9 +860,9 @@
     access:dataSetValues :CuratorEditFauxDataPropertyValueSet .
 
 :CuratorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :AdminEditFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminEditFauxDataPropertyDataSetKey ;
@@ -873,9 +873,9 @@
     access:dataSetValues :AdminEditFauxDataPropertyValueSet .
 
 :AdminEditFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 ### Drop faux object property data sets
 
@@ -888,9 +888,9 @@
     access:dataSetValues :PublicDropFauxObjectPropertyValueSet .
 
 :PublicDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 :EditorDropFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDropFauxObjectPropertyDataSetKey ;
@@ -901,9 +901,9 @@
     access:dataSetValues :EditorDropFauxObjectPropertyValueSet .
 
 :EditorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 :CuratorDropFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDropFauxObjectPropertyDataSetKey ;
@@ -914,9 +914,9 @@
     access:dataSetValues :CuratorDropFauxObjectPropertyValueSet .
 
 :CuratorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 :AdminDropFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDropFauxObjectPropertyDataSetKey ;
@@ -927,9 +927,9 @@
     access:dataSetValues :AdminDropFauxObjectPropertyValueSet .
 
 :AdminDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 ### Add faux object property data sets
 
@@ -942,9 +942,9 @@
     access:dataSetValues :PublicAddFauxObjectPropertyValueSet .
 
 :PublicAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 :EditorAddFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorAddFauxObjectPropertyDataSetKey ;
@@ -955,9 +955,9 @@
     access:dataSetValues :EditorAddFauxObjectPropertyValueSet .
 
 :EditorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 :CuratorAddFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorAddFauxObjectPropertyDataSetKey ;
@@ -968,9 +968,9 @@
     access:dataSetValues :CuratorAddFauxObjectPropertyValueSet .
 
 :CuratorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 :AdminAddFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminAddFauxObjectPropertyDataSetKey ;
@@ -981,9 +981,9 @@
     access:dataSetValues :AdminAddFauxObjectPropertyValueSet .
 
 :AdminAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 ### Edit faux object property data sets
 
@@ -996,9 +996,9 @@
     access:dataSetValues :PublicEditFauxObjectPropertyValueSet .
 
 :PublicEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :EditorEditFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorEditFauxObjectPropertyDataSetKey ;
@@ -1009,9 +1009,9 @@
     access:dataSetValues :EditorEditFauxObjectPropertyValueSet .
 
 :EditorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :CuratorEditFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorEditFauxObjectPropertyDataSetKey ;
@@ -1022,9 +1022,9 @@
     access:dataSetValues :CuratorEditFauxObjectPropertyValueSet .
 
 :CuratorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :AdminEditFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminEditFauxObjectPropertyDataSetKey ;
@@ -1035,9 +1035,9 @@
     access:dataSetValues :AdminEditFauxObjectPropertyValueSet .
 
 :AdminEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 ### Drop data property data sets
 
@@ -1050,9 +1050,9 @@
     access:dataSetValues :PublicDropDataPropertyValueSet .
 
 :PublicDropDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 :EditorDropDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDropDataPropertyDataSetKey ;
@@ -1063,9 +1063,9 @@
     access:dataSetValues :EditorDropDataPropertyValueSet .
 
 :EditorDropDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 :CuratorDropDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDropDataPropertyDataSetKey ;
@@ -1076,9 +1076,9 @@
     access:dataSetValues :CuratorDropDataPropertyValueSet .
 
 :CuratorDropDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 :AdminDropDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDropDataPropertyDataSetKey ;
@@ -1089,9 +1089,9 @@
     access:dataSetValues :AdminDropDataPropertyValueSet .
 
 :AdminDropDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 ### Add data property data sets
 
@@ -1104,9 +1104,9 @@
     access:dataSetValues :PublicAddDataPropertyValueSet .
 
 :PublicAddDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 :EditorAddDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorAddDataPropertyDataSetKey ;
@@ -1117,9 +1117,9 @@
     access:dataSetValues :EditorAddDataPropertyValueSet .
 
 :EditorAddDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 :CuratorAddDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorAddDataPropertyDataSetKey ;
@@ -1130,9 +1130,9 @@
     access:dataSetValues :CuratorAddDataPropertyValueSet .
 
 :CuratorAddDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 :AdminAddDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminAddDataPropertyDataSetKey ;
@@ -1143,9 +1143,9 @@
     access:dataSetValues :AdminAddDataPropertyValueSet .
 
 :AdminAddDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 ### Edit data property data sets
 
@@ -1158,9 +1158,9 @@
     access:dataSetValues :PublicEditDataPropertyValueSet .
 
 :PublicEditDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :EditorEditDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorEditDataPropertyDataSetKey ;
@@ -1171,9 +1171,9 @@
     access:dataSetValues :EditorEditDataPropertyValueSet .
 
 :EditorEditDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :CuratorEditDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorEditDataPropertyDataSetKey ;
@@ -1184,9 +1184,9 @@
     access:dataSetValues :CuratorEditDataPropertyValueSet .
 
 :CuratorEditDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :AdminEditDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminEditDataPropertyDataSetKey ;
@@ -1197,9 +1197,9 @@
     access:dataSetValues :AdminEditDataPropertyValueSet .
 
 :AdminEditDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 ### Drop object property data sets
 
@@ -1212,9 +1212,9 @@
     access:dataSetValues :PublicDropObjectPropertyValueSet .
 
 :PublicDropObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 :EditorDropObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDropObjectPropertyDataSetKey ;
@@ -1225,9 +1225,9 @@
     access:dataSetValues :EditorDropObjectPropertyValueSet .
 
 :EditorDropObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 :CuratorDropObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDropObjectPropertyDataSetKey ;
@@ -1238,9 +1238,9 @@
     access:dataSetValues :CuratorDropObjectPropertyValueSet .
 
 :CuratorDropObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 :AdminDropObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDropObjectPropertyDataSetKey ;
@@ -1251,9 +1251,9 @@
     access:dataSetValues :AdminDropObjectPropertyValueSet .
 
 :AdminDropObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 ### Add object property data sets
 
@@ -1266,9 +1266,9 @@
     access:dataSetValues :PublicAddObjectPropertyValueSet .
 
 :PublicAddObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 :EditorAddObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorAddObjectPropertyDataSetKey ;
@@ -1279,9 +1279,9 @@
     access:dataSetValues :EditorAddObjectPropertyValueSet .
 
 :EditorAddObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 :CuratorAddObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorAddObjectPropertyDataSetKey ;
@@ -1292,9 +1292,9 @@
     access:dataSetValues :CuratorAddObjectPropertyValueSet .
 
 :CuratorAddObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 :AdminAddObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminAddObjectPropertyDataSetKey ;
@@ -1305,9 +1305,9 @@
     access:dataSetValues :AdminAddObjectPropertyValueSet .
 
 :AdminAddObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 ### Edit object property data sets
 
@@ -1320,9 +1320,9 @@
     access:dataSetValues :PublicEditObjectPropertyValueSet .
 
 :PublicEditObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :EditorEditObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorEditObjectPropertyDataSetKey ;
@@ -1333,9 +1333,9 @@
     access:dataSetValues :EditorEditObjectPropertyValueSet .
 
 :EditorEditObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :CuratorEditObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorEditObjectPropertyDataSetKey ;
@@ -1346,9 +1346,9 @@
     access:dataSetValues :CuratorEditObjectPropertyValueSet .
 
 :CuratorEditObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :AdminEditObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminEditObjectPropertyDataSetKey ;
@@ -1359,9 +1359,9 @@
     access:dataSetValues :AdminEditObjectPropertyValueSet .
 
 :AdminEditObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 
 ### Display object property data sets
@@ -1375,9 +1375,9 @@
     access:dataSetValues :PublicDisplayObjectPropertyValueSet .
 
 :PublicDisplayObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 :EditorDisplayObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDisplayObjectPropertyDataSetKey ;
@@ -1388,9 +1388,9 @@
     access:dataSetValues :EditorDisplayObjectPropertyValueSet .
 
 :EditorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 :CuratorDisplayObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDisplayObjectPropertyDataSetKey ;
@@ -1401,9 +1401,9 @@
     access:dataSetValues :CuratorDisplayObjectPropertyValueSet .
 
 :CuratorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 :AdminDisplayObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDisplayObjectPropertyDataSetKey ;
@@ -1414,9 +1414,9 @@
     access:dataSetValues :AdminDisplayObjectPropertyValueSet .
 
 :AdminDisplayObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Display data property data sets
 
@@ -1429,9 +1429,9 @@
     access:dataSetValues :PublicDisplayDataPropertyValueSet .
 
 :PublicDisplayDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 :EditorDisplayDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDisplayDataPropertyDataSetKey ;
@@ -1442,9 +1442,9 @@
     access:dataSetValues :EditorDisplayDataPropertyValueSet .
 
 :EditorDisplayDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 :CuratorDisplayDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDisplayDataPropertyDataSetKey ;
@@ -1455,9 +1455,9 @@
     access:dataSetValues :CuratorDisplayDataPropertyValueSet .
 
 :CuratorDisplayDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 :AdminDisplayDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDisplayDataPropertyDataSetKey ;
@@ -1468,9 +1468,9 @@
     access:dataSetValues :AdminDisplayDataPropertyValueSet .
 
 :AdminDisplayDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Display faux object property data sets
 
@@ -1483,9 +1483,9 @@
     access:dataSetValues :PublicDisplayFauxObjectPropertyValueSet .
 
 :PublicDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 :EditorDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDisplayFauxObjectPropertyDataSetKey ;
@@ -1496,9 +1496,9 @@
     access:dataSetValues :EditorDisplayFauxObjectPropertyValueSet .
 
 :EditorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 :CuratorDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDisplayFauxObjectPropertyDataSetKey ;
@@ -1509,9 +1509,9 @@
     access:dataSetValues :CuratorDisplayFauxObjectPropertyValueSet .
 
 :CuratorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 :AdminDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDisplayFauxObjectPropertyDataSetKey ;
@@ -1522,9 +1522,9 @@
     access:dataSetValues :AdminDisplayFauxObjectPropertyValueSet .
 
 :AdminDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Display faux data property data sets
 
@@ -1537,9 +1537,9 @@
     access:dataSetValues :PublicDisplayFauxDataPropertyValueSet .
 
 :PublicDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:PublicRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:PublicRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 :EditorDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDisplayFauxDataPropertyDataSetKey ;
@@ -1550,9 +1550,9 @@
     access:dataSetValues :EditorDisplayFauxDataPropertyValueSet .
 
 :EditorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 :CuratorDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDisplayFauxDataPropertyDataSetKey ;
@@ -1563,9 +1563,9 @@
     access:dataSetValues :CuratorDisplayFauxDataPropertyValueSet .
 
 :CuratorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 :AdminDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDisplayFauxDataPropertyDataSetKey ;
@@ -1576,9 +1576,9 @@
     access:dataSetValues :AdminDisplayFauxDataPropertyValueSet .
 
 :AdminDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Publish object property data sets
 
@@ -1591,9 +1591,9 @@
     access:dataSetValues :EditorPublishObjectPropertyValueSet .
 
 :EditorPublishObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 :CuratorPublishObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorPublishObjectPropertyDataSetKey ;
@@ -1604,9 +1604,9 @@
     access:dataSetValues :CuratorPublishObjectPropertyValueSet .
 
 :CuratorPublishObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 :AdminPublishObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminPublishObjectPropertyDataSetKey ;
@@ -1617,9 +1617,9 @@
     access:dataSetValues :AdminPublishObjectPropertyValueSet .
 
 :AdminPublishObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 ### Publish data property data sets
 
@@ -1632,9 +1632,9 @@
     access:dataSetValues :EditorPublishDataPropertyValueSet .
 
 :EditorPublishDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 :CuratorPublishDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorPublishDataPropertyDataSetKey ;
@@ -1645,9 +1645,9 @@
     access:dataSetValues :CuratorPublishDataPropertyValueSet .
 
 :CuratorPublishDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 :AdminPublishDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminPublishDataPropertyDataSetKey ;
@@ -1658,9 +1658,9 @@
     access:dataSetValues :AdminPublishDataPropertyValueSet .
 
 :AdminPublishDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 ### Publish faux object property data sets
 
@@ -1673,9 +1673,9 @@
     access:dataSetValues :EditorPublishFauxObjectPropertyValueSet .
 
 :EditorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 :CuratorPublishFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorPublishFauxObjectPropertyDataSetKey ;
@@ -1686,9 +1686,9 @@
     access:dataSetValues :CuratorPublishFauxObjectPropertyValueSet .
 
 :CuratorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 :AdminPublishFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminPublishFauxObjectPropertyDataSetKey ;
@@ -1699,9 +1699,9 @@
     access:dataSetValues :AdminPublishFauxObjectPropertyValueSet .
 
 :AdminPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 ### Publish faux data property data sets
 
@@ -1714,9 +1714,9 @@
     access:dataSetValues :EditorPublishFauxDataPropertyValueSet .
 
 :EditorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:EditorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:EditorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 :CuratorPublishFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorPublishFauxDataPropertyDataSetKey ;
@@ -1727,9 +1727,9 @@
     access:dataSetValues :CuratorPublishFauxDataPropertyValueSet .
 
 :CuratorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:CuratorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:CuratorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 :AdminPublishFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminPublishFauxDataPropertyDataSetKey ;
@@ -1740,9 +1740,9 @@
     access:dataSetValues :AdminPublishFauxDataPropertyValueSet .
 
 :AdminPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:AdminRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:AdminRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 :AllowMatchingProperty a access:Rule;
     access:requiresCheck :SubjectRoleEqualsDataSetRoleAttribute ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 9ff824e142..241b073dcc 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -30,9 +30,9 @@
     access:dataSetValues :SelfEditorDisplayObjectPropertyValueSet .
 
 :SelfEditorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Display data property data sets
 
@@ -45,9 +45,9 @@
     access:dataSetValues :SelfEditorDisplayDataPropertyValueSet .
 
 :SelfEditorDisplayDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Display faux object property data sets
 
@@ -60,9 +60,9 @@
     access:dataSetValues :SelfEditorDisplayFauxObjectPropertyValueSet .
 
 :SelfEditorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Display faux data property data sets
 
@@ -75,9 +75,9 @@
     access:dataSetValues :SelfEditorDisplayFauxDataPropertyValueSet .
 
 :SelfEditorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:DisplayOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:DisplayOperation .
 
 ### Publish object property data sets
 
@@ -90,9 +90,9 @@
     access:dataSetValues :SelfEditorPublishObjectPropertyValueSet .
 
 :SelfEditorPublishObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 ### Publish data property data sets
 
@@ -105,9 +105,9 @@
     access:dataSetValues :SelfEditorPublishDataPropertyValueSet .
 
 :SelfEditorPublishDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 ### Publish faux object property data sets
 
@@ -120,9 +120,9 @@
     access:dataSetValues :SelfEditorPublishFauxObjectPropertyValueSet .
 
 :SelfEditorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 ### Publish faux data property data sets
 
@@ -135,9 +135,9 @@
     access:dataSetValues :SelfEditorPublishFauxDataPropertyValueSet .
 
 :SelfEditorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:PublishOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:PublishOperation .
 
 :AllowMatchingProperty a access:Rule;
     access:requiresCheck :SubjectRoleCheck ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 93d9e47e5b..828da4515c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -28,9 +28,9 @@
     access:hasTemplateKeyComponent access-individual:SubjectRole .
 
 :RoleDataSetKeyTemplate a access:DataSetKeyTemplate ;
-    access:keyComponent access-individual:NamedObject ;
-    access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponentTemplate access-individual:SubjectRole .
+    access:hasKeyComponent access-individual:NamedObject ;
+    access:hasKeyComponent access-individual:ExecuteOperation ;
+    access:hasKeyComponentTemplate access-individual:SubjectRole .
 
 :RoleValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :SubjectRoleEqualsDataSetRole;
@@ -50,9 +50,9 @@
     access:dataSetValues :PublicSimplePermissionValueSet .
 
 :PublicDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:NamedObject ;
-    access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponent access-individual:PublicRoleUri .
+    access:hasKeyComponent access-individual:NamedObject ;
+    access:hasKeyComponent access-individual:ExecuteOperation ;
+    access:hasKeyComponent access-individual:PublicRoleUri .
 
 :SelfEditorDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorDataSetKey ;
@@ -60,9 +60,9 @@
     access:dataSetValues :SelfEditorSimplePermissionValueSet .
 
 :SelfEditorDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:NamedObject ;
-    access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponent access-individual:SelfEditorRoleUri .
+    access:hasKeyComponent access-individual:NamedObject ;
+    access:hasKeyComponent access-individual:ExecuteOperation ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri .
 
 :EditorDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDataSetKey ;
@@ -70,9 +70,9 @@
     access:dataSetValues :EditorSimplePermissionValueSet .
 
 :EditorDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:NamedObject ;
-    access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponent access-individual:EditorRoleUri .
+    access:hasKeyComponent access-individual:NamedObject ;
+    access:hasKeyComponent access-individual:ExecuteOperation ;
+    access:hasKeyComponent access-individual:EditorRoleUri .
 
 :CuratorDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDataSetKey ;
@@ -80,9 +80,9 @@
     access:dataSetValues :CuratorSimplePermissionValueSet .
 
 :CuratorDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:NamedObject ;
-    access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponent access-individual:CuratorRoleUri .
+    access:hasKeyComponent access-individual:NamedObject ;
+    access:hasKeyComponent access-individual:ExecuteOperation ;
+    access:hasKeyComponent access-individual:CuratorRoleUri .
 
 :AdminDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDataSetKey  ;
@@ -90,9 +90,9 @@
     access:dataSetValues :AdminSimplePermissionValueSet .
 
 :AdminDataSetKey  a access:DataSetKey ;
-    access:keyComponent access-individual:NamedObject ;
-    access:keyComponent access-individual:ExecuteOperation ;
-    access:keyComponent access-individual:AdminRoleUri .
+    access:hasKeyComponent access-individual:NamedObject ;
+    access:hasKeyComponent access-individual:ExecuteOperation ;
+    access:hasKeyComponent access-individual:AdminRoleUri .
 
 :AllowSimplePermission a access:Rule;
     access:requiresCheck :IsSimplePermission ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index e3b424cd4f..4d3e8f8b97 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -36,9 +36,9 @@
     access:dataSetValues :SelfEditorAddObjectPropertyValueSet .
 
 :SelfEditorAddObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 ### Add data property data sets
 
@@ -51,9 +51,9 @@
     access:dataSetValues :SelfEditorAddDataPropertyValueSet .
 
 :SelfEditorAddDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 ### Add faux object property data sets
 
@@ -66,9 +66,9 @@
     access:dataSetValues :SelfEditorAddFauxObjectPropertyValueSet .
 
 :SelfEditorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 ### Add faux data property data sets
 
@@ -81,9 +81,9 @@
     access:dataSetValues :SelfEditorAddFauxDataPropertyValueSet .
 
 :SelfEditorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:AddOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:AddOperation .
 
 ### Drop object property data sets
 
@@ -96,9 +96,9 @@
     access:dataSetValues :SelfEditorDropObjectPropertyValueSet .
 
 :SelfEditorDropObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 ### Drop data property data sets
 
@@ -111,9 +111,9 @@
     access:dataSetValues :SelfEditorDropDataPropertyValueSet .
 
 :SelfEditorDropDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 ### Drop faux object property data sets
 
@@ -126,9 +126,9 @@
     access:dataSetValues :SelfEditorDropFauxObjectPropertyValueSet .
 
 :SelfEditorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 ### Drop faux data property data sets
 
@@ -141,9 +141,9 @@
     access:dataSetValues :SelfEditorDropFauxDataPropertyValueSet .
 
 :SelfEditorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:DropOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:DropOperation .
 
 ### Edit object property data sets
 
@@ -156,9 +156,9 @@
     access:dataSetValues :SelfEditorEditObjectPropertyValueSet .
 
 :SelfEditorEditObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:ObjectProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:ObjectProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 ### Edit data property data sets
 
@@ -171,9 +171,9 @@
     access:dataSetValues :SelfEditorEditDataPropertyValueSet .
 
 :SelfEditorEditDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:DataProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:DataProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 ### Edit faux object property data sets
 
@@ -186,9 +186,9 @@
     access:dataSetValues :SelfEditorEditFauxObjectPropertyValueSet .
 
 :SelfEditorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxObjectProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:FauxObjectProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 ### Edit faux data property data sets
 
@@ -201,9 +201,9 @@
     access:dataSetValues :SelfEditorEditFauxDataPropertyValueSet .
 
 :SelfEditorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
-    access:keyComponent access-individual:FauxDataProperty ;
-    access:keyComponent access-individual:SelfEditorRoleUri ;
-    access:keyComponent access-individual:EditOperation .
+    access:hasKeyComponent access-individual:FauxDataProperty ;
+    access:hasKeyComponent access-individual:SelfEditorRoleUri ;
+    access:hasKeyComponent access-individual:EditOperation .
 
 :AllowMatchingProperty a access:Rule;
     access:requiresCheck :SubjectRoleCheck ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index c4bc374b48..19bcb4e39a 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -172,8 +172,8 @@
     rdfs:range :ValueSetTemplate .
 
 :hasTemplateKeyComponent a owl:ObjectProperty ;
-    rdfs:comment "Attribute to use as a template key";
-    rdfs:label "template key"@en-US ;
+    rdfs:comment "Specifies ttribute type to use as a template key";
+    rdfs:label "has template key component"@en-US ;
     rdfs:domain :DataSetTemplateKey ;
     rdfs:range :AttributeType .
 
@@ -219,14 +219,14 @@
     rdfs:domain :PolicyTemplate ;
     rdfs:range :DataSetTemplate .
 
-:keyComponentTemplate a owl:ObjectProperty ;
+:hasKeyComponentTemplate a owl:ObjectProperty ;
     rdfs:comment "Specify component of combined key";
     rdfs:domain :DataSetKeyTemplate ;
     rdfs:range :AttributeType ;
-    rdfs:label "key component"@en-US .
+    rdfs:label "has key component template"@en-US .
 
-:keyComponent a owl:ObjectProperty ;
+:hasKeyComponent a owl:ObjectProperty ;
     rdfs:comment "Specify component of combined key";
     rdfs:domain [ a owl:Class ; owl:unionOf ( :DataSetKeyTemplate :DataSetKey ) ] ;
     rdfs:range :AttributeValuePattern ;
-    rdfs:label "key component"@en-US .
+    rdfs:label "has key component"@en-US .

From 2354c250604a497a30de34f5f05a2db53f26c23f Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 11:19:27 +0100
Subject: [PATCH 132/148] renamed :dataSetValues to :hasRelatedValueSet

---
 .../webapp/auth/policy/PolicyLoader.java      |  16 +-
 .../auth/policy/PolicyTemplateController.java |  10 +-
 .../webapp/auth/rules/data_set_templates.n3   |   6 +-
 .../webapp/auth/rules/test_policy_broken5.n3  |   2 +-
 .../auth/rules/test_policy_broken_set.n3      |   4 +-
 .../auth/rules/test_policy_valid_set.n3       |   8 +-
 .../template_access_allowed_class.n3          | 124 +--
 .../template_access_allowed_property.n3       | 880 +++++++++---------
 ...emplate_access_related_allowed_property.n3 |  80 +-
 .../template_not_modifiable_statements.n3     |   4 +-
 .../firsttime/template_simple_permissions.n3  |  20 +-
 ...emplate_update_related_allowed_property.n3 | 120 +--
 .../vitro-access-control-ontology.n3          |   6 +-
 13 files changed, 640 insertions(+), 640 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 6718de2b7f..159db77aa3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -154,7 +154,7 @@ public class PolicyLoader {
             + "    OPTIONAL {\n"
             + "      ?check access:values ?attributeValue .\n"
             + "      ?attributeValue access:value ?value .\n"
-            + "      ?dataSet access:dataSetValues ?attributeValue .\n"
+            + "      ?dataSet access:hasRelatedValueSet ?attributeValue .\n"
             + "      OPTIONAL {\n"
             + "        ?attributeValue access:containsElementsOfType ?setElementsTypeUri .\n"
             + "        ?setElementsTypeUri access:id ?setElementsType ."
@@ -179,7 +179,7 @@ public class PolicyLoader {
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "  ?" + POLICY + " access:hasDataSet ?dataSet .\n"
             + "  ?dataSet access:hasDataSetKey ?dataSetKeyUri .\n"
-            + "  ?dataSet access:dataSetValues ?valueSet .\n"
+            + "  ?dataSet access:hasRelatedValueSet ?valueSet .\n"
             + "  ?valueSet access:containsElementsOfType ?setElementsType .\n"
             + "  ?setElementsType access:id ?setElementsId .\n"
             + "  OPTIONAL { ?valueSet access:value ?value .\n"
@@ -200,7 +200,7 @@ public class PolicyLoader {
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
             + "  ?dataSet access:hasDataSetKey ?dataSetKeyUri .\n"
             + "  ?" + POLICY + " access:hasDataSet ?dataSet . \n"
-            + "  ?dataSet access:dataSetValues ?valueSet . \n"
+            + "  ?dataSet access:hasRelatedValueSet ?valueSet . \n"
             + "  ?valueSet access:containsElementsOfType ?setElementsTypeUri . \n"
             + "  ?setElementsTypeUri access:id ?setElementsType . \n";
 
@@ -270,7 +270,7 @@ public class PolicyLoader {
             + "SELECT ?valueSet \n"
             + "WHERE {\n"
             + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
-            + "    ?dataSetTemplate access:dataSetValues ?valueSet .\n"
+            + "    ?dataSetTemplate access:hasRelatedValueSet ?valueSet .\n"
             + "  }\n"
             + "}\n";
 
@@ -561,8 +561,8 @@ private static String getPolicyDataSetValueStatementByKeyQuery(String entityUri,
         }
         int i = 0;
         for (String id : ids) {
-            query.append(String.format("  ?dataSetKeyUri access:hasKeyComponent ?uri%d . ?uri%d access:id \"%s\" . \n", i,
-                    i, id));
+            query.append(String.format("  ?dataSetKeyUri access:hasKeyComponent ?uri%d . ?uri%d access:id \"%s\" . \n",
+                    i, i, id));
             i++;
         }
         query.append(policyStatementByKeyTemplateSuffix);
@@ -576,8 +576,8 @@ private static String getDataSetByKeyQuery(String[] uris, String[] ids) {
         }
         int i = 0;
         for (String id : ids) {
-            query.append(String.format("  ?dataSetKeyUri access:hasKeyComponent ?uri%d .\n  ?uri%d access:id \"%s\" . \n",
-                    i, i, id));
+            query.append(String.format(
+                    "  ?dataSetKeyUri access:hasKeyComponent ?uri%d .\n  ?uri%d access:id \"%s\" . \n", i, i, id));
             i++;
         }
         query.append(policyKeyTemplateSuffix);
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
index 1336e08852..9218ceaec1 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -3,7 +3,6 @@
 import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.AUTH_VOCABULARY_PREFIX;
 import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.RDF_TYPE;
 
-
 import java.util.List;
 import java.util.Map;
 
@@ -18,7 +17,8 @@ public class PolicyTemplateController {
     private static final Log log = LogFactory.getLog(PolicyTemplateController.class);
     public static void createRoleDataSets(String roleUri) {
 
-        // Execute sparql query to get all data set templates that have ao:hasTemplateKeyComponent access-individual:SubjectRole .
+        // Execute sparql query to get all data set templates that have ao:hasTemplateKeyComponent
+        // access-individual:SubjectRole .
         Map<String, String> templates = PolicyLoader.getInstance().getRoleDataSetTemplates();
         for (String templateUri : templates.keySet()) {
             createRoleDataSet(templateUri, roleUri, templates.get(templateUri));
@@ -72,9 +72,9 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
 
         List<String> valueSetUris = policyLoader.getDataSetValuesFromTemplate(dataSetTemplateUri);
         for (String valueSetUri : valueSetUris) {
-            // Add ?dataSetUri ao:dataSetValues ?valueSetUri .
+            // Add ?dataSetUri ao:hasRelatedValueSet ?valueSetUri .
             dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
-                    dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "dataSetValues"),
+                    dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "hasRelatedValueSet"),
                     dataSetModel.createResource(valueSetUri)));
         }
 
@@ -83,7 +83,7 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
         for (String valueSetTemplateUri : valueSetTemplateUris) {
             String valueSetUri = getUriFromTemplate(valueSetTemplateUri, role);
             dataSetModel.add(new StatementImpl(dataSetModel.createResource(dataSetUri),
-                    dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "dataSetValues"),
+                    dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "hasRelatedValueSet"),
                     dataSetModel.createResource(valueSetUri)));
 
             policyLoader.constructValueSet(valueSetTemplateUri, valueSetUri, roleUri, dataSetModel);
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
index c9d6607df9..453d324ce2 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/data_set_templates.n3
@@ -21,7 +21,7 @@
 :RoleDataSetTemplate1 a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDataSetTemplateKey1 ;
     access:hasDataSetKeyTemplate :RoleDataSetKeyTemplate1 ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
     access:dataSetValueTemplate :RoleValueSetTemplate1 ;
     access:dataSetValueTemplate :RolePermissionValueSetTemplate1 .  
 
@@ -67,8 +67,8 @@
 
 :PublicDataSet a access:DataSet ;
     access:hasDataSetKey :PublicDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:PublicSimplePermissionValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:PublicSimplePermissionValueSet .
 
 :PublicDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:NamedObject ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index 894d3e443b..e3817335b7 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -27,7 +27,7 @@ access-individual:BrokenAttribute2 rdf:type access:Check ;
     access:setValue access-individual:valueSet2 .
 
 access-individual:testDataSet1 rdf:type access:DataSet ;
-    access:dataSetValues access-individual:valueSet1 .
+    access:hasRelatedValueSet access-individual:valueSet1 .
 
 access-individual:valueSet1 rdf:type access:ValueSet ;
     access:value <test:value1> ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index bab49392bf..a8f09ef315 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -30,10 +30,10 @@ access-individual:BrokenSetAttribute2 rdf:type access:Check ;
     .
 
 access-individual:testDataSet1 rdf:type access:DataSet ;
-    access:dataSetValues access-individual:valueSet1 .
+    access:hasRelatedValueSet access-individual:valueSet1 .
 
 access-individual:testDataSet2 rdf:type access:DataSet ;
-    access:dataSetValues access-individual:valueSet2 .
+    access:hasRelatedValueSet access-individual:valueSet2 .
 
 access-individual:valueSet1 rdf:type access:ValueSet ;
     access:value <test:value1> ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index aa438a3b84..dd5f016c9f 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -32,12 +32,12 @@ access-individual:ValidAttribute2 rdf:type access:Check ;
     .
 
 access-individual:testDataSet1 rdf:type access:DataSet ;
-    access:dataSetValues access-individual:valueSet2 ;
-    access:dataSetValues access-individual:valueSet1 .
+    access:hasRelatedValueSet access-individual:valueSet2 ;
+    access:hasRelatedValueSet access-individual:valueSet1 .
     
 access-individual:testDataSet2 rdf:type access:DataSet ;
-    access:dataSetValues access-individual:valueSet3 ;
-    access:dataSetValues access-individual:valueSet4 .
+    access:hasRelatedValueSet access-individual:valueSet3 ;
+    access:hasRelatedValueSet access-individual:valueSet4 .
 
 access-individual:valueSet1 rdf:type access:ValueSet ;
     access:value <test:value1> ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index d40e1c018e..225a318c80 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -35,8 +35,8 @@
 :RoleDisplayClassDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDisplayClassDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleDisplayClassDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
     access:dataSetValueTemplate :RoleDisplayClassRoleValueSetTemplate ;
     access:dataSetValueTemplate :RoleDisplayClassValueSetTemplate .  
 
@@ -62,8 +62,8 @@
 :RoleUpdateClassDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleUpdateClassDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleUpdateClassDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:UpdateOperationValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:UpdateOperationValueSet ;
     access:dataSetValueTemplate :RoleUpdateClassRoleValueSetTemplate ;
     access:dataSetValueTemplate :RoleUpdateClassValueSetTemplate .  
 
@@ -89,8 +89,8 @@
 :RolePublishClassDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RolePublishClassDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RolePublishClassDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
     access:dataSetValueTemplate :RolePublishClassRoleValueSetTemplate ;
     access:dataSetValueTemplate :RolePublishClassValueSetTemplate .  
 
@@ -115,10 +115,10 @@
 
 :PublicDisplayClassDataSet a access:DataSet ;
     access:hasDataSetKey :PublicDisplayClassDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :PublicDisplayClassValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :PublicDisplayClassValueSet .
 
 :PublicDisplayClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -129,10 +129,10 @@
 
 :SelfEditorDisplayClassDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorDisplayClassDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :SelfEditorDisplayClassValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorDisplayClassValueSet .
 
 :SelfEditorDisplayClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -143,10 +143,10 @@
 
 :EditorDisplayClassDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDisplayClassDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :EditorDisplayClassValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :EditorDisplayClassValueSet .
 
 :EditorDisplayClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -157,10 +157,10 @@
 
 :CuratorDisplayClassDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDisplayClassDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :CuratorDisplayClassValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :CuratorDisplayClassValueSet .
 
 :CuratorDisplayClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -171,10 +171,10 @@
 
 :AdminDisplayClassDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDisplayClassDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :AdminDisplayClassValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :AdminDisplayClassValueSet .
 
 :AdminDisplayClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -185,10 +185,10 @@
 
 :PublicUpdateClassDataSet a access:DataSet ;
     access:hasDataSetKey :PublicUpdateClassDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:UpdateOperationValueSet ;
-    access:dataSetValues :PublicUpdateClassValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:UpdateOperationValueSet ;
+    access:hasRelatedValueSet :PublicUpdateClassValueSet .
 
 :PublicUpdateClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -199,10 +199,10 @@
 
 :SelfEditorUpdateClassDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorUpdateClassDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:UpdateOperationValueSet ;
-    access:dataSetValues :SelfEditorUpdateClassValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:UpdateOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorUpdateClassValueSet .
 
 :SelfEditorUpdateClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -213,10 +213,10 @@
 
 :EditorUpdateClassDataSet a access:DataSet ;
     access:hasDataSetKey :EditorUpdateClassDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:UpdateOperationValueSet ;
-    access:dataSetValues :EditorUpdateClassValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:UpdateOperationValueSet ;
+    access:hasRelatedValueSet :EditorUpdateClassValueSet .
 
 :EditorUpdateClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -227,10 +227,10 @@
 
 :CuratorUpdateClassDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorUpdateClassDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:UpdateOperationValueSet ;
-    access:dataSetValues :CuratorUpdateClassValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:UpdateOperationValueSet ;
+    access:hasRelatedValueSet :CuratorUpdateClassValueSet .
 
 :CuratorUpdateClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -241,10 +241,10 @@
 
 :AdminUpdateClassDataSet a access:DataSet ;
     access:hasDataSetKey :AdminUpdateClassDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:UpdateOperationValueSet ;
-    access:dataSetValues :AdminUpdateClassValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:UpdateOperationValueSet ;
+    access:hasRelatedValueSet :AdminUpdateClassValueSet .
 
 :AdminUpdateClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -255,10 +255,10 @@
 
 :SelfEditorPublishClassDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorPublishClassDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :SelfEditorPublishClassValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorPublishClassValueSet .
 
 :SelfEditorPublishClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -269,10 +269,10 @@
 
 :EditorPublishClassDataSet a access:DataSet ;
     access:hasDataSetKey :EditorPublishClassDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :EditorPublishClassValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :EditorPublishClassValueSet .
 
 :EditorPublishClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -283,10 +283,10 @@
 
 :CuratorPublishClassDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorPublishClassDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :CuratorPublishClassValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :CuratorPublishClassValueSet .
 
 :CuratorPublishClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
@@ -297,10 +297,10 @@
 
 :AdminPublishClassDataSet a access:DataSet ;
     access:hasDataSetKey :AdminPublishClassDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:ClassValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :AdminPublishClassValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ClassValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :AdminPublishClassValueSet .
 
 :AdminPublishClassDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:Class ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index f58abd2640..dd0cf4ab2a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -138,9 +138,9 @@
 :RoleDisplayObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDisplayObjectPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleDisplayObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
     access:dataSetValueTemplate :RoleDisplayObjectPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleDisplayObjectPropertyEntityValueSetTemplate .  
 
@@ -167,9 +167,9 @@
 :RolePublishObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RolePublishObjectPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RolePublishObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
     access:dataSetValueTemplate :RolePublishObjectPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RolePublishObjectPropertyEntityValueSetTemplate .  
 
@@ -196,9 +196,9 @@
 :RoleAddObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleAddObjectPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleAddObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
     access:dataSetValueTemplate :RoleAddObjectPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleAddObjectPropertyEntityValueSetTemplate .  
 
@@ -225,9 +225,9 @@
 :RoleDropObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDropObjectPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleDropObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
     access:dataSetValueTemplate :RoleDropObjectPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleDropObjectPropertyEntityValueSetTemplate .  
 
@@ -254,9 +254,9 @@
 :RoleEditObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleEditObjectPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleEditObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
     access:dataSetValueTemplate :RoleEditObjectPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleEditObjectPropertyEntityValueSetTemplate .  
 
@@ -283,9 +283,9 @@
 :RoleDisplayDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDisplayDataPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleDisplayDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
     access:dataSetValueTemplate :RoleDisplayDataPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleDisplayDataPropertyEntityValueSetTemplate .  
 
@@ -312,9 +312,9 @@
 :RolePublishDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RolePublishDataPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RolePublishDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
     access:dataSetValueTemplate :RolePublishDataPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RolePublishDataPropertyEntityValueSetTemplate .  
 
@@ -341,9 +341,9 @@
 :RoleAddDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleAddDataPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleAddDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
     access:dataSetValueTemplate :RoleAddDataPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleAddDataPropertyEntityValueSetTemplate .  
 
@@ -370,9 +370,9 @@
 :RoleDropDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDropDataPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleDropDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
     access:dataSetValueTemplate :RoleDropDataPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleDropDataPropertyEntityValueSetTemplate .  
 
@@ -399,9 +399,9 @@
 :RoleEditDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleEditDataPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleEditDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
     access:dataSetValueTemplate :RoleEditDataPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleEditDataPropertyEntityValueSetTemplate .  
 
@@ -428,9 +428,9 @@
 :RoleDisplayFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDisplayFauxObjectPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleDisplayFauxObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
     access:dataSetValueTemplate :RoleDisplayFauxObjectPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleDisplayFauxObjectPropertyEntityValueSetTemplate .  
 
@@ -457,9 +457,9 @@
 :RolePublishFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RolePublishFauxObjectPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RolePublishFauxObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
     access:dataSetValueTemplate :RolePublishFauxObjectPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RolePublishFauxObjectPropertyEntityValueSetTemplate .  
 
@@ -486,9 +486,9 @@
 :RoleAddFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleAddFauxObjectPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleAddFauxObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
     access:dataSetValueTemplate :RoleAddFauxObjectPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleAddFauxObjectPropertyEntityValueSetTemplate .  
 
@@ -515,9 +515,9 @@
 :RoleDropFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDropFauxObjectPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleDropFauxObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
     access:dataSetValueTemplate :RoleDropFauxObjectPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleDropFauxObjectPropertyEntityValueSetTemplate .  
 
@@ -544,9 +544,9 @@
 :RoleEditFauxObjectPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleEditFauxObjectPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleEditFauxObjectPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
     access:dataSetValueTemplate :RoleEditFauxObjectPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleEditFauxObjectPropertyEntityValueSetTemplate .  
 
@@ -573,9 +573,9 @@
 :RoleDisplayFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDisplayFauxDataPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleDisplayFauxDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
     access:dataSetValueTemplate :RoleDisplayFauxDataPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleDisplayFauxDataPropertyEntityValueSetTemplate .  
 
@@ -602,9 +602,9 @@
 :RolePublishFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RolePublishFauxDataPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RolePublishFauxDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
     access:dataSetValueTemplate :RolePublishFauxDataPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RolePublishFauxDataPropertyEntityValueSetTemplate .  
 
@@ -631,9 +631,9 @@
 :RoleAddFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleAddFauxDataPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleAddFauxDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
     access:dataSetValueTemplate :RoleAddFauxDataPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleAddFauxDataPropertyEntityValueSetTemplate .  
 
@@ -660,9 +660,9 @@
 :RoleDropFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleDropFauxDataPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleDropFauxDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
     access:dataSetValueTemplate :RoleDropFauxDataPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleDropFauxDataPropertyEntityValueSetTemplate .  
 
@@ -689,9 +689,9 @@
 :RoleEditFauxDataPropertyDataSetTemplate a access:DataSetTemplate ;
     access:hasDataSetTemplateKey :RoleEditFauxDataPropertyDataSetTemplateKey ;
     access:hasDataSetKeyTemplate :RoleEditFauxDataPropertyDataSetKeyTemplate ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
     access:dataSetValueTemplate :RoleEditFauxDataPropertyValueSetTemplate ;
     access:dataSetValueTemplate :RoleEditFauxDataPropertyEntityValueSetTemplate .  
 
@@ -719,11 +719,11 @@
 
 :PublicDropFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicDropFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :PublicDropFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :PublicDropFauxDataPropertyValueSet .
 
 :PublicDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -732,11 +732,11 @@
 
 :EditorDropFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDropFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :EditorDropFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :EditorDropFauxDataPropertyValueSet .
 
 :EditorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -745,11 +745,11 @@
 
 :CuratorDropFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDropFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :CuratorDropFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :CuratorDropFauxDataPropertyValueSet .
 
 :CuratorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -758,11 +758,11 @@
 
 :AdminDropFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDropFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :AdminDropFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :AdminDropFauxDataPropertyValueSet .
 
 :AdminDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -773,11 +773,11 @@
 
 :PublicAddFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicAddFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :PublicAddFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :PublicAddFauxDataPropertyValueSet .
 
 :PublicAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -786,11 +786,11 @@
 
 :EditorAddFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorAddFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :EditorAddFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :EditorAddFauxDataPropertyValueSet .
 
 :EditorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -799,11 +799,11 @@
 
 :CuratorAddFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorAddFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :CuratorAddFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :CuratorAddFauxDataPropertyValueSet .
 
 :CuratorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -812,11 +812,11 @@
 
 :AdminAddFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminAddFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :AdminAddFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :AdminAddFauxDataPropertyValueSet .
 
 :AdminAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -827,11 +827,11 @@
 
 :PublicEditFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicEditFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :PublicEditFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :PublicEditFauxDataPropertyValueSet .
 
 :PublicEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -840,11 +840,11 @@
 
 :EditorEditFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorEditFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :EditorEditFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :EditorEditFauxDataPropertyValueSet .
 
 :EditorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -853,11 +853,11 @@
 
 :CuratorEditFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorEditFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :CuratorEditFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :CuratorEditFauxDataPropertyValueSet .
 
 :CuratorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -866,11 +866,11 @@
 
 :AdminEditFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminEditFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :AdminEditFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :AdminEditFauxDataPropertyValueSet .
 
 :AdminEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -881,11 +881,11 @@
 
 :PublicDropFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicDropFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :PublicDropFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :PublicDropFauxObjectPropertyValueSet .
 
 :PublicDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -894,11 +894,11 @@
 
 :EditorDropFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDropFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :EditorDropFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :EditorDropFauxObjectPropertyValueSet .
 
 :EditorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -907,11 +907,11 @@
 
 :CuratorDropFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDropFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :CuratorDropFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :CuratorDropFauxObjectPropertyValueSet .
 
 :CuratorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -920,11 +920,11 @@
 
 :AdminDropFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDropFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :AdminDropFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :AdminDropFauxObjectPropertyValueSet .
 
 :AdminDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -935,11 +935,11 @@
 
 :PublicAddFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicAddFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :PublicAddFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :PublicAddFauxObjectPropertyValueSet .
 
 :PublicAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -948,11 +948,11 @@
 
 :EditorAddFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorAddFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :EditorAddFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :EditorAddFauxObjectPropertyValueSet .
 
 :EditorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -961,11 +961,11 @@
 
 :CuratorAddFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorAddFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :CuratorAddFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :CuratorAddFauxObjectPropertyValueSet .
 
 :CuratorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -974,11 +974,11 @@
 
 :AdminAddFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminAddFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :AdminAddFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :AdminAddFauxObjectPropertyValueSet .
 
 :AdminAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -989,11 +989,11 @@
 
 :PublicEditFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicEditFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :PublicEditFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :PublicEditFauxObjectPropertyValueSet .
 
 :PublicEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -1002,11 +1002,11 @@
 
 :EditorEditFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorEditFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :EditorEditFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :EditorEditFauxObjectPropertyValueSet .
 
 :EditorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -1015,11 +1015,11 @@
 
 :CuratorEditFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorEditFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :CuratorEditFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :CuratorEditFauxObjectPropertyValueSet .
 
 :CuratorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -1028,11 +1028,11 @@
 
 :AdminEditFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminEditFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :AdminEditFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :AdminEditFauxObjectPropertyValueSet .
 
 :AdminEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -1043,11 +1043,11 @@
 
 :PublicDropDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicDropDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :PublicDropDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :PublicDropDataPropertyValueSet .
 
 :PublicDropDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1056,11 +1056,11 @@
 
 :EditorDropDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDropDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :EditorDropDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :EditorDropDataPropertyValueSet .
 
 :EditorDropDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1069,11 +1069,11 @@
 
 :CuratorDropDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDropDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :CuratorDropDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :CuratorDropDataPropertyValueSet .
 
 :CuratorDropDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1082,11 +1082,11 @@
 
 :AdminDropDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDropDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :AdminDropDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :AdminDropDataPropertyValueSet .
 
 :AdminDropDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1097,11 +1097,11 @@
 
 :PublicAddDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicAddDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :PublicAddDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :PublicAddDataPropertyValueSet .
 
 :PublicAddDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1110,11 +1110,11 @@
 
 :EditorAddDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorAddDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :EditorAddDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :EditorAddDataPropertyValueSet .
 
 :EditorAddDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1123,11 +1123,11 @@
 
 :CuratorAddDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorAddDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :CuratorAddDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :CuratorAddDataPropertyValueSet .
 
 :CuratorAddDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1136,11 +1136,11 @@
 
 :AdminAddDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminAddDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :AdminAddDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :AdminAddDataPropertyValueSet .
 
 :AdminAddDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1151,11 +1151,11 @@
 
 :PublicEditDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicEditDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :PublicEditDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :PublicEditDataPropertyValueSet .
 
 :PublicEditDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1164,11 +1164,11 @@
 
 :EditorEditDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorEditDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :EditorEditDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :EditorEditDataPropertyValueSet .
 
 :EditorEditDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1177,11 +1177,11 @@
 
 :CuratorEditDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorEditDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :CuratorEditDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :CuratorEditDataPropertyValueSet .
 
 :CuratorEditDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1190,11 +1190,11 @@
 
 :AdminEditDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminEditDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :AdminEditDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :AdminEditDataPropertyValueSet .
 
 :AdminEditDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1205,11 +1205,11 @@
 
 :PublicDropObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicDropObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :PublicDropObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :PublicDropObjectPropertyValueSet .
 
 :PublicDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1218,11 +1218,11 @@
 
 :EditorDropObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDropObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :EditorDropObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :EditorDropObjectPropertyValueSet .
 
 :EditorDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1231,11 +1231,11 @@
 
 :CuratorDropObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDropObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :CuratorDropObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :CuratorDropObjectPropertyValueSet .
 
 :CuratorDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1244,11 +1244,11 @@
 
 :AdminDropObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDropObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :AdminDropObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :AdminDropObjectPropertyValueSet .
 
 :AdminDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1259,11 +1259,11 @@
 
 :PublicAddObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicAddObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :PublicAddObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :PublicAddObjectPropertyValueSet .
 
 :PublicAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1272,11 +1272,11 @@
 
 :EditorAddObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorAddObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :EditorAddObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :EditorAddObjectPropertyValueSet .
 
 :EditorAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1285,11 +1285,11 @@
 
 :CuratorAddObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorAddObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :CuratorAddObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :CuratorAddObjectPropertyValueSet .
 
 :CuratorAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1298,11 +1298,11 @@
 
 :AdminAddObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminAddObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :AdminAddObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :AdminAddObjectPropertyValueSet .
 
 :AdminAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1313,11 +1313,11 @@
 
 :PublicEditObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicEditObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :PublicEditObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :PublicEditObjectPropertyValueSet .
 
 :PublicEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1326,11 +1326,11 @@
 
 :EditorEditObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorEditObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :EditorEditObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :EditorEditObjectPropertyValueSet .
 
 :EditorEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1339,11 +1339,11 @@
 
 :CuratorEditObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorEditObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :CuratorEditObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :CuratorEditObjectPropertyValueSet .
 
 :CuratorEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1352,11 +1352,11 @@
 
 :AdminEditObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminEditObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :AdminEditObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :AdminEditObjectPropertyValueSet .
 
 :AdminEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1368,11 +1368,11 @@
 
 :PublicDisplayObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicDisplayObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :PublicDisplayObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :PublicDisplayObjectPropertyValueSet .
 
 :PublicDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1381,11 +1381,11 @@
 
 :EditorDisplayObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDisplayObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :EditorDisplayObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :EditorDisplayObjectPropertyValueSet .
 
 :EditorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1394,11 +1394,11 @@
 
 :CuratorDisplayObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDisplayObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :CuratorDisplayObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :CuratorDisplayObjectPropertyValueSet .
 
 :CuratorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1407,11 +1407,11 @@
 
 :AdminDisplayObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDisplayObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :AdminDisplayObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :AdminDisplayObjectPropertyValueSet .
 
 :AdminDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1422,11 +1422,11 @@
 
 :PublicDisplayDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicDisplayDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :PublicDisplayDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :PublicDisplayDataPropertyValueSet .
 
 :PublicDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1435,11 +1435,11 @@
 
 :EditorDisplayDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDisplayDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :EditorDisplayDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :EditorDisplayDataPropertyValueSet .
 
 :EditorDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1448,11 +1448,11 @@
 
 :CuratorDisplayDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDisplayDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :CuratorDisplayDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :CuratorDisplayDataPropertyValueSet .
 
 :CuratorDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1461,11 +1461,11 @@
 
 :AdminDisplayDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDisplayDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :AdminDisplayDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :AdminDisplayDataPropertyValueSet .
 
 :AdminDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1476,11 +1476,11 @@
 
 :PublicDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicDisplayFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :PublicDisplayFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :PublicDisplayFauxObjectPropertyValueSet .
 
 :PublicDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -1489,11 +1489,11 @@
 
 :EditorDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDisplayFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :EditorDisplayFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :EditorDisplayFauxObjectPropertyValueSet .
 
 :EditorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -1502,11 +1502,11 @@
 
 :CuratorDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDisplayFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :CuratorDisplayFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :CuratorDisplayFauxObjectPropertyValueSet .
 
 :CuratorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -1515,11 +1515,11 @@
 
 :AdminDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDisplayFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :AdminDisplayFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :AdminDisplayFauxObjectPropertyValueSet .
 
 :AdminDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -1530,11 +1530,11 @@
 
 :PublicDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :PublicDisplayFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :PublicDisplayFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :PublicDisplayFauxDataPropertyValueSet .
 
 :PublicDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -1543,11 +1543,11 @@
 
 :EditorDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDisplayFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :EditorDisplayFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :EditorDisplayFauxDataPropertyValueSet .
 
 :EditorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -1556,11 +1556,11 @@
 
 :CuratorDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDisplayFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :CuratorDisplayFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :CuratorDisplayFauxDataPropertyValueSet .
 
 :CuratorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -1569,11 +1569,11 @@
 
 :AdminDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDisplayFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :AdminDisplayFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :AdminDisplayFauxDataPropertyValueSet .
 
 :AdminDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -1584,11 +1584,11 @@
 
 :EditorPublishObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorPublishObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :EditorPublishObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :EditorPublishObjectPropertyValueSet .
 
 :EditorPublishObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1597,11 +1597,11 @@
 
 :CuratorPublishObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorPublishObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :CuratorPublishObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :CuratorPublishObjectPropertyValueSet .
 
 :CuratorPublishObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1610,11 +1610,11 @@
 
 :AdminPublishObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminPublishObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :AdminPublishObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :AdminPublishObjectPropertyValueSet .
 
 :AdminPublishObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -1625,11 +1625,11 @@
 
 :EditorPublishDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorPublishDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :EditorPublishDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :EditorPublishDataPropertyValueSet .
 
 :EditorPublishDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1638,11 +1638,11 @@
 
 :CuratorPublishDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorPublishDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :CuratorPublishDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :CuratorPublishDataPropertyValueSet .
 
 :CuratorPublishDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1651,11 +1651,11 @@
 
 :AdminPublishDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminPublishDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :AdminPublishDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :AdminPublishDataPropertyValueSet .
 
 :AdminPublishDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -1666,11 +1666,11 @@
 
 :EditorPublishFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorPublishFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :EditorPublishFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :EditorPublishFauxObjectPropertyValueSet .
 
 :EditorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -1679,11 +1679,11 @@
 
 :CuratorPublishFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorPublishFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :CuratorPublishFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :CuratorPublishFauxObjectPropertyValueSet .
 
 :CuratorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -1692,11 +1692,11 @@
 
 :AdminPublishFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminPublishFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :AdminPublishFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :AdminPublishFauxObjectPropertyValueSet .
 
 :AdminPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -1707,11 +1707,11 @@
 
 :EditorPublishFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :EditorPublishFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :EditorPublishFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :EditorPublishFauxDataPropertyValueSet .
 
 :EditorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -1720,11 +1720,11 @@
 
 :CuratorPublishFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorPublishFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :CuratorPublishFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :CuratorPublishFauxDataPropertyValueSet .
 
 :CuratorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -1733,11 +1733,11 @@
 
 :AdminPublishFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :AdminPublishFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :AdminPublishFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :AdminPublishFauxDataPropertyValueSet .
 
 :AdminPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 241b073dcc..2446aac9ac 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -23,11 +23,11 @@
 
 :SelfEditorDisplayObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorDisplayObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :SelfEditorDisplayObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorDisplayObjectPropertyValueSet .
 
 :SelfEditorDisplayObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -38,11 +38,11 @@
 
 :SelfEditorDisplayDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorDisplayDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :SelfEditorDisplayDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorDisplayDataPropertyValueSet .
 
 :SelfEditorDisplayDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -53,11 +53,11 @@
 
 :SelfEditorDisplayFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorDisplayFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :SelfEditorDisplayFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorDisplayFauxObjectPropertyValueSet .
 
 :SelfEditorDisplayFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -68,11 +68,11 @@
 
 :SelfEditorDisplayFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorDisplayFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DisplayOperationValueSet ;
-    access:dataSetValues :SelfEditorDisplayFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DisplayOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorDisplayFauxDataPropertyValueSet .
 
 :SelfEditorDisplayFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -83,11 +83,11 @@
 
 :SelfEditorPublishObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorPublishObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :SelfEditorPublishObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorPublishObjectPropertyValueSet .
 
 :SelfEditorPublishObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -98,11 +98,11 @@
 
 :SelfEditorPublishDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorPublishDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :SelfEditorPublishDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorPublishDataPropertyValueSet .
 
 :SelfEditorPublishDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -113,11 +113,11 @@
 
 :SelfEditorPublishFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorPublishFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :SelfEditorPublishFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorPublishFauxObjectPropertyValueSet .
 
 :SelfEditorPublishFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -128,11 +128,11 @@
 
 :SelfEditorPublishFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorPublishFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:PublishOperationValueSet ;
-    access:dataSetValues :SelfEditorPublishFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:PublishOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorPublishFauxDataPropertyValueSet .
 
 :SelfEditorPublishFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index 9fa52cbeb8..555ce61bcf 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -86,8 +86,8 @@
     access:values :ProhibitedNamespaceExceptionsValueSet .
 
 :NotModifiableStatementsPolicyDataSet a access:DataSet ;
-    access:dataSetValues :ProhibitedNamespaceExceptionsValueSet ;
-    access:dataSetValues :ProhibitedNamespaceValueSet .
+    access:hasRelatedValueSet :ProhibitedNamespaceExceptionsValueSet ;
+    access:hasRelatedValueSet :ProhibitedNamespaceValueSet .
 
 :ProhibitedNamespaceExceptionsValueSet a access:ValueSet ;
     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 828da4515c..7d85588e6c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -46,8 +46,8 @@
 
 :PublicDataSet a access:DataSet ;
     access:hasDataSetKey :PublicDataSetKey ;
-    access:dataSetValues access-individual:PublicRoleValueSet ;
-    access:dataSetValues :PublicSimplePermissionValueSet .
+    access:hasRelatedValueSet access-individual:PublicRoleValueSet ;
+    access:hasRelatedValueSet :PublicSimplePermissionValueSet .
 
 :PublicDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:NamedObject ;
@@ -56,8 +56,8 @@
 
 :SelfEditorDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues :SelfEditorSimplePermissionValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet :SelfEditorSimplePermissionValueSet .
 
 :SelfEditorDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:NamedObject ;
@@ -66,8 +66,8 @@
 
 :EditorDataSet a access:DataSet ;
     access:hasDataSetKey :EditorDataSetKey ;
-    access:dataSetValues access-individual:EditorRoleValueSet ;
-    access:dataSetValues :EditorSimplePermissionValueSet .
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet ;
+    access:hasRelatedValueSet :EditorSimplePermissionValueSet .
 
 :EditorDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:NamedObject ;
@@ -76,8 +76,8 @@
 
 :CuratorDataSet a access:DataSet ;
     access:hasDataSetKey :CuratorDataSetKey ;
-    access:dataSetValues access-individual:CuratorRoleValueSet ;
-    access:dataSetValues :CuratorSimplePermissionValueSet .
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet ;
+    access:hasRelatedValueSet :CuratorSimplePermissionValueSet .
 
 :CuratorDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:NamedObject ;
@@ -86,8 +86,8 @@
 
 :AdminDataSet a access:DataSet ;
     access:hasDataSetKey :AdminDataSetKey  ;
-    access:dataSetValues access-individual:AdminRoleValueSet ;
-    access:dataSetValues :AdminSimplePermissionValueSet .
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet ;
+    access:hasRelatedValueSet :AdminSimplePermissionValueSet .
 
 :AdminDataSetKey  a access:DataSetKey ;
     access:hasKeyComponent access-individual:NamedObject ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 4d3e8f8b97..27c03c9258 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -29,11 +29,11 @@
 
 :SelfEditorAddObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorAddObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :SelfEditorAddObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorAddObjectPropertyValueSet .
 
 :SelfEditorAddObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -44,11 +44,11 @@
 
 :SelfEditorAddDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorAddDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :SelfEditorAddDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorAddDataPropertyValueSet .
 
 :SelfEditorAddDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -59,11 +59,11 @@
 
 :SelfEditorAddFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorAddFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :SelfEditorAddFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorAddFauxObjectPropertyValueSet .
 
 :SelfEditorAddFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -74,11 +74,11 @@
 
 :SelfEditorAddFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorAddFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:AddOperationValueSet ;
-    access:dataSetValues :SelfEditorAddFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:AddOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorAddFauxDataPropertyValueSet .
 
 :SelfEditorAddFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -89,11 +89,11 @@
 
 :SelfEditorDropObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorDropObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :SelfEditorDropObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorDropObjectPropertyValueSet .
 
 :SelfEditorDropObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -104,11 +104,11 @@
 
 :SelfEditorDropDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorDropDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :SelfEditorDropDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorDropDataPropertyValueSet .
 
 :SelfEditorDropDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -119,11 +119,11 @@
 
 :SelfEditorDropFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorDropFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :SelfEditorDropFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorDropFauxObjectPropertyValueSet .
 
 :SelfEditorDropFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -134,11 +134,11 @@
 
 :SelfEditorDropFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorDropFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:DropOperationValueSet ;
-    access:dataSetValues :SelfEditorDropFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:DropOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorDropFauxDataPropertyValueSet .
 
 :SelfEditorDropFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
@@ -149,11 +149,11 @@
 
 :SelfEditorEditObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorEditObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyValueSet ;
-    access:dataSetValues access-individual:ObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :SelfEditorEditObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorEditObjectPropertyValueSet .
 
 :SelfEditorEditObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:ObjectProperty ;
@@ -164,11 +164,11 @@
 
 :SelfEditorEditDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorEditDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:DataPropertyValueSet ;
-    access:dataSetValues access-individual:DataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :SelfEditorEditDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorEditDataPropertyValueSet .
 
 :SelfEditorEditDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:DataProperty ;
@@ -179,11 +179,11 @@
 
 :SelfEditorEditFauxObjectPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorEditFauxObjectPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyValueSet ;
-    access:dataSetValues access-individual:FauxObjectPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :SelfEditorEditFauxObjectPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorEditFauxObjectPropertyValueSet .
 
 :SelfEditorEditFauxObjectPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxObjectProperty ;
@@ -194,11 +194,11 @@
 
 :SelfEditorEditFauxDataPropertyDataSet a access:DataSet ;
     access:hasDataSetKey :SelfEditorEditFauxDataPropertyDataSetKey ;
-    access:dataSetValues access-individual:SelfEditorRoleValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyValueSet ;
-    access:dataSetValues access-individual:FauxDataPropertyStatementValueSet ;
-    access:dataSetValues access-individual:EditOperationValueSet ;
-    access:dataSetValues :SelfEditorEditFauxDataPropertyValueSet .
+    access:hasRelatedValueSet access-individual:SelfEditorRoleValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ;
+    access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ;
+    access:hasRelatedValueSet access-individual:EditOperationValueSet ;
+    access:hasRelatedValueSet :SelfEditorEditFauxDataPropertyValueSet .
 
 :SelfEditorEditFauxDataPropertyDataSetKey a access:DataSetKey ;
     access:hasKeyComponent access-individual:FauxDataProperty ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 19bcb4e39a..343f9581c5 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -116,9 +116,9 @@
 
 ### Object properties
 
-:dataSetValues a owl:ObjectProperty ;
-    rdfs:comment "Data set/data set template contains value set";
-    rdfs:label "data set values"@en-US ;
+:hasRelatedValueSet a owl:ObjectProperty ;
+    rdfs:comment "Specifies value sets related to :DataSetTemplate or :DataSet.";
+    rdfs:label "has related value set"@en-US ;
     rdfs:domain [ a owl:Class ; owl:unionOf  ( :DataSetTemplate :DataSet ) ] ;
     rdfs:range :ValueSet .
 

From 145ac5a8bcd1b476ae942e3f69d292b48954fba2 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 12:48:05 +0100
Subject: [PATCH 133/148] Created subclasses of :AttributeValuePattern :
 :AttributeUriValue, :SparqlSelectValuesQuery, :AttributeValuePrefix

---
 .../firsttime/policy_editable_pages.n3        |  4 +--
 .../firsttime/profile_proximity_query.n3      |  2 +-
 .../template_not_modifiable_statements.n3     |  2 +-
 .../vitro-access-control-ontology.n3          | 27 ++++++++++++++-----
 4 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
index e3abd38558..f0fde1a4c2 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
@@ -61,8 +61,6 @@
     access:attribute access-individual:AccessObjectType ;
     access:value access-individual:ObjectPropertyStatement .
 
-:SomeUri a access:AttributeValuePattern ;
+:SomeUri a access:AttributeUriValue ;
     access:id "?SOME_URI" .
 
-:SomeLiteral a access:AttributeValuePattern ;
-    access:id "?SOME_LITERAL" .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3 b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
index 1c884aba4f..550c30d81c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
@@ -3,7 +3,7 @@
 @prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-access-individual:PersonProfileProximityToResourceUri a access:AttributeValuePattern ;
+access-individual:PersonProfileProximityToResourceUri a access:SparqlSelectValuesQuery ;
     access:id """
     SELECT ?resourceUri WHERE {
         {
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index 555ce61bcf..4468d22776 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -110,6 +110,6 @@
     access:value  :prohibitedNamespacePrefix ; 
     .
 
-:prohibitedNamespacePrefix a access:AttributeValuePattern ;
+:prohibitedNamespacePrefix a access:AttributeValuePrefix ;
     access:id "http://vitro.mannlib.cornell.edu/ns/vitro/0.7#" ;
     
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 343f9581c5..10e8c89a5d 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -39,6 +39,10 @@
     rdfs:comment "Operator to use in check";
     rdfs:label "Operator"@en-US .
 
+:AttributeValuePattern a owl:Class ;
+    rdfs:comment "Resource represents single value, usually specified as literal with :id ";
+    rdfs:label "Value"@en-US .
+
 :Operation a owl:Class ;
     rdfs:subClassOf :AttributeValuePattern ;
     rdfs:comment "Access operation";
@@ -49,11 +53,26 @@
     rdfs:comment "Type of access object";
     rdfs:label "Object type"@en-US .
 
-:SubjectRoleUri a owl:Class ;
+:AttributeUriValue a owl:Class ;
     rdfs:subClassOf :AttributeValuePattern ;
-    rdfs:comment "Subject role uri pattern";
+    rdfs:comment "Represents attribute uri value";
+    rdfs:label "Attribute uri value"@en-US .
+
+:SubjectRoleUri a owl:Class ;
+    rdfs:subClassOf :AttributeUriValue ;
+    rdfs:comment "Represents role uri";
     rdfs:label "subject role uri"@en-US .
 
+:SparqlSelectValuesQuery a owl:Class ;
+    rdfs:subClassOf :AttributeValuePattern ;
+    rdfs:comment "Represents SPARQL Select query to get attribute values";
+    rdfs:label "Attribute uri value"@en-US .
+
+:AttributeValuePrefix a owl:Class ;
+    rdfs:subClassOf :AttributeValuePattern ;
+    rdfs:comment "Represents attribute value substring pattern";
+    rdfs:label "Attribute value prefix"@en-US .
+
 :SubjectType a owl:Class ;
     rdfs:subClassOf :AttributeValuePattern ;
     rdfs:comment "Type of subject(user, non-personal entity) requested access";
@@ -63,10 +82,6 @@
     rdfs:comment "Attribute type to check";
     rdfs:label "Attribute type"@en-US .
 
-:AttributeValuePattern a owl:Class ;
-    rdfs:comment "Resource represents single value, usually specified as literal with :id ";
-    rdfs:label "Value"@en-US .
-
 :Decision a owl:Class ;
     rdfs:comment "Decision to return in case all checks in a rule match";
     rdfs:label "Decision"@en-US .

From 5d457cdf6122e1a88d93a3b562b47f39bfa964c4 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 14:26:38 +0100
Subject: [PATCH 134/148] fix: reuse role value pattern if it is already exists
 on new data set creation.

---
 .../webapp/auth/policy/PolicyLoader.java      | 32 +++++++++++++++++++
 .../auth/policy/PolicyTemplateController.java | 29 ++++++++++++-----
 .../webapp/auth/policy/PolicyLoaderTest.java  | 17 ++++++++++
 3 files changed, 70 insertions(+), 8 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 159db77aa3..64cb5643cc 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -230,6 +230,16 @@ public class PolicyLoader {
             + "  }\n"
             + "}\n";
 
+    public static final String ROLE_VALUE_PATTERNS_QUERY = ""
+            + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+            + "SELECT ?rolePattern \n"
+            + "WHERE {\n"
+            + "  GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+            + "    ?rolePattern a access:SubjectRoleUri .\n"
+            + "    ?rolePattern access:id ?roleUri .\n"
+            + "  }\n"
+            + "}\n";
+
     public static final String DATA_SET_KEY_QUERY = ""
             + "prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
             + "SELECT ?keyComponent ?id ?type \n"
@@ -985,4 +995,26 @@ public void constructValueSet(String valueSetTemplateUri, String valueSet, Strin
         }
     }
 
+    public List<String> getSubjectRoleValuePattern(String roleUri) {
+        List<String> rolePatterns = new LinkedList<>();
+        ParameterizedSparqlString pss =
+                new ParameterizedSparqlString(ROLE_VALUE_PATTERNS_QUERY);
+        pss.setLiteral("roleUri", roleUri);
+        final String queryText = pss.toString();
+        debug("SPARQL Query to get uri of role value patterns:\n %s", queryText);
+        try {
+            rdfService.sparqlSelectQuery(queryText, new ResultSetConsumer() {
+                @Override
+                protected void processQuerySolution(QuerySolution qs) {
+                    if (qs.contains("rolePattern") && qs.get("rolePattern").isResource()) {
+                        rolePatterns.add(qs.getResource("rolePattern").getURI());
+                    }
+                }
+            });
+        } catch (RDFServiceException e) {
+            log.error(e, e);
+        }
+        return rolePatterns;
+    }
+
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
index 9218ceaec1..46562890b3 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTemplateController.java
@@ -1,5 +1,6 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
+import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.AUTH_INDIVIDUAL_PREFIX;
 import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.AUTH_VOCABULARY_PREFIX;
 import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.RDF_TYPE;
 
@@ -37,14 +38,14 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
         Model dataSetModel = VitroModelFactory.createModel();
 
         for (String keyTemplate : keyTemplates) {
-            if (keyTemplate.equals("https://vivoweb.org/ontology/vitro-application/auth/individual/SubjectRole")) {
-                String roleKeyUri = dataSetUri + role + "RoleUri";
-                dataSetModel.add(new StatementImpl(dataSetModel.createResource(roleKeyUri),
-                        dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "id"),
-                        dataSetModel.createLiteral(roleUri)));
-                dataSetModel.add(new StatementImpl(dataSetModel.createResource(roleKeyUri),
-                        dataSetModel.createProperty(RDF_TYPE),
-                        dataSetModel.createResource(AUTH_VOCABULARY_PREFIX + "SubjectRoleUri")));
+            if (keyTemplate.equals(AUTH_INDIVIDUAL_PREFIX + "SubjectRole")) {
+                String roleKeyUri = null;
+                List<String> roleValuePatterns = PolicyLoader.getInstance().getSubjectRoleValuePattern(roleUri);
+                if (roleValuePatterns.isEmpty()) {
+                    roleKeyUri = createSubjectRoleUri(roleUri, dataSetModel);
+                } else {
+                    roleKeyUri = roleValuePatterns.get(0);
+                }
                 keys.add(roleKeyUri);
             } else {
                 log.error(String.format("Not recognized key template found '%s'", keyTemplate));
@@ -93,6 +94,18 @@ private static void createRoleDataSet(String dataSetTemplateUri, String roleUri,
         policyLoader.updateAccessControlModel(dataSetModel, true);
     }
 
+    public static String createSubjectRoleUri(String roleUri, Model dataSetModel) {
+        String roleShortName = getRoleShortName(roleUri);
+        String roleValueSetUri = AUTH_INDIVIDUAL_PREFIX + roleShortName + "RoleUri";
+        dataSetModel.add(new StatementImpl(dataSetModel.createResource(roleValueSetUri),
+                dataSetModel.createProperty(AUTH_VOCABULARY_PREFIX + "id"),
+                dataSetModel.createLiteral(roleUri)));
+        dataSetModel.add(new StatementImpl(dataSetModel.createResource(roleValueSetUri),
+                dataSetModel.createProperty(RDF_TYPE),
+                dataSetModel.createResource(AUTH_VOCABULARY_PREFIX + "SubjectRoleUri")));
+        return roleValueSetUri;
+    }
+
     private static String getRoleShortName(String roleUri) {
         String slashSplit = roleUri.substring(roleUri.lastIndexOf('/') + 1);
         String hashSplit = slashSplit.substring(slashSplit.lastIndexOf('#') + 1);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
index dad3f964ed..e3e677bf03 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoaderTest.java
@@ -10,6 +10,9 @@
 import java.util.Map;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeValueKey;
+import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.ModelFactory;
 import org.junit.Test;
 
 public class PolicyLoaderTest extends PolicyTest {
@@ -74,4 +77,18 @@ public void getDataSetKeyTest() {
         assertEquals(expectedKey, compositeKey);
 
     }
+
+    @Test
+    public void getSubjectRoleValuePatternTest() {
+        List<String> patterns = loader.getSubjectRoleValuePattern(CUSTOM);
+        assertTrue(patterns.isEmpty());
+
+        Model tmpModel = ModelFactory.createDefaultModel();
+        PolicyTemplateController.createSubjectRoleUri(CUSTOM, tmpModel);
+        accessControlModel.add(tmpModel);
+        configurationDataSet.replaceNamedModel(ModelNames.ACCESS_CONTROL, accessControlModel);
+        patterns = loader.getSubjectRoleValuePattern(CUSTOM);
+        assertTrue(!patterns.isEmpty());
+        assertEquals(1, patterns.size());
+    }
 }

From 6423a0960a3943da289b6f40c814c809ed53b9ac Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 16:00:10 +0100
Subject: [PATCH 135/148] Added rdfs:label as default value to object property
 template value sets

---
 .../firsttime/template_access_allowed_property.n3     | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index dd0cf4ab2a..a054dc140b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -3,6 +3,7 @@
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
 @prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 
 :PolicyTemplate a access:PolicyTemplate ;
@@ -159,7 +160,7 @@
 :RoleDisplayObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:value access-individual:defaultUri ;
+    access:value rdfs:label ;
     access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role PublishObjectProperty data set template
@@ -188,7 +189,7 @@
 :RolePublishObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:value access-individual:defaultUri ;
+    access:value rdfs:label ;
     access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role AddObjectProperty data set template
@@ -217,7 +218,7 @@
 :RoleAddObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:value access-individual:defaultUri ;
+    access:value rdfs:label ;
     access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role DropObjectProperty data set template
@@ -246,7 +247,7 @@
 :RoleDropObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:value access-individual:defaultUri ;
+    access:value rdfs:label ;
     access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role EditObjectProperty data set template
@@ -275,7 +276,7 @@
 :RoleEditObjectPropertyEntityValueSetTemplate a access:ValueSetTemplate ;
     access:relatedCheck :AccessObjectUriContainsInDataSet ;
     access:relatedCheck :StatementPredicateEquals ;
-#    access:value access-individual:defaultUri ;
+    access:value rdfs:label ;
     access:containsElementsOfType access-individual:ObjectProperty .
 
 #Role DisplayDataProperty data set template

From 6377d21cf907b6e918b00b36d34335958720874f Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 16:19:39 +0100
Subject: [PATCH 136/148] improved simple permission migrator logging

---
 .../webapp/migration/auth/SimplePermissionMigrator.java   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java
index b53b5d899e..15d7db51b9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java
@@ -86,15 +86,19 @@ private void migrateRoles(Set<String> roles) {
             for (String entityUri : toGrant) {
                 policyLoader.addEntityToPolicyDataSet(entityUri, AccessObjectType.NAMED_OBJECT, AccessOperation.EXECUTE,
                         role);
-                log.info(String.format("Granted simple permission %s to role %s ", entityUri, role));
+                log.info(String.format("Allow role %s to %s ", getShortName(role), getShortName(entityUri)));
             }
             for (String entityUri : toRevoke) {
                 policyLoader.removeEntityFromPolicyDataSet(entityUri, AccessObjectType.NAMED_OBJECT,
                         AccessOperation.EXECUTE, role);
-                log.info(String.format("Revoked simple permission %s from role %s ", entityUri, role));
+                log.info(String.format("Disallow role %s to %s ", getShortName(role), getShortName(entityUri)));
             }
         }
     }
+    
+    private static String getShortName(String entityUri) {
+        return entityUri.substring(entityUri.lastIndexOf('#') + 1);
+    }
 
     Set<String> getPermissionSets() {
         Set<String> permissionSets = new HashSet<>();

From 87d63f865baaa22f0b593007593917eb8a7e8b4b Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 24 Nov 2023 16:20:01 +0100
Subject: [PATCH 137/148] fixed ARM migrator test

---
 .../migration/auth/SimplePermissionMigrator.java    |  2 +-
 .../webapp/migration/auth/ArmMigratorTest.java      | 13 ++++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java
index 15d7db51b9..6e747ae984 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/SimplePermissionMigrator.java
@@ -95,7 +95,7 @@ private void migrateRoles(Set<String> roles) {
             }
         }
     }
-    
+
     private static String getShortName(String entityUri) {
         return entityUri.substring(entityUri.lastIndexOf('#') + 1);
     }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index eab7dbdc24..c0a094c11c 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -42,13 +42,12 @@ public class ArmMigratorTest extends AuthMigratorTest {
     public void initArmMigration() {
         userAccountsModel = ModelFactory.createOntologyModel();
         configurationDataSet.addNamedModel(ModelNames.USER_ACCOUNTS, userAccountsModel);
-        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.PERMISSIONSET, VitroVocabulary.RDF_TYPE);
-        armMigrator = new ArmMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet),
-                userAccountsModel);
     }
 
     @Test
     public void isArmConfigurationTest() {
+        armMigrator = new ArmMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet),
+                userAccountsModel);
         assertFalse(armMigrator.isArmConfiguation());
         addArmStatement(ArmMigrator.ARM_ADMIN, ArmMigrator.DISPLAY, OBJECT_PROPERTY_URI);
         assertTrue(armMigrator.isArmConfiguation());
@@ -69,6 +68,8 @@ private void addUserAccountsStatement(String subjUri, String objUri, String pUri
 
     @Test
     public void getEntityMapTest() {
+        armMigrator = new ArmMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet),
+                userAccountsModel);
         Map<AccessObjectType, Set<String>> map = armMigrator.getEntityMap();
         assertFalse(map.isEmpty());
         assertEquals(1, map.get(AccessObjectType.OBJECT_PROPERTY).size());
@@ -80,6 +81,8 @@ public void getEntityMapTest() {
 
     @Test
     public void getStatementsToRemoveTest() {
+        armMigrator = new ArmMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet),
+                userAccountsModel);
         StringBuilder removals = armMigrator.getStatementsToRemove();
         assertTrue(StringUtils.isBlank(removals.toString()));
         EntityPolicyController.updateEntityDataSet("test:entity", AccessObjectType.CLASS,
@@ -90,6 +93,10 @@ public void getStatementsToRemoveTest() {
 
     @Test
     public void migrateConfigurationTest() {
+        addUserAccountsStatement(PolicyTest.CUSTOM, VitroVocabulary.PERMISSIONSET, VitroVocabulary.RDF_TYPE);
+        armMigrator = new ArmMigrator(new RDFServiceModel(contentModel), new RDFServiceModel(configurationDataSet),
+                userAccountsModel);
+
         addArmStatement(ArmMigrator.ARM_ADMIN, ArmMigrator.DISPLAY, OBJECT_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_EDITOR, ArmMigrator.PUBLISH, OBJECT_PROPERTY_URI);
         addArmStatement(ArmMigrator.ARM_CURATOR, ArmMigrator.UPDATE, OBJECT_PROPERTY_URI);

From 305bea55bc510d00b81656945a7b4f9fe2485902 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Mon, 27 Nov 2023 18:19:22 +0100
Subject: [PATCH 138/148] improved logging in PolicyDecisionLogger

---
 api/.checkstyle                               |   5 -
 .../auth/objects/NamedAccessObject.java       |   6 +-
 .../auth/policy/PolicyDecisionLogger.java     | 303 +++++++++---------
 .../auth/policy/PolicyDecisionPoint.java      |   2 +-
 4 files changed, 152 insertions(+), 164 deletions(-)
 delete mode 100644 api/.checkstyle

diff --git a/api/.checkstyle b/api/.checkstyle
deleted file mode 100644
index 87ca13db6e..0000000000
--- a/api/.checkstyle
+++ /dev/null
@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<fileset-config file-format-version="1.2.0" simple-config="false" sync-formatter="false">
-  <filter name="NonSrcDirs" enabled="false"/>
-</fileset-config>
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/NamedAccessObject.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/NamedAccessObject.java
index 2617cedbd5..8b9f025ac9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/NamedAccessObject.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/objects/NamedAccessObject.java
@@ -56,7 +56,7 @@ private boolean equivalent(Object o1, Object o2) {
 
     @Override
     public String toString() {
-        return "SimpleRequestedAction['" + uri + "']";
+        return getShortName(uri);
     }
 
     @Override
@@ -64,4 +64,8 @@ public AccessObjectType getType() {
         return type;
     }
 
+    private static String getShortName(String entityUri) {
+        return entityUri.substring(entityUri.lastIndexOf('#') + 1);
+    }
+
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionLogger.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionLogger.java
index a5e48bb6d7..435d193eab 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionLogger.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionLogger.java
@@ -6,171 +6,160 @@
 
 import java.util.regex.Pattern;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Policy;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.utils.developer.DeveloperSettings;
 import edu.cornell.mannlib.vitro.webapp.utils.developer.Key;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 /**
- * If enabled in the developer settings (and log levels), log each
- * PolicyDecision (subject to restrictions).
+ * If enabled in the developer settings (and log levels), log each PolicyDecision (subject to restrictions).
  *
- * Some restrictions apply to the logger as a whole. Others apply to the
- * particular policy or the particular decision.
+ * Some restrictions apply to the logger as a whole. Others apply to the particular policy or the particular decision.
  */
 public class PolicyDecisionLogger {
-	private static final Log log = LogFactory
-			.getLog(PolicyDecisionLogger.class);
-
-	private static final Pattern NEVER_MATCHES = Pattern.compile("^__NEVER__$");
-
-	private static final BasicPolicyDecision NULL_DECISION = new BasicPolicyDecision(
-			INCONCLUSIVE, "The decision was null.");
-
-	private final DeveloperSettings settings;
-	private final AccessObject whatToAuth;
-	private final IdentifierBundle whoToAuth;
-
-	private final boolean enabled;
-
-	private final Pattern policyRestriction;
-	private final boolean skipInconclusive;
-	private final boolean includeIdentifiers;
-
-	public PolicyDecisionLogger(IdentifierBundle whoToAuth,
-			AccessObject whatToAuth) {
-		this.settings = DeveloperSettings.getInstance();
-		this.whoToAuth = whoToAuth;
-		this.whatToAuth = whatToAuth;
-
-		this.enabled = figureEnabled();
-
-		this.policyRestriction = figurePolicyRestriction();
-		this.skipInconclusive = figureSkipInconclusive();
-		this.includeIdentifiers = figureIncludeIdentifiers();
-	}
-
-	private boolean figureEnabled() {
-		return log.isInfoEnabled()
-				&& settings.getBoolean(Key.AUTHORIZATION_LOG_DECISIONS_ENABLE)
-				&& passesUserRestriction() && passesActionRestriction();
-	}
-
-	/**
-	 * The identifier bundle passes if there is no restriction, or if the
-	 * restriction pattern is found within concatenated string of the identifier
-	 * bundle.
-	 *
-	 * If the restriction is invalid, the action fails.
-	 */
-	private boolean passesUserRestriction() {
-		Pattern userRestriction = compilePatternFromSetting(Key.AUTHORIZATION_LOG_DECISIONS_USER_RESTRICTION);
-		return userRestriction == null
-				|| userRestriction.matcher(String.valueOf(whoToAuth)).find();
-	}
-
-	/**
-	 * The requested action passes if there is no restriction, or if the
-	 * restriction pattern is found within the class name of the action.
-	 *
-	 * If the restriction is invalid, the action fails.
-	 */
-	private boolean passesActionRestriction() {
-		Pattern actionRestriction = compilePatternFromSetting(Key.AUTHORIZATION_LOG_DECISIONS_ACTION_RESTRICTION);
-		return actionRestriction == null
-				|| actionRestriction.matcher(String.valueOf(whatToAuth)).find();
-	}
-
-	/**
-	 * Only compile the policy restriction pattern once.
-	 */
-	private Pattern figurePolicyRestriction() {
-		return compilePatternFromSetting(Key.AUTHORIZATION_LOG_DECISIONS_POLICY_RESTRICTION);
-	}
-
-	/**
-	 * Do we log inconclusive decisions?
-	 */
-	private boolean figureSkipInconclusive() {
-		return settings
-				.getBoolean(Key.AUTHORIZATION_LOG_DECISIONS_SKIP_INCONCLUSIVE);
-	}
-
-	/**
-	 * Do we include Identifiers in the log record?
-	 */
-	private boolean figureIncludeIdentifiers() {
-		return settings
-				.getBoolean(Key.AUTHORIZATION_LOG_DECISIONS_ADD_IDENTIFERS);
-	}
-
-	/**
-	 * If no pattern was provided, return null. If an invalid pattern was
-	 * provided, return a pattern that never matches.
-	 */
-	private Pattern compilePatternFromSetting(Key key) {
-		String setting = settings.getString(key);
-		if (setting.isEmpty()) {
-			return null;
-		} else {
-			try {
-				return Pattern.compile(setting);
-			} catch (Exception e) {
-				return NEVER_MATCHES;
-			}
-		}
-	}
-
-	/**
-	 * If the logger and the policy and the decision all pass the restrictions,
-	 * write to the log. A null decision is treated as inconclusive.
-	 */
-	public void log(Policy policy, PolicyDecision pd) {
-		if (passesRestrictions(String.valueOf(policy), pd)) {
-			if (this.includeIdentifiers) {
-				log.info(String.format(
-						"Decision on %s by %s was %s; user is %s",
-						this.whatToAuth, policy, pd, this.whoToAuth));
-			} else {
-				log.info(String.format("Decision on %s by %s was %s",
-						this.whatToAuth, policy, pd));
-			}
-		}
-	}
-
-	private boolean passesRestrictions(String policyString, PolicyDecision pd) {
-		if (pd == null) {
-			pd = NULL_DECISION;
-		}
-		return enabled && passesPolicyRestriction(policyString)
-				&& passesConclusiveRestriction(pd);
-	}
-
-	private boolean passesPolicyRestriction(String policyString) {
-		return this.policyRestriction == null
-				|| this.policyRestriction.matcher(policyString).find();
-	}
-
-	private boolean passesConclusiveRestriction(PolicyDecision pd) {
-		return !(skipInconclusive && isInconclusive(pd));
-	}
-
-	private boolean isInconclusive(PolicyDecision pd) {
-		return pd == null || pd.getDecisionResult() == INCONCLUSIVE;
-	}
-
-	public void logNoDecision(PolicyDecision pd) {
-		if (enabled) {
-			if (this.includeIdentifiers) {
-				log.info(pd.getMessage() + "; user is " + this.whoToAuth);
-			} else {
-				log.info(pd.getMessage());
-			}
-		}
-	}
+    private static final Log log = LogFactory.getLog(PolicyDecisionLogger.class);
+
+    private static final Pattern NEVER_MATCHES = Pattern.compile("^__NEVER__$");
+
+    private static final BasicPolicyDecision NULL_DECISION =
+            new BasicPolicyDecision(INCONCLUSIVE, "The decision was null.");
+
+    private final DeveloperSettings settings;
+    private final AccessObject object;
+    private final AccessOperation operation;
+    private final IdentifierBundle whoToAuth;
+
+    private final boolean enabled;
+
+    private final Pattern policyRestriction;
+    private final boolean skipInconclusive;
+    private final boolean includeIdentifiers;
+
+    public PolicyDecisionLogger(AuthorizationRequest ar) {
+        this.settings = DeveloperSettings.getInstance();
+        this.whoToAuth = ar.getIds();
+        this.object = ar.getAccessObject();
+        this.operation = ar.getAccessOperation();
+
+        this.enabled = figureEnabled();
+
+        this.policyRestriction = figurePolicyRestriction();
+        this.skipInconclusive = figureSkipInconclusive();
+        this.includeIdentifiers = figureIncludeIdentifiers();
+    }
+
+    private boolean figureEnabled() {
+        return log.isInfoEnabled() && settings.getBoolean(Key.AUTHORIZATION_LOG_DECISIONS_ENABLE)
+                && passesUserRestriction() && passesActionRestriction();
+    }
+
+    /**
+     * The identifier bundle passes if there is no restriction, or if the restriction pattern is found within
+     * concatenated string of the identifier bundle.
+     *
+     * If the restriction is invalid, the action fails.
+     */
+    private boolean passesUserRestriction() {
+        Pattern userRestriction = compilePatternFromSetting(Key.AUTHORIZATION_LOG_DECISIONS_USER_RESTRICTION);
+        return userRestriction == null || userRestriction.matcher(String.valueOf(whoToAuth)).find();
+    }
+
+    /**
+     * The requested action passes if there is no restriction, or if the restriction pattern is found within the class
+     * name of the action.
+     *
+     * If the restriction is invalid, the action fails.
+     */
+    private boolean passesActionRestriction() {
+        Pattern actionRestriction = compilePatternFromSetting(Key.AUTHORIZATION_LOG_DECISIONS_ACTION_RESTRICTION);
+        return actionRestriction == null || actionRestriction.matcher(String.valueOf(object)).find();
+    }
+
+    /**
+     * Only compile the policy restriction pattern once.
+     */
+    private Pattern figurePolicyRestriction() {
+        return compilePatternFromSetting(Key.AUTHORIZATION_LOG_DECISIONS_POLICY_RESTRICTION);
+    }
+
+    /**
+     * Do we log inconclusive decisions?
+     */
+    private boolean figureSkipInconclusive() {
+        return settings.getBoolean(Key.AUTHORIZATION_LOG_DECISIONS_SKIP_INCONCLUSIVE);
+    }
+
+    /**
+     * Do we include Identifiers in the log record?
+     */
+    private boolean figureIncludeIdentifiers() {
+        return settings.getBoolean(Key.AUTHORIZATION_LOG_DECISIONS_ADD_IDENTIFERS);
+    }
+
+    /**
+     * If no pattern was provided, return null. If an invalid pattern was provided, return a pattern that never matches.
+     */
+    private Pattern compilePatternFromSetting(Key key) {
+        String setting = settings.getString(key);
+        if (setting.isEmpty()) {
+            return null;
+        } else {
+            try {
+                return Pattern.compile(setting);
+            } catch (Exception e) {
+                return NEVER_MATCHES;
+            }
+        }
+    }
+
+    /**
+     * If the logger and the policy and the decision all pass the restrictions, write to the log. A null decision is
+     * treated as inconclusive.
+     */
+    public void log(Policy policy, PolicyDecision pd) {
+        if (passesRestrictions(String.valueOf(policy), pd)) {
+            if (this.includeIdentifiers) {
+                log.info(String.format("Decision on %s %s by %s was %s; user is %s", this.operation, this.object,
+                        policy.getShortUri(), pd, this.whoToAuth));
+            } else {
+                log.info(String.format("Decision on %s %s by %s was %s", this.operation, this.object,
+                        policy.getShortUri(), pd));
+            }
+        }
+    }
+
+    private boolean passesRestrictions(String policyString, PolicyDecision pd) {
+        if (pd == null) {
+            pd = NULL_DECISION;
+        }
+        return enabled && passesPolicyRestriction(policyString) && passesConclusiveRestriction(pd);
+    }
+
+    private boolean passesPolicyRestriction(String policyString) {
+        return this.policyRestriction == null || this.policyRestriction.matcher(policyString).find();
+    }
+
+    private boolean passesConclusiveRestriction(PolicyDecision pd) {
+        return !(skipInconclusive && isInconclusive(pd));
+    }
+
+    private boolean isInconclusive(PolicyDecision pd) {
+        return pd == null || pd.getDecisionResult() == INCONCLUSIVE;
+    }
+
+    public void logNoDecision(PolicyDecision pd) {
+        if (enabled) {
+            if (this.includeIdentifiers) {
+                log.info(pd.getMessage() + "; user is " + this.whoToAuth);
+            } else {
+                log.info(pd.getMessage());
+            }
+        }
+    }
 }
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
index 1c845335a9..1e317a7a4a 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyDecisionPoint.java
@@ -15,7 +15,7 @@ public class PolicyDecisionPoint {
 
     public static PolicyDecision decide(AuthorizationRequest ar) {
         PolicyDecision pd = null;
-        PolicyDecisionLogger logger = new PolicyDecisionLogger(ar.getIds(), ar.getAccessObject());
+        PolicyDecisionLogger logger = new PolicyDecisionLogger(ar);
         PolicyStore store = PolicyStore.getInstance();
         for (Policy policy : store.getList()) {
             try {

From e6e73e3f9007f03547b6e9d5baf35027447f9bcb Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 29 Nov 2023 09:29:57 +0100
Subject: [PATCH 139/148] Split editable pages policy into policy for self
 editors and policy for other roles.

---
 .../BaseIndividualTemplateModel.java          |   2 +-
 .../auth/policy/EditablePagesPolicyTest.java  | 114 ++++++++++++++++--
 .../vitro/webapp/auth/policy/PolicyTest.java  |  12 +-
 ...es.n3 => policy_related_editable_pages.n3} |  31 ++---
 .../firsttime/template_editable_pages.n3      |  71 +++++++++++
 5 files changed, 193 insertions(+), 37 deletions(-)
 rename home/src/main/resources/rdf/accessControl/firsttime/{policy_editable_pages.n3 => policy_related_editable_pages.n3} (69%)
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/template_editable_pages.n3

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
index 47b9aa6bf1..009830ca69 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
@@ -120,7 +120,7 @@ public GroupedPropertyList getPropertyList() {
 	 */
     public boolean isEditable() {
         ObjectPropertyStatementAccessObject aops = new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), individual.getURI(), SOME_PREDICATE, SOME_URI);
-        SimpleAuthorizationRequest addSomeObjectProperty = new SimpleAuthorizationRequest(aops, AccessOperation.ADD);
+        SimpleAuthorizationRequest addSomeObjectProperty = new SimpleAuthorizationRequest(aops, AccessOperation.EDIT);
         return PolicyHelper.isAuthorizedForActions(vreq, addSomeObjectProperty);
     }
 
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
index 0b4894ab3e..d9f4fc9091 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EditablePagesPolicyTest.java
@@ -1,5 +1,8 @@
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_PREDICATE;
+import static edu.cornell.mannlib.vitro.webapp.auth.objects.AccessObject.SOME_URI;
+import static edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary.AUTH_INDIVIDUAL_PREFIX;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
@@ -7,22 +10,119 @@
 import java.util.HashSet;
 import java.util.Set;
 
-import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import edu.cornell.mannlib.vitro.webapp.auth.objects.ObjectPropertyStatementAccessObject;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DecisionResult;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleAuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
 import org.junit.Test;
 
 public class EditablePagesPolicyTest extends PolicyTest {
 
-    public static final String EDITABLE_PAGES_POLICY_PATH =
-            PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + "policy_editable_pages.n3";
+    public static final String RELATED_EDITABLE_PAGES_POLICY_PATH =
+            PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + "policy_related_editable_pages.n3";
+    public static final String EDITABLE_PAGES_TEMPLATE_PATH =
+            PolicyTest.USER_ACCOUNTS_HOME_FIRSTTIME + "template_editable_pages.n3";
 
     @Test
-    public void testLoadEditablePagesPolicy() {
-        load(EDITABLE_PAGES_POLICY_PATH);
-        String policyUri = VitroVocabulary.AUTH_INDIVIDUAL_PREFIX + "edit-individual-pages/Policy";
+    public void testLoadRelatedEditablePagesPolicy() {
+        load(RELATED_EDITABLE_PAGES_POLICY_PATH);
+        String policyUri = AUTH_INDIVIDUAL_PREFIX + "edit-related-individual-pages/Policy";
         Set<DynamicPolicy> policies = loader.loadPolicies(policyUri);
         assertEquals(1, policies.size());
         DynamicPolicy policy = policies.iterator().next();
         assertTrue(policy != null);
-        countRulesAndAttributes(policy, 2, new HashSet<>(Arrays.asList(5, 6)));
+        countRulesAndAttributes(policy, 1, new HashSet<>(Arrays.asList(6)));
     }
+
+    @Test
+    public void testAdminEditablePagesPolicy() {
+        load(EDITABLE_PAGES_TEMPLATE_PATH);
+        String dataSetUri = AUTH_INDIVIDUAL_PREFIX + "edit-individual-pages/AdminRoleDataSet";
+        DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
+        assertTrue(policy != null);
+        assertEquals(1, policy.getRules().size());
+        final AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(true, rule.isAllowMatched());
+        assertEquals(5, rule.getChecksCount());
+
+        AccessOperation operation = AccessOperation.EDIT;
+        ObjectPropertyStatementAccessObject object =
+                new ObjectPropertyStatementAccessObject(null, "test://uri", SOME_PREDICATE, SOME_URI);
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(object, operation);
+        ar.setRoleUris(Arrays.asList(CURATOR));
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        ar.setRoleUris(Arrays.asList(ADMIN));
+        assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
+    }
+
+    @Test
+    public void testCuratorEditablePagesPolicy() {
+        load(EDITABLE_PAGES_TEMPLATE_PATH);
+        String dataSetUri = AUTH_INDIVIDUAL_PREFIX + "edit-individual-pages/CuratorRoleDataSet";
+        DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
+        assertTrue(policy != null);
+        assertEquals(1, policy.getRules().size());
+        final AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(true, rule.isAllowMatched());
+        assertEquals(5, rule.getChecksCount());
+
+        AccessOperation operation = AccessOperation.EDIT;
+        ObjectPropertyStatementAccessObject object =
+                new ObjectPropertyStatementAccessObject(null, "test://uri", SOME_PREDICATE, SOME_URI);
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(object, operation);
+        ar.setRoleUris(Arrays.asList(ADMIN));
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        ar.setRoleUris(Arrays.asList(CURATOR));
+        assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
+    }
+
+    @Test
+    public void testEditorEditablePagesPolicy() {
+        load(EDITABLE_PAGES_TEMPLATE_PATH);
+        String dataSetUri = AUTH_INDIVIDUAL_PREFIX + "edit-individual-pages/EditorRoleDataSet";
+        DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
+        assertTrue(policy != null);
+        assertEquals(1, policy.getRules().size());
+        final AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(true, rule.isAllowMatched());
+        assertEquals(5, rule.getChecksCount());
+
+        AccessOperation operation = AccessOperation.EDIT;
+        ObjectPropertyStatementAccessObject object =
+                new ObjectPropertyStatementAccessObject(null, "test://uri", SOME_PREDICATE, SOME_URI);
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(object, operation);
+        ar.setRoleUris(Arrays.asList(ADMIN));
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        ar.setRoleUris(Arrays.asList(EDITOR));
+        assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
+    }
+
+    @Test
+    public void testCustomRole() {
+        load(EDITABLE_PAGES_TEMPLATE_PATH);
+
+        // Create custom data set
+        PolicyTemplateController.createRoleDataSets(CUSTOM);
+        // Get data set uri by key: role uri and named object
+        String dataSetUri = AUTH_INDIVIDUAL_PREFIX + "edit-individual-pages/CustomRoleDataSet";
+
+        assertTrue(dataSetUri != null);
+        DynamicPolicy policy = loader.loadPolicyFromTemplateDataSet(dataSetUri);
+        assertTrue(policy != null);
+        assertEquals(1, policy.getRules().size());
+        final AccessRule rule = policy.getRules().iterator().next();
+        assertEquals(true, rule.isAllowMatched());
+        assertEquals(5, rule.getChecksCount());
+
+        AccessOperation operation = AccessOperation.EDIT;
+        ObjectPropertyStatementAccessObject object =
+                new ObjectPropertyStatementAccessObject(null, "test://uri", SOME_PREDICATE, SOME_URI);
+        SimpleAuthorizationRequest ar = new SimpleAuthorizationRequest(object, operation);
+        ar.setRoleUris(Arrays.asList(PUBLIC));
+        assertEquals(DecisionResult.INCONCLUSIVE, policy.decide(ar).getDecisionResult());
+        ar.setRoleUris(Arrays.asList(CUSTOM));
+        assertEquals(DecisionResult.AUTHORIZED, policy.decide(ar).getDecisionResult());
+    }
+
 }
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
index 27e0a8aa67..e43d9472e8 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyTest.java
@@ -105,7 +105,7 @@ public void finish() {
         AttributeValueSetRegistry.getInstance().clear();
     }
 
-    protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<Integer> attrCount) {
+    protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<Integer> checksCount) {
         assertTrue(policy != null);
         Set<AccessRule> rules = policy.getRules();
         Map<String, AccessRule> ruleMap = rules.stream().collect(Collectors.toMap(r -> r.getRuleUri(), r -> r));
@@ -117,14 +117,14 @@ protected void countRulesAndAttributes(DynamicPolicy policy, int ruleCount, Set<
         }
         assertEquals(ruleCount, ruleMap.size());
         for (AccessRule ar : ruleMap.values()) {
-            if (!attrCount.contains(ar.getChecks().size())) {
-                log.error(String.format("Attribute count %s doesn't match for policy %s", ar.getChecks().size(),
+            if (!checksCount.contains(ar.getChecks().size())) {
+                log.error(String.format("Checks count %s doesn't match for policy %s", ar.getChecks().size(),
                         policy.getUri()));
-                for (String att : ar.getCheckUris()) {
-                    log.error(String.format("Attribute uri %s", att));
+                for (String checkUri : ar.getCheckUris()) {
+                    log.error(String.format("Checks uri %s", checkUri));
                 }
             }
-            assertTrue(attrCount.contains(ar.getChecks().size()));
+            assertTrue(checksCount.contains(ar.getChecks().size()));
             for (Check att : ar.getChecks()) {
                 assertTrue(!att.getValues().isEmpty());
             }
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_related_editable_pages.n3
similarity index 69%
rename from home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/policy_related_editable_pages.n3
index f0fde1a4c2..61a9237a81 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_related_editable_pages.n3
@@ -3,43 +3,28 @@
 @prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
 @prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/edit-individual-pages/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/edit-related-individual-pages/> .
 
 :Policy a access:Policy ;
-    access:hasRule :AllowEditRelatedPagesRule ;
-    access:hasRule :AllowEditIndividualPagesRule .
+    access:hasRule :AllowEditRelatedPagesRule .
 
-:AllowEditIndividualPagesRule a access:Rule;
-    access:requiresCheck :SubjectRoleOneOfEditorsCheck ;
-    access:requiresCheck :IsAddOperation ;
+:AllowEditRelatedPagesRule a access:Rule;
+    access:requiresCheck :SubjectRoleIsSelfEditor ;
+    access:requiresCheck :SubjectUriIsProfileRelatedResource ;
+    access:requiresCheck :IsEditOperation ;
     access:requiresCheck :IsObjectPropertyStatement ;
     access:requiresCheck :ObjectUriIsSomeUri ;
     access:requiresCheck :PredicateIsSomePredicate .
 
-:SubjectRoleOneOfEditorsCheck a access:Check ;
-    access:useOperator access-individual:OneOf ;
-    access:attribute access-individual:SubjectRole ;
-    access:value access-individual:AdminRoleUri ;
-    access:value access-individual:CuratorRoleUri ;
-    access:value access-individual:EditorRoleUri .
-
 :SubjectRoleIsSelfEditor a access:Check ;
     access:useOperator access-individual:Equals ;
     access:attribute access-individual:SubjectRole ;
     access:value access-individual:SelfEditorRoleUri .
 
-:IsAddOperation a access:Check ;
+:IsEditOperation a access:Check ;
     access:useOperator access-individual:Equals ;
     access:attribute access-individual:Operation ;
-    access:value access-individual:AddOperation .
-
-:AllowEditRelatedPagesRule a access:Rule;
-    access:requiresCheck :SubjectRoleIsSelfEditor ;
-    access:requiresCheck :SubjectUriIsProfileRelatedResource ;
-    access:requiresCheck :IsAddOperation ;
-    access:requiresCheck :IsObjectPropertyStatement ;
-    access:requiresCheck :ObjectUriIsSomeUri ;
-    access:requiresCheck :PredicateIsSomePredicate .
+    access:value access-individual:EditOperation .
 
 :PredicateIsSomePredicate a access:Check ;
     access:useOperator access-individual:Equals ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_editable_pages.n3
new file mode 100644
index 0000000000..e6a864b7da
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_editable_pages.n3
@@ -0,0 +1,71 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
+@prefix access-individual: <https://vivoweb.org/ontology/vitro-application/auth/individual/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/edit-individual-pages/> .
+
+:PolicyTemplate a access:PolicyTemplate ;
+    access:hasDataSet :AdminRoleDataSet ;
+    access:hasDataSet :CuratorRoleDataSet ;
+    access:hasDataSet :EditorRoleDataSet ;
+    access:hasDataSetTemplate :RoleDataSetTemplate ;
+    access:hasRule :AllowEditIndividualPagesRule .
+
+:AdminRoleDataSet a access:DataSet ;
+    access:hasRelatedValueSet access-individual:AdminRoleValueSet .
+
+:CuratorRoleDataSet a access:DataSet ;
+    access:hasRelatedValueSet access-individual:CuratorRoleValueSet .
+
+:EditorRoleDataSet a access:DataSet ;
+    access:hasRelatedValueSet access-individual:EditorRoleValueSet .
+
+:RoleDataSetTemplate a access:DataSetTemplate ;
+    access:hasDataSetTemplateKey :RoleEditPagesDataSetTemplateKey ;
+    access:dataSetValueTemplate :RoleEditPagesValueSetTemplate .
+
+:RoleEditPagesValueSetTemplate a access:ValueSetTemplate ;
+    access:relatedCheck :SubjectRoleCheck;
+    access:containsElementsOfType access-individual:SubjectRole .
+
+:RoleEditPagesDataSetTemplateKey a access:DataSetTemplateKey ;
+    access:hasTemplateKeyComponent access-individual:SubjectRole .
+
+:AllowEditIndividualPagesRule a access:Rule;
+    access:requiresCheck :SubjectRoleCheck ;
+    access:requiresCheck :IsEditOperation ;
+    access:requiresCheck :IsObjectPropertyStatement ;
+    access:requiresCheck :ObjectUriIsSomeUri ;
+    access:requiresCheck :PredicateIsSomePredicate .
+
+:SubjectRoleCheck a access:Check ;
+    access:useOperator access-individual:Equals ;
+    access:attribute access-individual:SubjectRole ;
+    access:values access-individual:AdminRoleValueSet ;
+    access:values access-individual:CuratorRoleValueSet ;
+    access:values access-individual:EditorRoleValueSet .
+
+:IsEditOperation a access:Check ;
+    access:useOperator access-individual:Equals ;
+    access:attribute access-individual:Operation ;
+    access:value access-individual:EditOperation .
+
+:PredicateIsSomePredicate a access:Check ;
+    access:useOperator access-individual:Equals ;
+    access:attribute access-individual:StatementPredicateUri ;
+    access:value :SomeUri .
+
+:ObjectUriIsSomeUri a access:Check ;
+    access:useOperator access-individual:Equals ;
+    access:attribute access-individual:StatementObjectUri ;
+    access:value :SomeUri .
+
+:IsObjectPropertyStatement a access:Check ;
+    access:useOperator access-individual:Equals ;
+    access:attribute access-individual:AccessObjectType ;
+    access:value access-individual:ObjectPropertyStatement .
+
+:SomeUri a access:AttributeUriValue ;
+    access:id "?SOME_URI" .
+

From 0873154af3b1151012b2d49ebf72cf51d87321d0 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 29 Nov 2023 09:57:30 +0100
Subject: [PATCH 140/148] set correct range for value property

---
 .../rdf/tbox/firsttime/vitro-access-control-ontology.n3        | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 10e8c89a5d..92b0f22d19 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -140,7 +140,8 @@
 :value a owl:ObjectProperty ;
     rdfs:comment "Assign one value (any URI or :AttributeValuePattern with :id to define literal value)";
     rdfs:label "value"@en-US ;
-    rdfs:domain [ a owl:Class ; owl:unionOf  ( :ValueSetTemplate :ValueSet :Check ) ] .
+    rdfs:domain [ a owl:Class ; owl:unionOf  ( :ValueSetTemplate :ValueSet :Check ) ] ;
+    rdfs:range :AttributeValuePattern .
 
 :useOperator a owl:ObjectProperty ;
     rdfs:comment "Use operator in :Check";

From a556de246fd9e7ce83b5ae0b213d08a5f6f93974 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 29 Nov 2023 10:06:31 +0100
Subject: [PATCH 141/148] moved proxymity query

---
 .../firsttime/profile_proximity_query.n3      | 65 -------------------
 1 file changed, 65 deletions(-)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3 b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
index 550c30d81c..f1e67b43e7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3
@@ -6,72 +6,7 @@
 access-individual:PersonProfileProximityToResourceUri a access:SparqlSelectValuesQuery ;
     access:id """
     SELECT ?resourceUri WHERE {
-        {
-          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-          ?roleUri a <http://vivoweb.org/ontology/core#AdvisorRole> .
-          ?roleUri <http://vivoweb.org/ontology/core#relatedBy> ?resourceUri .
-          ?resourceUri a <http://vivoweb.org/ontology/core#AdvisingRelationship> .
-        }
-        UNION
-        {
-          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-          ?roleUri a <http://vivoweb.org/ontology/core#TeacherRole> .
-          ?roleUri <http://purl.obolibrary.org/obo/BFO_0000054> ?resourceUri .
-          ?resourceUri a <http://vivoweb.org/ontology/core#Course> .
-        }
-        UNION
-        {
-          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-          ?roleUri a <http://vivoweb.org/ontology/core#PrincipalInvestigatorRole> .
-          ?roleUri <http://vivoweb.org/ontology/core#relatedBy> ?resourceUri .
-          ?resourceUri a <http://vivoweb.org/ontology/core#Grant> .
-        }
-        UNION
-        {
-          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-          ?roleUri a <http://vivoweb.org/ontology/core#CoPrincipalInvestigatorRole> .
-          ?roleUri <http://vivoweb.org/ontology/core#relatedBy> ?resourceUri .
-          ?resourceUri a <http://vivoweb.org/ontology/core#Grant> .
-        }
-        UNION
-        {
-          ?personUri <http://vivoweb.org/ontology/core#relatedBy> ?roleUri .
-          ?roleUri a <http://vivoweb.org/ontology/core#Authorship> .
-          ?roleUri <http://vivoweb.org/ontology/core#relates> ?resourceUri .
-          ?resourceUri a <http://purl.obolibrary.org/obo/IAO_0000030> .
-        }
-        UNION
-        {
-          ?personUri <http://vivoweb.org/ontology/core#relatedBy> ?roleUri .
-          ?roleUri a <http://vivoweb.org/ontology/core#Editorship> .
-          ?roleUri <http://vivoweb.org/ontology/core#relates> ?resourceUri .
-          ?resourceUri a <http://purl.obolibrary.org/obo/IAO_0000030> .
-        }
-        UNION
-        {
-          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-          ?roleUri a <http://vivoweb.org/ontology/core#PresenterRole> .
-          ?roleUri <http://purl.obolibrary.org/obo/BFO_0000054> ?resourceUri .
-          ?resourceUri a <http://vivoweb.org/ontology/core#Presentation> .
-        }
-        UNION
-        {
-          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-          ?roleUri a <http://vivoweb.org/ontology/core#ClinicalRole> .
-          ?roleUri <http://vivoweb.org/ontology/core#contributesTo> ?resourceUri .
-          ?resourceUri a <http://vivoweb.org/ontology/core#Project> .
-        }
-        UNION
-        {
-          ?personUri <http://purl.obolibrary.org/obo/RO_0000053> ?roleUri .
-          ?roleUri a <http://vivoweb.org/ontology/core#ClinicalRole> .
-          ?roleUri <http://vivoweb.org/ontology/core#contributesTo> ?resourceUri .
-          ?resourceUri a <http://vivoweb.org/ontology/core#Service> .
-        }
-        UNION
-        { 
           BIND ( ?personUri as ?resourceUri)
-        }
     }
     """ .
 

From 45eaf1e6aa968e6e554528a02334a8aa56d350bd Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 29 Nov 2023 10:34:19 +0100
Subject: [PATCH 142/148] Renamed property access:attribute to
 access:hasTypeToCheck

---
 .../vitro/webapp/auth/policy/PolicyLoader.java   |  4 ++--
 .../webapp/auth/rules/proximity_test_policy.n3   |  2 +-
 .../webapp/auth/rules/test_policy_broken1.n3     |  4 ++--
 .../webapp/auth/rules/test_policy_broken2.n3     |  2 +-
 .../webapp/auth/rules/test_policy_broken3.n3     |  4 ++--
 .../webapp/auth/rules/test_policy_broken4.n3     |  4 ++--
 .../webapp/auth/rules/test_policy_broken5.n3     |  4 ++--
 .../webapp/auth/rules/test_policy_broken_set.n3  |  4 ++--
 .../vitro/webapp/auth/rules/test_policy_key.n3   |  2 +-
 .../vitro/webapp/auth/rules/test_policy_valid.n3 |  2 +-
 .../webapp/auth/rules/test_policy_valid_set.n3   |  4 ++--
 .../firsttime/policy_menu_items_editing.n3       | 10 +++++-----
 .../firsttime/policy_related_editable_pages.n3   | 12 ++++++------
 .../accessControl/firsttime/policy_root_user.n3  |  2 +-
 .../firsttime/template_access_allowed_class.n3   |  8 ++++----
 .../template_access_allowed_property.n3          | 12 ++++++------
 .../template_access_related_allowed_property.n3  | 12 ++++++------
 .../firsttime/template_editable_pages.n3         | 10 +++++-----
 .../template_not_modifiable_statements.n3        | 16 ++++++++--------
 .../firsttime/template_simple_permissions.n3     |  8 ++++----
 .../template_update_related_allowed_property.n3  | 14 +++++++-------
 .../firsttime/vitro-access-control-ontology.n3   |  3 ++-
 22 files changed, 72 insertions(+), 71 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 64cb5643cc..35e9eafa6d 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -108,7 +108,7 @@ public class PolicyLoader {
             + "  }\n"
             + "}"
             + "OPTIONAL {\n"
-            + "  ?check access:attribute ?checkType . \n"
+            + "  ?check access:hasTypeToCheck ?checkType . \n"
             + "  OPTIONAL {\n"
             + "    ?checkType access:id ?typeId . \n"
             + "  }\n"
@@ -142,7 +142,7 @@ public class PolicyLoader {
             + "      }\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?check access:attribute ?checkType .\n"
+            + "      ?check access:hasTypeToCheck ?checkType .\n"
             + "      OPTIONAL {\n"
             + "        ?checkType access:id ?typeId .\n"
             + "      }\n"
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
index 7d25ee348b..9f3d1253fc 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/proximity_test_policy.n3
@@ -16,7 +16,7 @@ access-individual:AllowPersonEditOwnPublication rdf:type access:Rule ;
           
 access-individual:PublicationInProximityAttribute rdf:type access:Check ;
     access:useOperator access-individual:SparqlSelectQueryContains ;
-    access:attribute access-individual:StatementSubjectUri ;
+    access:hasTypeToCheck access-individual:StatementSubjectUri ;
     access:value access-individual:PublicationProximityToPerson .
 
 access-individual:PublicationProximityToPerson rdf:type access:ValueSet ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
index e0e2b08c77..db080e23cc 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken1.n3
@@ -16,11 +16,11 @@ access-individual:BrokenTestRule rdf:type access:Rule ;
     access:requiresCheck access-individual:BrokenTestAttribute .
   
 access-individual:BrokenTestAttribute rdf:type access:Check ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:PublishOperation .
  
 access-individual:ValidTestAttribute rdf:type access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
index 848a22226e..8589657f09 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken2.n3
@@ -21,6 +21,6 @@ access-individual:BrokenTestAttribute rdf:type access:Check ;
  
 access-individual:ValidTestAttribute rdf:type access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
index fd6d010f34..129dab4e02 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken3.n3
@@ -17,11 +17,11 @@ access-individual:BrokenTestRule rdf:type access:Rule ;
   
 access-individual:BrokenTestAttribute rdf:type access:Check ;
     access:useOperator access-individual:UnknownTest ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:PublishOperation .
  
 access-individual:ValidTestAttribute rdf:type access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
index 58fd51f987..c59a0817db 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken4.n3
@@ -17,11 +17,11 @@ access-individual:BrokenTestRule rdf:type access:Rule ;
 
 access-individual:BrokenTestAttribute rdf:type access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:UnknownType ;
+    access:hasTypeToCheck access-individual:UnknownType ;
     access:value access-individual:PublishOperation .
 
 access-individual:ValidTestAttribute rdf:type access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
index e3817335b7..22ecf66146 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken5.n3
@@ -18,12 +18,12 @@ access-individual:BrokenRule rdf:type access:Rule ;
 
 access-individual:BrokenAttribute1 rdf:type access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:ObjectUri ;
+    access:hasTypeToCheck access-individual:ObjectUri ;
     access:setValue access-individual:valueSet1 .
 
 access-individual:BrokenAttribute2 rdf:type access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:ObjectUri ;
+    access:hasTypeToCheck access-individual:ObjectUri ;
     access:setValue access-individual:valueSet2 .
 
 access-individual:testDataSet1 rdf:type access:DataSet ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
index a8f09ef315..7ef2cbcd69 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_broken_set.n3
@@ -19,13 +19,13 @@ access-individual:BrokenRule rdf:type access:Rule ;
     
 access-individual:BrokenSetAttribute1 rdf:type access:Check ;
     access:useOperator access-individual:NotOneOf ;
-    access:attribute access-individual:ObjectUri ;
+    access:hasTypeToCheck access-individual:ObjectUri ;
     access:values access-individual:valueSet1 ;
     .
     
 access-individual:BrokenSetAttribute2 rdf:type access:Check ;
     access:useOperator access-individual:NotOneOf ;
-    access:attribute access-individual:ObjectUri ;
+    access:hasTypeToCheck access-individual:ObjectUri ;
     access:values access-individual:valueSet2 ;
     .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
index 6ed9f8b2b4..5be315317a 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_key.n3
@@ -17,7 +17,7 @@ access-individual:KeyTestRule rdf:type access:Rule ;
     
 access-individual:KeyTestAttribute rdf:type access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:PublishOperation .
 
 access-individual:PolicyKeyTest rdf:type access:PolicyKey ;
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
index ad4dcba404..b345e24e0a 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid.n3
@@ -16,6 +16,6 @@ access-individual:ValidRule rdf:type access:Rule ;
     
 access-individual:ValidAttribute rdf:type access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:PublishOperation .
 
diff --git a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3 b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
index dd5f016c9f..49ca545a6e 100644
--- a/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
+++ b/api/src/test/resources/edu/cornell/mannlib/vitro/webapp/auth/rules/test_policy_valid_set.n3
@@ -19,14 +19,14 @@ access-individual:ValidRule rdf:type access:Rule ;
     
 access-individual:ValidAttribute1 rdf:type access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectUri ;
+    access:hasTypeToCheck access-individual:AccessObjectUri ;
     access:values access-individual:valueSet1 ;
     access:values access-individual:valueSet3 ;
     .
     
 access-individual:ValidAttribute2 rdf:type access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectUri ;
+    access:hasTypeToCheck access-individual:AccessObjectUri ;
     access:values access-individual:valueSet4 ;
     access:values access-individual:valueSet2 ;
     .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
index 28aa30e14c..a25c9e2f3a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
@@ -25,25 +25,25 @@
 
 :IsEditOperationCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:EditOperation .
 
 :IsDropOperationCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:DropOperation .
 
 :IsObjectPropertyStatement a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:value access-individual:ObjectPropertyStatement .
 
 :PredicateUriEqualsHomeMenuItem a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:StatementPredicateUri ;
+    access:hasTypeToCheck access-individual:StatementPredicateUri ;
     access:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#HomeMenuItem> .
 
 :ObjectUriEqualsHasElement a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:StatementObjectUri ;
+    access:hasTypeToCheck access-individual:StatementObjectUri ;
     access:value <http://vitro.mannlib.cornell.edu/ontologies/display/1.1#hasElement> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_related_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_related_editable_pages.n3
index 61a9237a81..c024f38106 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_related_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_related_editable_pages.n3
@@ -18,32 +18,32 @@
 
 :SubjectRoleIsSelfEditor a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:SubjectRole ;
+    access:hasTypeToCheck access-individual:SubjectRole ;
     access:value access-individual:SelfEditorRoleUri .
 
 :IsEditOperation a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:EditOperation .
 
 :PredicateIsSomePredicate a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:StatementPredicateUri ;
+    access:hasTypeToCheck access-individual:StatementPredicateUri ;
     access:value :SomeUri .
 
 :ObjectUriIsSomeUri a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:StatementObjectUri ;
+    access:hasTypeToCheck access-individual:StatementObjectUri ;
     access:value :SomeUri .
 
 :SubjectUriIsProfileRelatedResource a access:Check ;
     access:useOperator access-individual:SparqlSelectQueryContains ;
-    access:attribute access-individual:StatementSubjectUri ;
+    access:hasTypeToCheck access-individual:StatementSubjectUri ;
     access:value access-individual:PersonProfileProximityToResourceUri .
 
 :IsObjectPropertyStatement a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:value access-individual:ObjectPropertyStatement .
 
 :SomeUri a access:AttributeUriValue ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
index 26d5960403..c6904ffeb9 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_root_user.n3
@@ -13,6 +13,6 @@
 
 :IsRootUserCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:SubjectType ;
+    access:hasTypeToCheck access-individual:SubjectType ;
     access:value access-individual:RootUserSubject .
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
index 225a318c80..d35a71c5f8 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_class.n3
@@ -315,13 +315,13 @@
 
 :AccessObjectTypeCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:values access-individual:ClassValueSet ;
     .
 
 :OperationCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:values access-individual:DisplayOperationValueSet ;
     access:values access-individual:PublishOperationValueSet ;
     access:values access-individual:UpdateOperationValueSet ;
@@ -329,7 +329,7 @@
 
 :SubjectRoleCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:SubjectRole ;
+    access:hasTypeToCheck access-individual:SubjectRole ;
     access:values access-individual:PublicRoleValueSet ;
     access:values access-individual:SelfEditorRoleValueSet ;
     access:values access-individual:EditorRoleValueSet ;
@@ -338,7 +338,7 @@
 
 :AccessObjectUriCheck a access:Check ;
     access:useOperator access-individual:OneOf ;
-    access:attribute access-individual:AccessObjectUri ;
+    access:hasTypeToCheck access-individual:AccessObjectUri ;
     access:values :AdminPublishClassValueSet ;
     access:values :AdminDisplayClassValueSet ;
     access:values :AdminUpdateClassValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
index a054dc140b..a4f4be4415 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3
@@ -1753,7 +1753,7 @@
 
 :AccessObjectTypeEqualsDataSetValue a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:values access-individual:ObjectPropertyValueSet ;
     access:values access-individual:DataPropertyValueSet ;
     access:values access-individual:FauxObjectPropertyValueSet ;
@@ -1769,7 +1769,7 @@
 
 :AccessObjectTypeStatementEquals a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:values access-individual:ObjectPropertyStatementValueSet ;
     access:values access-individual:DataPropertyStatementValueSet ;
     access:values access-individual:FauxObjectPropertyStatementValueSet ;
@@ -1778,7 +1778,7 @@
 
 :OperationEqualsDataSetOperation a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:values access-individual:DisplayOperationValueSet ;
     access:values access-individual:PublishOperationValueSet ;
     access:values access-individual:EditOperationValueSet ;
@@ -1788,7 +1788,7 @@
 
 :SubjectRoleEqualsDataSetRoleAttribute a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:SubjectRole ;
+    access:hasTypeToCheck access-individual:SubjectRole ;
     access:values access-individual:PublicRoleValueSet ;
     access:values access-individual:EditorRoleValueSet ;
     access:values access-individual:CuratorRoleValueSet ;
@@ -1796,7 +1796,7 @@
 
 :StatementPredicateEquals a access:Check ;
     access:useOperator access-individual:OneOf ;
-    access:attribute access-individual:StatementPredicateUri ;
+    access:hasTypeToCheck access-individual:StatementPredicateUri ;
     access:values :PublicDisplayObjectPropertyValueSet ;
     access:values :EditorDisplayObjectPropertyValueSet ;
     access:values :CuratorDisplayObjectPropertyValueSet ;
@@ -1896,7 +1896,7 @@
 
 :AccessObjectUriContainsInDataSet a access:Check ;
     access:useOperator access-individual:OneOf ;
-    access:attribute access-individual:AccessObjectUri ;
+    access:hasTypeToCheck access-individual:AccessObjectUri ;
     access:values :PublicDisplayObjectPropertyValueSet ;
     access:values :EditorDisplayObjectPropertyValueSet ;
     access:values :CuratorDisplayObjectPropertyValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
index 2446aac9ac..e63dedc2f5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_related_allowed_property.n3
@@ -147,7 +147,7 @@
 
 :AccessObjectTypeCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:values access-individual:ObjectPropertyValueSet ;
     access:values access-individual:DataPropertyValueSet ;
     access:values access-individual:FauxObjectPropertyValueSet ;
@@ -163,7 +163,7 @@
 
 :AccessObjectStatementTypeCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:values access-individual:ObjectPropertyStatementValueSet ;
     access:values access-individual:DataPropertyStatementValueSet ;
     access:values access-individual:FauxObjectPropertyStatementValueSet ;
@@ -172,19 +172,19 @@
 
 :OperationCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:values access-individual:DisplayOperationValueSet ;
     access:values access-individual:PublishOperationValueSet ;
     .
 
 :SubjectRoleCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:SubjectRole ;
+    access:hasTypeToCheck access-individual:SubjectRole ;
     access:values access-individual:SelfEditorRoleValueSet .
 
 :StatementPredicateCheck a access:Check ;
     access:useOperator access-individual:OneOf ;
-    access:attribute access-individual:StatementPredicateUri ;
+    access:hasTypeToCheck access-individual:StatementPredicateUri ;
     access:values :SelfEditorDisplayObjectPropertyValueSet ;
     access:values :SelfEditorDisplayDataPropertyValueSet ;
     access:values :SelfEditorDisplayFauxObjectPropertyValueSet ;
@@ -197,7 +197,7 @@
 
 :AccessObjectUriCheck a access:Check ;
     access:useOperator access-individual:OneOf ;
-    access:attribute access-individual:AccessObjectUri ;
+    access:hasTypeToCheck access-individual:AccessObjectUri ;
     access:values :SelfEditorDisplayObjectPropertyValueSet ;
     access:values :SelfEditorDisplayDataPropertyValueSet ;
     access:values :SelfEditorDisplayFauxObjectPropertyValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_editable_pages.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_editable_pages.n3
index e6a864b7da..ec60d0acf7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_editable_pages.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_editable_pages.n3
@@ -41,29 +41,29 @@
 
 :SubjectRoleCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:SubjectRole ;
+    access:hasTypeToCheck access-individual:SubjectRole ;
     access:values access-individual:AdminRoleValueSet ;
     access:values access-individual:CuratorRoleValueSet ;
     access:values access-individual:EditorRoleValueSet .
 
 :IsEditOperation a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:EditOperation .
 
 :PredicateIsSomePredicate a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:StatementPredicateUri ;
+    access:hasTypeToCheck access-individual:StatementPredicateUri ;
     access:value :SomeUri .
 
 :ObjectUriIsSomeUri a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:StatementObjectUri ;
+    access:hasTypeToCheck access-individual:StatementObjectUri ;
     access:value :SomeUri .
 
 :IsObjectPropertyStatement a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:value access-individual:ObjectPropertyStatement .
 
 :SomeUri a access:AttributeUriValue ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index 4468d22776..e9a7b942fa 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -46,43 +46,43 @@
 
 :IsObjectPropertyStatement a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:value access-individual:ObjectPropertyStatement .
 
 :IsDataPropertyStatement a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:value access-individual:DataPropertyStatement .
 
 ### Not modifiable property statement attributes
 :PredicateUriStartWithProhibitedNamespace a access:Check ;
     access:useOperator access-individual:StartsWith ;
-    access:attribute access-individual:StatementPredicateUri ;
+    access:hasTypeToCheck access-individual:StatementPredicateUri ;
     access:values :ProhibitedNamespaceValueSet .
 
 :PredicateNotANamespaceException a access:Check ;
     access:useOperator access-individual:NotOneOf ;
-    access:attribute access-individual:StatementPredicateUri ;
+    access:hasTypeToCheck access-individual:StatementPredicateUri ;
     access:values :ProhibitedNamespaceExceptionsValueSet .
 
 :SubjectUriStartWithProhibitedNamespace a access:Check ;
     access:useOperator access-individual:StartsWith ;
-    access:attribute access-individual:StatementSubjectUri ;
+    access:hasTypeToCheck access-individual:StatementSubjectUri ;
     access:values :ProhibitedNamespaceValueSet .
 
 :StatementSubjectNotOneOfProhibitedExceptions a access:Check ;
     access:useOperator access-individual:NotOneOf ;
-    access:attribute access-individual:StatementSubjectUri ;
+    access:hasTypeToCheck access-individual:StatementSubjectUri ;
     access:values :ProhibitedNamespaceExceptionsValueSet .
 
 :StatementObjectUriStartsWithProhibitedNameSpace a access:Check ;
     access:useOperator access-individual:StartsWith ;
-    access:attribute access-individual:StatementObjectUri ;
+    access:hasTypeToCheck access-individual:StatementObjectUri ;
     access:values :ProhibitedNamespaceValueSet .
 
 :ObjectUriNotOneOfProhibitedExceptions a access:Check ;
     access:useOperator access-individual:NotOneOf ;
-    access:attribute access-individual:StatementObjectUri ;
+    access:hasTypeToCheck access-individual:StatementObjectUri ;
     access:values :ProhibitedNamespaceExceptionsValueSet .
 
 :NotModifiableStatementsPolicyDataSet a access:DataSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
index 7d85588e6c..5f6cc4cce0 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_simple_permissions.n3
@@ -102,12 +102,12 @@
 
 :IsExecuteOperation a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:value access-individual:ExecuteOperation .
 
 :PermissionNameAllowed a access:Check ;
     access:useOperator access-individual:OneOf ;
-    access:attribute access-individual:AccessObjectUri ;
+    access:hasTypeToCheck access-individual:AccessObjectUri ;
     access:values :PublicSimplePermissionValueSet ;
     access:values :SelfEditorSimplePermissionValueSet ;
     access:values :EditorSimplePermissionValueSet ;
@@ -116,7 +116,7 @@
 
 :IsSimplePermission a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:value access-individual:NamedObject .
 
 :PublicSimplePermissionValueSet a access:ValueSet ;
@@ -132,7 +132,7 @@
 
 :SubjectRoleEqualsDataSetRole a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:SubjectRole ;
+    access:hasTypeToCheck access-individual:SubjectRole ;
     access:values access-individual:PublicRoleValueSet ;
     access:values access-individual:SelfEditorRoleValueSet ;
     access:values access-individual:EditorRoleValueSet ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
index 27c03c9258..8f28475ec6 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_update_related_allowed_property.n3
@@ -213,7 +213,7 @@
 
 :AccessObjectTypeCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:values access-individual:ObjectPropertyValueSet ;
     access:values access-individual:DataPropertyValueSet ;
     access:values access-individual:FauxObjectPropertyValueSet ;
@@ -230,12 +230,12 @@
 
 :RelationCheck a access:Check ;
     access:useOperator access-individual:SparqlSelectQueryContains ;
-    access:attribute access-individual:StatementSubjectUri ;
+    access:hasTypeToCheck access-individual:StatementSubjectUri ;
     access:value access-individual:PersonProfileProximityToResourceUri .
 
 :AccessObjectStatementTypeCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:AccessObjectType ;
+    access:hasTypeToCheck access-individual:AccessObjectType ;
     access:values access-individual:ObjectPropertyStatementValueSet ;
     access:values access-individual:DataPropertyStatementValueSet ;
     access:values access-individual:FauxObjectPropertyStatementValueSet ;
@@ -244,7 +244,7 @@
 
 :OperationCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:Operation ;
+    access:hasTypeToCheck access-individual:Operation ;
     access:values access-individual:AddOperationValueSet ;
     access:values access-individual:DropOperationValueSet ;
     access:values access-individual:EditOperationValueSet ;
@@ -252,12 +252,12 @@
 
 :SubjectRoleCheck a access:Check ;
     access:useOperator access-individual:Equals ;
-    access:attribute access-individual:SubjectRole ;
+    access:hasTypeToCheck access-individual:SubjectRole ;
     access:values access-individual:SelfEditorRoleValueSet .
 
 :StatementPredicateCheck a access:Check ;
     access:useOperator access-individual:OneOf ;
-    access:attribute access-individual:StatementPredicateUri ;
+    access:hasTypeToCheck access-individual:StatementPredicateUri ;
     access:values :SelfEditorAddObjectPropertyValueSet ;
     access:values :SelfEditorAddDataPropertyValueSet ;
     access:values :SelfEditorAddFauxObjectPropertyValueSet ;
@@ -276,7 +276,7 @@
 
 :AccessObjectUriCheck a access:Check ;
     access:useOperator access-individual:OneOf ;
-    access:attribute access-individual:AccessObjectUri ;
+    access:hasTypeToCheck access-individual:AccessObjectUri ;
     access:values :SelfEditorAddObjectPropertyValueSet ;
     access:values :SelfEditorAddDataPropertyValueSet ;
     access:values :SelfEditorAddFauxObjectPropertyValueSet ;
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index 92b0f22d19..f2bce3b9cb 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -149,7 +149,8 @@
     rdfs:domain :Check ;
     rdfs:range :Operator .
 
-:attribute a owl:ObjectProperty ;
+:hasTypeToCheck a owl:ObjectProperty ,
+    owl:FunctionalProperty ;
     rdfs:comment "Set attribute that should be checked";
     rdfs:label "attribute"@en-US ;
     rdfs:domain :Check ;

From 6c65b6094017308957bb7b265f788bc7bf45f9a0 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 29 Nov 2023 10:42:53 +0100
Subject: [PATCH 143/148] Renamed property access:decision to
 access:hasDecision

---
 .../mannlib/vitro/webapp/auth/policy/PolicyLoader.java |  4 ++--
 .../firsttime/policy_menu_items_editing.n3             |  4 ++--
 .../firsttime/template_not_modifiable_statements.n3    | 10 +++++-----
 .../tbox/firsttime/vitro-access-control-ontology.n3    |  8 ++++----
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
index 35e9eafa6d..bc70622e17 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
@@ -114,7 +114,7 @@ public class PolicyLoader {
             + "  }\n"
             + "}\n"
             + "OPTIONAL {\n"
-            + "   ?rule access:decision ?decision . \n"
+            + "   ?rule access:hasDecision ?decision . \n"
             + "   ?decision access:id ?decision_id . \n"
             + "}\n"
             + "?check access:value ?value . \n"
@@ -148,7 +148,7 @@ public class PolicyLoader {
             + "      }\n"
             + "    }\n"
             + "    OPTIONAL {\n"
-            + "      ?rule access:decision ?decision .\n"
+            + "      ?rule access:hasDecision ?decision .\n"
             + "      ?decision access:id ?decision_id .\n"
             + "    }\n"
             + "    OPTIONAL {\n"
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3 b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
index a25c9e2f3a..d17a4a78f9 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/policy_menu_items_editing.n3
@@ -10,14 +10,14 @@
     access:hasRule :RestrictDrop .
 
 :RestrictEdit a access:Rule ;
-    access:decision access-individual:Deny ;
+    access:hasDecision access-individual:Deny ;
     access:requiresCheck :IsEditOperationCheck ;
     access:requiresCheck :IsObjectPropertyStatement ;
     access:requiresCheck :PredicateUriEqualsHomeMenuItem ;
     access:requiresCheck :ObjectUriEqualsHasElement .
 
 :RestrictDrop a access:Rule ;
-    access:decision access-individual:Deny ;
+    access:hasDecision access-individual:Deny ;
     access:requiresCheck :IsDropOperationCheck ;
     access:requiresCheck :IsObjectPropertyStatement ;
     access:requiresCheck :PredicateUriEqualsHomeMenuItem ;
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
index e9a7b942fa..1d4ef340a5 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/template_not_modifiable_statements.n3
@@ -15,31 +15,31 @@
     .
 
 :RestrictObjectPropertyStatementsWithNotModifiableSubject a access:Rule ;
-    access:decision access-individual:Deny ;
+    access:hasDecision access-individual:Deny ;
     access:requiresCheck :IsObjectPropertyStatement ;
     access:requiresCheck :SubjectUriStartWithProhibitedNamespace ;
     access:requiresCheck :StatementSubjectNotOneOfProhibitedExceptions .
 
 :RestrictObjectPropertyStatementsWithNotModifiablePredicate a access:Rule ;
-    access:decision access-individual:Deny ;
+    access:hasDecision access-individual:Deny ;
     access:requiresCheck :IsObjectPropertyStatement ;
     access:requiresCheck :PredicateUriStartWithProhibitedNamespace ;
     access:requiresCheck :PredicateNotANamespaceException .
 
 :RestrictObjectPropertyStatementsWithNotModifiableObject a access:Rule ;
-    access:decision access-individual:Deny ;
+    access:hasDecision access-individual:Deny ;
     access:requiresCheck :IsObjectPropertyStatement ;
     access:requiresCheck :StatementObjectUriStartsWithProhibitedNameSpace ;
     access:requiresCheck :ObjectUriNotOneOfProhibitedExceptions .
 
 :RestrictDataPropertyStatementsWithNotModifiableSubject a access:Rule ;
-    access:decision access-individual:Deny ;
+    access:hasDecision access-individual:Deny ;
     access:requiresCheck :IsDataPropertyStatement ;
     access:requiresCheck :SubjectUriStartWithProhibitedNamespace ;
     access:requiresCheck :StatementSubjectNotOneOfProhibitedExceptions .
 
 :RestrictDataPropertyStatementsWithNotModifiablePredicate a access:Rule ;
-    access:decision access-individual:Deny ;
+    access:hasDecision access-individual:Deny ;
     access:requiresCheck :IsDataPropertyStatement ;
     access:requiresCheck :PredicateUriStartWithProhibitedNamespace ;
     access:requiresCheck :PredicateNotANamespaceException .
diff --git a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3 b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
index f2bce3b9cb..886a7bd068 100644
--- a/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
+++ b/home/src/main/resources/rdf/tbox/firsttime/vitro-access-control-ontology.n3
@@ -151,8 +151,8 @@
 
 :hasTypeToCheck a owl:ObjectProperty ,
     owl:FunctionalProperty ;
-    rdfs:comment "Set attribute that should be checked";
-    rdfs:label "attribute"@en-US ;
+    rdfs:comment "Set attribute type that should be checked";
+    rdfs:label "has type to check"@en-US ;
     rdfs:domain :Check ;
     rdfs:range :AttributeType .
 
@@ -200,9 +200,9 @@
     rdfs:domain :Rule ;
     rdfs:range :Check .
 
-:decision a owl:ObjectProperty ;
+:hasDecision a owl:ObjectProperty ;
     rdfs:comment "Decision to return in case of all checks match";
-    rdfs:label "decision"@en-US ;
+    rdfs:label "has decision"@en-US ;
     rdfs:domain :Rule ;
     rdfs:range :Decision .    
 

From 434a55704e386d4c5f9a21079c77395f601a0637 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 29 Nov 2023 11:39:14 +0100
Subject: [PATCH 144/148] Allow rdfs:label on ARM migration

---
 .../mannlib/vitro/webapp/migration/auth/ArmMigrator.java   | 7 +++++++
 .../vitro/webapp/migration/auth/ArmMigratorTest.java       | 5 +++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
index 0a201dd8f7..58b3af75f9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
@@ -14,6 +14,7 @@
 import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyLoader;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTemplateController;
+import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.RDFServiceUtils;
@@ -218,6 +219,12 @@ private void getRoleOperationObjectTypedStatementsToAdd(Map<AccessObjectType, Se
                 Set<String> faux = getFauxByBase(entity);
                 addFauxDP.addAll(faux);
             }
+            // Workaround for missing rdfs:label in ARM
+            //Allow any role to display/update/publish rdfs:label
+            //with exception to public role and update/publish operations groups
+            if (!(ARM_PUBLIC.equals(role) && !OperationGroup.DISPLAY_GROUP.equals(og))) {
+                intersectionEntities.add(VitroVocabulary.LABEL);
+            }
         }
         if (AccessObjectType.FAUX_OBJECT_PROPERTY.equals(type)) {
             intersectionEntities.addAll(addFauxOP);
diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
index c0a094c11c..db01ad83b7 100644
--- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
+++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigratorTest.java
@@ -124,8 +124,9 @@ public void migrateConfigurationTest() {
         armMigrator.collectAdditions(entityTypeMap);
         String stringResult = armMigrator.additions.toString();
         assertFalse(stringResult.isEmpty());
-        assertEquals(33, getCount("\n", stringResult));
-        assertEquals(33, getCount(value, stringResult));
+        assertEquals(59, getCount("\n", stringResult));
+        assertEquals(59, getCount(value, stringResult));
+        assertEquals(26, getCount(VitroVocabulary.LABEL, stringResult));
         assertEquals(6, getCount(OBJECT_PROPERTY_URI, stringResult));
         assertEquals(3, getCount(CLASS_URI, stringResult));
         assertEquals(5, getCount(DATA_PROPERTY_URI, stringResult));

From 978a2d532f7913c6411b3d0c59b25b888f70c07e Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 29 Nov 2023 12:38:26 +0100
Subject: [PATCH 145/148] fix: renamed Vitro value sets for rdfs:label data
 property

---
 ...erty.n3 => allowed_entities_admin_add_data_property.n3} | 2 +-
 ....n3 => allowed_entities_admin_display_data_property.n3} | 4 ++--
 ...rty.n3 => allowed_entities_admin_drop_data_property.n3} | 4 ++--
 ...rty.n3 => allowed_entities_admin_edit_data_property.n3} | 2 +-
 .../allowed_entities_admin_publish_data_property.n3        | 7 +++++++
 .../allowed_entities_admin_publish_object_property.n3      | 7 -------
 ...ty.n3 => allowed_entities_curator_add_data_property.n3} | 4 ++--
 ...3 => allowed_entities_curator_display_data_property.n3} | 2 +-
 .../allowed_entities_curator_drop_data_property.n3         | 7 +++++++
 .../allowed_entities_curator_drop_object_property.n3       | 7 -------
 .../allowed_entities_curator_edit_data_property.n3         | 7 +++++++
 .../allowed_entities_curator_edit_object_property.n3       | 7 -------
 ...3 => allowed_entities_curator_publish_data_property.n3} | 4 ++--
 .../allowed_entities_curator_publish_object_property.n3    | 7 -------
 .../firsttime/allowed_entities_editor_add_data_property.n3 | 7 +++++++
 .../allowed_entities_editor_display_data_property.n3       | 7 +++++++
 .../allowed_entities_editor_display_object_property.n3     | 7 -------
 .../allowed_entities_editor_drop_data_property.n3          | 7 +++++++
 .../allowed_entities_editor_drop_object_property.n3        | 7 -------
 .../allowed_entities_editor_edit_data_property.n3          | 7 +++++++
 .../allowed_entities_editor_edit_object_property.n3        | 7 -------
 .../allowed_entities_editor_publish_data_property.n3       | 7 +++++++
 .../allowed_entities_editor_publish_object_property.n3     | 7 -------
 .../allowed_entities_public_display_data_property.n3       | 7 +++++++
 .../allowed_entities_public_display_object_property.n3     | 7 -------
 ...3 => allowed_entities_self_editor_add_data_property.n3} | 2 +-
 ... allowed_entities_self_editor_display_data_property.n3} | 2 +-
 ... => allowed_entities_self_editor_drop_data_property.n3} | 2 +-
 ... => allowed_entities_self_editor_edit_data_property.n3} | 2 +-
 ... allowed_entities_self_editor_publish_data_property.n3} | 2 +-
 30 files changed, 79 insertions(+), 79 deletions(-)
 rename home/src/main/resources/rdf/accessControl/firsttime/{allowed_entities_admin_add_object_property.n3 => allowed_entities_admin_add_data_property.n3} (87%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{allowed_entities_curator_add_object_property.n3 => allowed_entities_admin_display_data_property.n3} (86%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{allowed_entities_editor_add_object_property.n3 => allowed_entities_admin_drop_data_property.n3} (87%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{allowed_entities_admin_drop_object_property.n3 => allowed_entities_admin_edit_data_property.n3} (87%)
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_object_property.n3
 rename home/src/main/resources/rdf/accessControl/firsttime/{allowed_entities_admin_edit_object_property.n3 => allowed_entities_curator_add_data_property.n3} (87%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{allowed_entities_curator_display_object_property.n3 => allowed_entities_curator_display_data_property.n3} (86%)
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_object_property.n3
 rename home/src/main/resources/rdf/accessControl/firsttime/{allowed_entities_admin_display_object_property.n3 => allowed_entities_curator_publish_data_property.n3} (86%)
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_data_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_object_property.n3
 create mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_data_property.n3
 delete mode 100644 home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_object_property.n3
 rename home/src/main/resources/rdf/accessControl/firsttime/{allowed_entities_self_editor_add_object_property.n3 => allowed_entities_self_editor_add_data_property.n3} (86%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{allowed_entities_self_editor_display_object_property.n3 => allowed_entities_self_editor_display_data_property.n3} (85%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{allowed_entities_self_editor_drop_object_property.n3 => allowed_entities_self_editor_drop_data_property.n3} (86%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{allowed_entities_self_editor_edit_object_property.n3 => allowed_entities_self_editor_edit_data_property.n3} (86%)
 rename home/src/main/resources/rdf/accessControl/firsttime/{allowed_entities_self_editor_publish_object_property.n3 => allowed_entities_self_editor_publish_data_property.n3} (85%)

diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_data_property.n3
similarity index 87%
rename from home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_data_property.n3
index 8586660272..66da854fbc 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_add_data_property.n3
@@ -3,7 +3,7 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:AdminAddObjectPropertyValueSet access:value
+:AdminAddDataPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
 
 
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_data_property.n3
similarity index 86%
rename from home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_data_property.n3
index 5d0591b742..63d353625c 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_data_property.n3
@@ -1,7 +1,7 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 
-:CuratorAddObjectPropertyValueSet access:value
+:AdminDisplayDataPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_data_property.n3
similarity index 87%
rename from home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_data_property.n3
index 0c8ea82c58..f73378dc24 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_data_property.n3
@@ -1,7 +1,7 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 
-:EditorAddObjectPropertyValueSet access:value
+:AdminDropDataPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_data_property.n3
similarity index 87%
rename from home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_data_property.n3
index 325e0322f6..a242fbd7d9 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_drop_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_data_property.n3
@@ -3,5 +3,5 @@
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 
-:AdminDropObjectPropertyValueSet access:value
+:AdminEditDataPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_data_property.n3
new file mode 100644
index 0000000000..acc528b61e
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_data_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+
+:AdminPublishDataPropertyValueSet access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_object_property.n3
deleted file mode 100644
index 22da5710e7..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_publish_object_property.n3
+++ /dev/null
@@ -1,7 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
-
-:AdminPublishObjectPropertyValueSet access:value
-    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_data_property.n3
similarity index 87%
rename from home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_data_property.n3
index 0ed4d77ea2..fccb4f474d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_edit_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_add_data_property.n3
@@ -1,7 +1,7 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:AdminEditObjectPropertyValueSet access:value
+:CuratorAddDataPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_data_property.n3
similarity index 86%
rename from home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_data_property.n3
index 9088fcf843..b2cc317b00 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_display_data_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
     
-:CuratorDisplayObjectPropertyValueSet access:value
+:CuratorDisplayDataPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_data_property.n3
new file mode 100644
index 0000000000..d1ab3d7a67
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_data_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:CuratorDropDataPropertyValueSet access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_object_property.n3
deleted file mode 100644
index 0cf0edc6ae..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_drop_object_property.n3
+++ /dev/null
@@ -1,7 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
-@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-:CuratorDropObjectPropertyValueSet access:value
-    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_data_property.n3
new file mode 100644
index 0000000000..053443fcdc
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_data_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:CuratorEditDataPropertyValueSet access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_object_property.n3
deleted file mode 100644
index 16a68bfb28..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_edit_object_property.n3
+++ /dev/null
@@ -1,7 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
-@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-:CuratorEditObjectPropertyValueSet access:value
-    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_data_property.n3
similarity index 86%
rename from home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_data_property.n3
index d28758ba84..e2de8317c3 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_admin_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_data_property.n3
@@ -1,7 +1,7 @@
 # $This file is distributed under the terms of the license in LICENSE$
 
-@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:AdminDisplayObjectPropertyValueSet access:value
+:CuratorPublishDataPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_object_property.n3
deleted file mode 100644
index b1c6ba8c4e..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_curator_publish_object_property.n3
+++ /dev/null
@@ -1,7 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
-@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-:CuratorPublishObjectPropertyValueSet access:value
-    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_data_property.n3
new file mode 100644
index 0000000000..c315b3d701
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_add_data_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:EditorAddDataPropertyValueSet access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_data_property.n3
new file mode 100644
index 0000000000..54d31adb3f
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_data_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:EditorDisplayDataPropertyValueSet access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_object_property.n3
deleted file mode 100644
index 6137c3c9f7..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_display_object_property.n3
+++ /dev/null
@@ -1,7 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
-@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-:EditorDisplayObjectPropertyValueSet access:value
-    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_data_property.n3
new file mode 100644
index 0000000000..db9d72d5de
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_data_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:EditorDropDataPropertyValueSet access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_object_property.n3
deleted file mode 100644
index 76fcfffedd..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_drop_object_property.n3
+++ /dev/null
@@ -1,7 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
-@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-:EditorDropObjectPropertyValueSet access:value
-    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_data_property.n3
new file mode 100644
index 0000000000..bcd8fac81e
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_data_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:EditorEditDataPropertyValueSet access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_object_property.n3
deleted file mode 100644
index f1e2df8923..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_edit_object_property.n3
+++ /dev/null
@@ -1,7 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
-@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-:EditorEditObjectPropertyValueSet access:value
-    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_data_property.n3
new file mode 100644
index 0000000000..76fe7db899
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_data_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:EditorPublishDataPropertyValueSet access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_object_property.n3
deleted file mode 100644
index 1ca5d1c061..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_editor_publish_object_property.n3
+++ /dev/null
@@ -1,7 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
-@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-:EditorPublishObjectPropertyValueSet access:value
-    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_data_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_data_property.n3
new file mode 100644
index 0000000000..b32b610d07
--- /dev/null
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_data_property.n3
@@ -0,0 +1,7 @@
+# $This file is distributed under the terms of the license in LICENSE$
+
+@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
+@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
+
+:PublicDisplayDataPropertyValueSet access:value
+    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_object_property.n3
deleted file mode 100644
index 70d9c29964..0000000000
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_public_display_object_property.n3
+++ /dev/null
@@ -1,7 +0,0 @@
-# $This file is distributed under the terms of the license in LICENSE$
-
-@prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/access-allowed-property/> .
-@prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
-
-:PublicDisplayObjectPropertyValueSet access:value
-    <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_data_property.n3
similarity index 86%
rename from home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_data_property.n3
index 9530d47713..0cb7427dd6 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_add_data_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/update-related-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:SelfEditorAddObjectPropertyValueSet access:value
+:SelfEditorAddDataPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_data_property.n3
similarity index 85%
rename from home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_data_property.n3
index 04bc5b74b6..54e097b06a 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_display_data_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/related-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:SelfEditorDisplayObjectPropertyValueSet access:value
+:SelfEditorDisplayDataPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_data_property.n3
similarity index 86%
rename from home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_data_property.n3
index 77d8140f2f..ddbcccda5d 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_drop_data_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/update-related-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:SelfEditorDropObjectPropertyValueSet access:value
+:SelfEditorDropDataPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_data_property.n3
similarity index 86%
rename from home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_data_property.n3
index a9829a894f..6b5cb3679b 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_edit_data_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/update-related-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:SelfEditorEditObjectPropertyValueSet access:value
+:SelfEditorEditDataPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .
diff --git a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_object_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_data_property.n3
similarity index 85%
rename from home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_object_property.n3
rename to home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_data_property.n3
index 00cf71b856..070180a3a7 100644
--- a/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_object_property.n3
+++ b/home/src/main/resources/rdf/accessControl/firsttime/allowed_entities_self_editor_publish_data_property.n3
@@ -3,5 +3,5 @@
 @prefix : <https://vivoweb.org/ontology/vitro-application/auth/individual/related-allowed-property/> .
 @prefix access: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .
 
-:SelfEditorPublishObjectPropertyValueSet access:value
+:SelfEditorPublishDataPropertyValueSet access:value
     <http://www.w3.org/2000/01/rdf-schema#label> .

From 3906ee478ba239a3188731f40823302d1f160a32 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 29 Nov 2023 14:16:45 +0100
Subject: [PATCH 146/148] fix: do not create of new array list on each request

---
 .../cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
index 0d315245e0..b277df8bb4 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
@@ -90,7 +90,7 @@ public int compare(Policy lps, Policy rps) {
 
     @Override
     public List<Policy> getList() {
-        return new ArrayList<>(policyList);
+        return policyList;
     }
 
     @Override

From 131ffb4a63df73afe9321ee147a88ca8a90732db Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Wed, 29 Nov 2023 14:17:39 +0100
Subject: [PATCH 147/148] checkstyle fix for prev commit

---
 .../cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
index b277df8bb4..bb00eda4de 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyStore.java
@@ -2,7 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
-import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.LinkedList;

From bb905965004f5683e7709a00902e6cdb95783f0a Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Fri, 1 Dec 2023 09:47:59 +0100
Subject: [PATCH 148/148] refact: renamed authorization request variable

---
 .../individual/BaseIndividualTemplateModel.java               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
index 009830ca69..4bc447ee23 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
@@ -120,8 +120,8 @@ public GroupedPropertyList getPropertyList() {
 	 */
     public boolean isEditable() {
         ObjectPropertyStatementAccessObject aops = new ObjectPropertyStatementAccessObject(vreq.getJenaOntModel(), individual.getURI(), SOME_PREDICATE, SOME_URI);
-        SimpleAuthorizationRequest addSomeObjectProperty = new SimpleAuthorizationRequest(aops, AccessOperation.EDIT);
-        return PolicyHelper.isAuthorizedForActions(vreq, addSomeObjectProperty);
+        SimpleAuthorizationRequest editSomeObjectProperty = new SimpleAuthorizationRequest(aops, AccessOperation.EDIT);
+        return PolicyHelper.isAuthorizedForActions(vreq, editSomeObjectProperty);
     }
 
     public boolean getShowAdminPanel() {