+#
+# Structure for table tt_roles. This table stores group roles.
+#
+CREATE TABLE `tt_roles` (
+ `id` int(11) NOT NULL auto_increment, # Role id. Identifies roles for all groups on the server.
+ `group_id` int(11) NOT NULL, # Group id the role is defined for.
+ `org_id` int(11) default NULL, # Organization id.
+ `name` varchar(80) default NULL, # Role name - custom role name. In case we are editing a
+ # predefined role (USER, etc.), we can rename the role here.
+ `description` varchar(255) default NULL, # Role description.
+ `rank` int(11) default 0, # Role rank, an integer value between 0-512. Predefined role ranks:
+ # User - 4, Supervisor - 12, Client - 16,
+ # Co-manager - 68, Manager - 324, Top manager - 512.
+ # Rank is used to determine what "lesser roles" are in each group
+ # for situations such as "manage_users".
+ `rights` text default NULL, # Comma-separated list of rights assigned to a role.
+ # NULL here for predefined roles (4, 16, 68, 324 - manager)
+ # means a hard-coded set of default access rights.
+ `status` tinyint(4) default 1, # Role status.
+ PRIMARY KEY (`id`)
+);
+
+# Create an index that guarantees unique active and inactive role ranks in each group.
+create unique index role_idx on tt_roles(group_id, rank, status);
+
+# Insert site-wide roles - site administrator and top manager.
+INSERT INTO `tt_roles` (`group_id`, `name`, `rank`, `rights`) VALUES (0, 'Site administrator', 1024, 'administer_site');
+INSERT INTO `tt_roles` (`group_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'track_own_time,track_own_expenses,view_own_reports,view_own_charts,view_own_projects,view_own_tasks,manage_own_settings,view_users,view_client_reports,view_client_invoices,track_time,track_expenses,view_reports,approve_reports,approve_timesheets,view_charts,view_own_clients,override_punch_mode,override_own_punch_mode,override_date_lock,override_own_date_lock,swap_roles,update_work,manage_own_account,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,override_allow_ip,manage_basic_settings,view_all_reports,manage_work,bid_on_work,manage_features,manage_advanced_settings,manage_roles,export_data,approve_all_reports,approve_own_timesheets,manage_subgroups,view_client_unapproved,delete_group');
+
+