private void updateOrienteerUserRoleDoc(ODatabaseDocument db, ODocument perspective) {
OSecurity security = db.getMetadata().getSecurity();
ORole role = security.getRole(ORIENTEER_USER_ROLE);
if (role == null) {
ORole reader = security.getRole("reader");
role = security.createRole(ORIENTEER_USER_ROLE, reader, OSecurityRole.ALLOW_MODES.DENY_ALL_BUT);
}
role.grant(ResourceGeneric.CLASS, OWidgetsModule.OCLASS_WIDGET, READ.getPermissionFlag());
role.grant(ResourceGeneric.CLASS, OWidgetsModule.OCLASS_DASHBOARD, READ.getPermissionFlag());
role.grant(ResourceGeneric.CLASS, PerspectivesModule.OCLASS_ITEM, READ.getPermissionFlag());
role.grant(ResourceGeneric.CLASS, PerspectivesModule.OCLASS_PERSPECTIVE, READ.getPermissionFlag());
role.grant(ResourceGeneric.CLASS, ORole.CLASS_NAME, READ.getPermissionFlag());
role.grant(ResourceGeneric.SCHEMA, null, READ.getPermissionFlag());
role.grant(ResourceGeneric.CLUSTER, "internal", READ.getPermissionFlag());
role.grant(ResourceGeneric.RECORD_HOOK, "", READ.getPermissionFlag());
role.grant(ResourceGeneric.DATABASE, null, READ.getPermissionFlag());
role.grant(ResourceGeneric.DATABASE, "systemclusters", READ.getPermissionFlag());
role.grant(ResourceGeneric.DATABASE, "function", READ.getPermissionFlag());
role.grant(ResourceGeneric.DATABASE, "command", READ.getPermissionFlag());
role.grant(OSecurityHelper.FEATURE_RESOURCE, SearchPage.SEARCH_FEATURE, READ.getPermissionFlag());
role.grant(ResourceGeneric.CLASS, OrienteerUser.CLASS_NAME, OrientPermission.combinedPermission(READ, UPDATE));
role.grant(ResourceGeneric.DATABASE, "cluster", OrientPermission.combinedPermission(READ, UPDATE));
role.getDocument().field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singletonList(role.getDocument()));
role.getDocument().field(PerspectivesModule.PROP_PERSPECTIVE, perspective);
role.save();
perspective.field(ORestrictedOperation.ALLOW_READ.getFieldName(), Collections.singletonList(role.getDocument()));
perspective.save();
}