<?xml version="1.0" encoding="UTF-8"?>
<unload unload_date="2026-06-18 00:00:00">

  <!-- Update set metadata -->
  <sys_remote_update_set action="INSERT_OR_UPDATE">
    <application display_value="Global">global</application>
    <application_name>Global</application_name>
    <application_scope>global</application_scope>
    <application_version/>
    <collisions/>
    <commit_date/>
    <deleted/>
    <description/>
    <inserted/>
    <name>Entitle Access Management</name>
    <origin_sys_id/>
    <parent display_value=""/>
    <release_date/>
    <remote_base_update_set display_value=""/>
    <remote_parent_id/>
    <remote_sys_id>6793f42a3bfa5eacad5625b773410e88</remote_sys_id>
    <state>loaded</state>
    <summary/>
    <sys_class_name>sys_remote_update_set</sys_class_name>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>6793f42a3bfa5eacad5625b773410e88</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <update_set display_value=""/>
    <update_source display_value=""/>
    <updated/>
  </sys_remote_update_set>

  <!-- Role: entitle_access_management -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_user_role_c8d14586d7f75d7fa548cc6828c67c33</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_user_role"><sys_user_role action="INSERT_OR_UPDATE"><assignable_by/><can_delegate>true</can_delegate><description>Role for managing access with Entitle</description><elevated_privilege>false</elevated_privilege><grantable>true</grantable><includes_roles/><name>entitle_access_management</name><scoped_admin>false</scoped_admin><suffix/><sys_class_name>sys_user_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>c8d14586d7f75d7fa548cc6828c67c33</sys_id><sys_mod_count>0</sys_mod_count><sys_name>entitle_access_management</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_user_role_c8d14586d7f75d7fa548cc6828c67c33</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on></sys_user_role></record_update>]]></payload>
    <payload_hash>56825596</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>entitle_access_management</target_name>
    <type>Role</type>
    <update_domain>global</update_domain>
    <update_guid>a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL rule: allow create on sys_user_grmember -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_f2a5ee0caee75758909927e370c1cf96</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow create on sys_user_grmember</description><name>sys_user_grmember</name><operation>create</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>f2a5ee0caee75758909927e370c1cf96</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_user_grmember</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_f2a5ee0caee75758909927e370c1cf96</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>-462460136</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_grmember</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL binding: entitle_access_management → sys_user_grmember create -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_f2fc8c0e115d5c1d8b01a89c3cf6b7dc</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>f2fc8c0e115d5c1d8b01a89c3cf6b7dc</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_user_grmember">f2a5ee0caee75758909927e370c1cf96</sys_security_acl><sys_update_name>sys_security_acl_role_f2fc8c0e115d5c1d8b01a89c3cf6b7dc</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>427405395</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_grmember create</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL rule: allow read on sys_user_grmember (required to list group members via get_all_permissions) -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_5c6d7e8f9a0b1c2d3e4f506000700001</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow read on sys_user_grmember</description><name>sys_user_grmember</name><operation>read</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>5c6d7e8f9a0b1c2d3e4f506000700001</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_user_grmember</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_5c6d7e8f9a0b1c2d3e4f506000700001</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>aab2c3d4e5f6a7b8c9d0e1f2a3b4c5d6</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_grmember read</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>aab2c3d4e5f6a7b8c9d0e1f2a3b4c5d6</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL binding: entitle_access_management → sys_user_grmember read -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_6d7e8f9a0b1c2d3e4f50600070000002</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>6d7e8f9a0b1c2d3e4f50600070000002</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_user_grmember">5c6d7e8f9a0b1c2d3e4f506000700001</sys_security_acl><sys_update_name>sys_security_acl_role_6d7e8f9a0b1c2d3e4f50600070000002</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>bbc3d4e5f6a7b8c9d0e1f2a3b4c5d6e7</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_grmember read</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>bbc3d4e5f6a7b8c9d0e1f2a3b4c5d6e7</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL rule: allow create on sys_user_has_role -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_2975eb5106205fc58a0269450a0469bb</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow create on sys_user_has_role</description><name>sys_user_has_role</name><operation>create</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>2975eb5106205fc58a0269450a0469bb</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_user_has_role</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_2975eb5106205fc58a0269450a0469bb</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>-572349763</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_has_role</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL binding: entitle_access_management → sys_user_has_role create -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_23137078e86a55a1a11d42f2c256bee6</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>23137078e86a55a1a11d42f2c256bee6</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_user_has_role">2975eb5106205fc58a0269450a0469bb</sys_security_acl><sys_update_name>sys_security_acl_role_23137078e86a55a1a11d42f2c256bee6</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>-1941553926</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_has_role create</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL rule: allow read on sys_user_role.sys_scope field (required to filter/return the sys_scope field when listing roles per scope) -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow read of sys_scope field on sys_user_role</description><name>sys_user_role.sys_scope</name><operation>read</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_user_role.sys_scope</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_role.sys_scope read</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL binding: entitle_access_management → sys_user_role.sys_scope read -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f90</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f90</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_user_role.sys_scope">3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f</sys_security_acl><sys_update_name>sys_security_acl_role_4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f90</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>09b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_role.sys_scope read</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>09b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL rule: allow read of name field on sys_scope (required to read scope names for app/store-app records) -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_9c0d1e2f3a4b5c6d7e8f9a0b1c2d0000</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow read of name field on sys_scope</description><name>sys_scope.name</name><operation>read</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>9c0d1e2f3a4b5c6d7e8f9a0b1c2d0000</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_scope.name</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_9c0d1e2f3a4b5c6d7e8f9a0b1c2d0000</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>ee5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_scope.name read</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>ee5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL binding: entitle_access_management → sys_scope.name read -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_0d1e2f3a4b5c6d7e8f9a0b1c2d3e0000</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>0d1e2f3a4b5c6d7e8f9a0b1c2d3e0000</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_scope.name">9c0d1e2f3a4b5c6d7e8f9a0b1c2d0000</sys_security_acl><sys_update_name>sys_security_acl_role_0d1e2f3a4b5c6d7e8f9a0b1c2d3e0000</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>ff6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_scope.name read</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>ff6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL rule: allow delete on sys_user_has_role (required to revoke scope/global roles) -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_1e2f3a4b5c6d7e8f9a0b1c2d3e4f0000</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow delete on sys_user_has_role</description><name>sys_user_has_role</name><operation>delete</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>1e2f3a4b5c6d7e8f9a0b1c2d3e4f0000</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_user_has_role</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_1e2f3a4b5c6d7e8f9a0b1c2d3e4f0000</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>ee6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_has_role delete</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>ee6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL binding: entitle_access_management → sys_user_has_role delete -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_2f3a4b5c6d7e8f9a0b1c2d3e4f500000</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>2f3a4b5c6d7e8f9a0b1c2d3e4f500000</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_user_has_role">1e2f3a4b5c6d7e8f9a0b1c2d3e4f0000</sys_security_acl><sys_update_name>sys_security_acl_role_2f3a4b5c6d7e8f9a0b1c2d3e4f500000</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>ff7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_has_role delete</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>ff7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL rule: allow read on sys_store_app (store app scopes, subtype of sys_scope) -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_5e6f7a8b9c0d1e2f3a4b5c6d7e8f9000</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow read on sys_store_app</description><name>sys_store_app</name><operation>read</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>5e6f7a8b9c0d1e2f3a4b5c6d7e8f9000</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_store_app</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_5e6f7a8b9c0d1e2f3a4b5c6d7e8f9000</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>aa1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_store_app read</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>aa1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL binding: entitle_access_management → sys_store_app read -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_6f7a8b9c0d1e2f3a4b5c6d7e8f9a0000</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>6f7a8b9c0d1e2f3a4b5c6d7e8f9a0000</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_store_app">5e6f7a8b9c0d1e2f3a4b5c6d7e8f9000</sys_security_acl><sys_update_name>sys_security_acl_role_6f7a8b9c0d1e2f3a4b5c6d7e8f9a0000</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>bb2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_store_app read</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>bb2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL rule: allow read on sys_user_has_role (required to list all direct role assignments via get_all_permissions) -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_3a4b5c6d7e8f9a0b1c2d3e4f00600001</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow read on sys_user_has_role</description><name>sys_user_has_role</name><operation>read</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>3a4b5c6d7e8f9a0b1c2d3e4f00600001</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_user_has_role</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_3a4b5c6d7e8f9a0b1c2d3e4f00600001</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>ee9a0b1c2d3e4f50600718293a4b5c6d</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_has_role read</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>ee9a0b1c2d3e4f50600718293a4b5c6d</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL binding: entitle_access_management → sys_user_has_role read -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_4b5c6d7e8f9a0b1c2d3e4f0060000002</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>4b5c6d7e8f9a0b1c2d3e4f0060000002</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_user_has_role">3a4b5c6d7e8f9a0b1c2d3e4f00600001</sys_security_acl><sys_update_name>sys_security_acl_role_4b5c6d7e8f9a0b1c2d3e4f0060000002</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>ffab001c2d3e4f506070718293a4b5c6</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_has_role read</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>ffab001c2d3e4f506070718293a4b5c6</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL rule: allow read on sys_app (custom app scopes, subtype of sys_scope) -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_7a8b9c0d1e2f3a4b5c6d7e8f9a0b0000</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow read on sys_app</description><name>sys_app</name><operation>read</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>7a8b9c0d1e2f3a4b5c6d7e8f9a0b0000</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_app</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_7a8b9c0d1e2f3a4b5c6d7e8f9a0b0000</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>cc3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_app read</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>cc3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL binding: entitle_access_management → sys_app read -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_8b9c0d1e2f3a4b5c6d7e8f9a0b1c0000</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>8b9c0d1e2f3a4b5c6d7e8f9a0b1c0000</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_app">7a8b9c0d1e2f3a4b5c6d7e8f9a0b0000</sys_security_acl><sys_update_name>sys_security_acl_role_8b9c0d1e2f3a4b5c6d7e8f9a0b1c0000</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>dd4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_app read</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>dd4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL rule: allow read on sys_user (required to resolve user references when writing to sys_user_grmember / sys_user_has_role) -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_7e8f9a0b1c2d3e4f50600070080000a1</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow read on sys_user</description><name>sys_user</name><operation>read</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>7e8f9a0b1c2d3e4f50600070080000a1</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_user</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_7e8f9a0b1c2d3e4f50600070080000a1</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>ccd4e5f6a7b8c9d0e1f2a3b4c5d6e7f8</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user read</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>ccd4e5f6a7b8c9d0e1f2a3b4c5d6e7f8</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL binding: entitle_access_management → sys_user read -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_8f9a0b1c2d3e4f50600070080000002b</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>8f9a0b1c2d3e4f50600070080000002b</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_user">7e8f9a0b1c2d3e4f50600070080000a1</sys_security_acl><sys_update_name>sys_security_acl_role_8f9a0b1c2d3e4f50600070080000002b</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>dde5f6a7b8c9d0e1f2a3b4c5d6e7f8a9</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user read</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>dde5f6a7b8c9d0e1f2a3b4c5d6e7f8a9</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL rule: allow read on sys_user_group (required to resolve group references when writing to sys_user_grmember) -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_9a0b1c2d3e4f5060007008009000001c</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow read on sys_user_group</description><name>sys_user_group</name><operation>read</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>9a0b1c2d3e4f5060007008009000001c</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_user_group</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_9a0b1c2d3e4f5060007008009000001c</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>eef6a7b8c9d0e1f2a3b4c5d6e7f8a9b0</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_group read</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>eef6a7b8c9d0e1f2a3b4c5d6e7f8a9b0</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- ACL binding: entitle_access_management → sys_user_group read -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_0b1c2d3e4f5060007008009000000020</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-18 00:00:00</sys_created_on><sys_id>0b1c2d3e4f5060007008009000000020</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_user_group">9a0b1c2d3e4f5060007008009000001c</sys_security_acl><sys_update_name>sys_security_acl_role_0b1c2d3e4f5060007008009000000020</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-18 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-18 00:00:00</sys_created_on>
    <sys_id>ff07a8b9c0d1e2f3a4b5c6d7e8f9a0b1</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-18 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_group read</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>ff07a8b9c0d1e2f3a4b5c6d7e8f9a0b1</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- Field-level ACL: allow create on sys_user_grmember.user for entitle_access_management -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_a1b2c3d4e5f6a7b8c9d0e1f2a3b40001</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow create on sys_user_grmember.user field</description><name>sys_user_grmember.user</name><operation>create</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-22 00:00:00</sys_created_on><sys_id>a1b2c3d4e5f6a7b8c9d0e1f2a3b40001</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_user_grmember.user</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_a1b2c3d4e5f6a7b8c9d0e1f2a3b40001</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-22 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-22 00:00:00</sys_created_on>
    <sys_id>aab1c2d3e4f5a6b7c8d9e0f1a2b3c4d5</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-22 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_grmember.user create</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>aab1c2d3e4f5a6b7c8d9e0f1a2b3c4d5</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- Role binding: entitle_access_management → sys_user_grmember.user create -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_b2c3d4e5f6a7b8c9d0e1f2a3b4c50002</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-22 00:00:00</sys_created_on><sys_id>b2c3d4e5f6a7b8c9d0e1f2a3b4c50002</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_user_grmember.user">a1b2c3d4e5f6a7b8c9d0e1f2a3b40001</sys_security_acl><sys_update_name>sys_security_acl_role_b2c3d4e5f6a7b8c9d0e1f2a3b4c50002</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-22 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-22 00:00:00</sys_created_on>
    <sys_id>bbc2d3e4f5a6b7c8d9e0f1a2b3c4d5e6</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-22 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_grmember.user create</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>bbc2d3e4f5a6b7c8d9e0f1a2b3c4d5e6</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- Field-level ACL: allow create on sys_user_grmember.group for entitle_access_management -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_c3d4e5f6a7b8c9d0e1f2a3b4c5d60003</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow create on sys_user_grmember.group field</description><name>sys_user_grmember.group</name><operation>create</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-22 00:00:00</sys_created_on><sys_id>c3d4e5f6a7b8c9d0e1f2a3b4c5d60003</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_user_grmember.group</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_c3d4e5f6a7b8c9d0e1f2a3b4c5d60003</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-22 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-22 00:00:00</sys_created_on>
    <sys_id>ccd3e4f5a6b7c8d9e0f1a2b3c4d5e6f7</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-22 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_grmember.group create</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>ccd3e4f5a6b7c8d9e0f1a2b3c4d5e6f7</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- Role binding: entitle_access_management → sys_user_grmember.group create -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_d4e5f6a7b8c9d0e1f2a3b4c5d6e70004</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-22 00:00:00</sys_created_on><sys_id>d4e5f6a7b8c9d0e1f2a3b4c5d6e70004</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_user_grmember.group">c3d4e5f6a7b8c9d0e1f2a3b4c5d60003</sys_security_acl><sys_update_name>sys_security_acl_role_d4e5f6a7b8c9d0e1f2a3b4c5d6e70004</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-22 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-22 00:00:00</sys_created_on>
    <sys_id>dde4f5a6b7c8d9e0f1a2b3c4d5e6f7a8</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-22 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_grmember.group create</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>dde4f5a6b7c8d9e0f1a2b3c4d5e6f7a8</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- Field-level ACL: allow create on sys_user_has_role.user for entitle_access_management -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_e1f2a3b4c5d6e7f8a9b0c1d2e3f40001</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow create on sys_user_has_role.user field</description><name>sys_user_has_role.user</name><operation>create</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-22 00:00:00</sys_created_on><sys_id>e1f2a3b4c5d6e7f8a9b0c1d2e3f40001</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_user_has_role.user</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_e1f2a3b4c5d6e7f8a9b0c1d2e3f40001</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-22 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-22 00:00:00</sys_created_on>
    <sys_id>eef2a3b4c5d6e7f8a9b0c1d2e3f4a5b6</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-22 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_has_role.user create</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>eef2a3b4c5d6e7f8a9b0c1d2e3f4a5b6</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- Role binding: entitle_access_management → sys_user_has_role.user create -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_f2a3b4c5d6e7f8a9b0c1d2e3f4a50002</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-22 00:00:00</sys_created_on><sys_id>f2a3b4c5d6e7f8a9b0c1d2e3f4a50002</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_user_has_role.user">e1f2a3b4c5d6e7f8a9b0c1d2e3f40001</sys_security_acl><sys_update_name>sys_security_acl_role_f2a3b4c5d6e7f8a9b0c1d2e3f4a50002</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-22 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-22 00:00:00</sys_created_on>
    <sys_id>ffa3b4c5d6e7f8a9b0c1d2e3f4a5b6c7</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-22 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_has_role.user create</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>ffa3b4c5d6e7f8a9b0c1d2e3f4a5b6c7</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- Field-level ACL: allow create on sys_user_has_role.role for entitle_access_management -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_a3b4c5d6e7f8a9b0c1d2e3f4a5b60003</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl"><sys_security_acl action="INSERT_OR_UPDATE"><active>true</active><admin_overrides>true</admin_overrides><decision_type>allow</decision_type><description>Entitle: allow create on sys_user_has_role.role field</description><name>sys_user_has_role.role</name><operation>create</operation><script/><sys_class_name>sys_security_acl</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-22 00:00:00</sys_created_on><sys_id>a3b4c5d6e7f8a9b0c1d2e3f4a5b60003</sys_id><sys_mod_count>0</sys_mod_count><sys_name>sys_user_has_role.role</sys_name><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_update_name>sys_security_acl_a3b4c5d6e7f8a9b0c1d2e3f4a5b60003</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-22 00:00:00</sys_updated_on><type>record</type></sys_security_acl></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-22 00:00:00</sys_created_on>
    <sys_id>aab4c5d6e7f8a9b0c1d2e3f4a5b6c7d8</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-22 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_has_role.role create</target_name>
    <type>ACL</type>
    <update_domain>global</update_domain>
    <update_guid>aab4c5d6e7f8a9b0c1d2e3f4a5b6c7d8</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

  <!-- Role binding: entitle_access_management → sys_user_has_role.role create -->
  <sys_update_xml action="INSERT_OR_UPDATE">
    <action>INSERT_OR_UPDATE</action>
    <application display_value="Global">global</application>
    <category>customer</category>
    <comments/>
    <name>sys_security_acl_role_b4c5d6e7f8a9b0c1d2e3f4a5b6c70004</name>
    <payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_security_acl_role"><sys_security_acl_role action="INSERT_OR_UPDATE"><sys_class_name>sys_security_acl_role</sys_class_name><sys_created_by>entitle.onboarding.author</sys_created_by><sys_created_on>2026-06-22 00:00:00</sys_created_on><sys_id>b4c5d6e7f8a9b0c1d2e3f4a5b6c70004</sys_id><sys_mod_count>0</sys_mod_count><sys_package display_value="Global" source="global">global</sys_package><sys_policy/><sys_scope display_value="Global">global</sys_scope><sys_security_acl display_value="sys_user_has_role.role">a3b4c5d6e7f8a9b0c1d2e3f4a5b60003</sys_security_acl><sys_update_name>sys_security_acl_role_b4c5d6e7f8a9b0c1d2e3f4a5b6c70004</sys_update_name><sys_updated_by>entitle.onboarding.author</sys_updated_by><sys_updated_on>2026-06-22 00:00:00</sys_updated_on><sys_user_role display_value="entitle_access_management">c8d14586d7f75d7fa548cc6828c67c33</sys_user_role></sys_security_acl_role></record_update>]]></payload>
    <payload_hash>0</payload_hash>
    <remote_update_set display_value="Entitle Access Management">6793f42a3bfa5eacad5625b773410e88</remote_update_set>
    <replace_on_upgrade>false</replace_on_upgrade>
    <sys_created_by>entitle.onboarding.author</sys_created_by>
    <sys_created_on>2026-06-22 00:00:00</sys_created_on>
    <sys_id>bbc5d6e7f8a9b0c1d2e3f4a5b6c7d8e9</sys_id>
    <sys_mod_count>0</sys_mod_count>
    <sys_recorded_at>19e5bd007960000001</sys_recorded_at>
    <sys_updated_by>entitle.onboarding.author</sys_updated_by>
    <sys_updated_on>2026-06-22 00:00:00</sys_updated_on>
    <table/>
    <target_name>sys_user_has_role.role create</target_name>
    <type>ACL Role</type>
    <update_domain>global</update_domain>
    <update_guid>bbc5d6e7f8a9b0c1d2e3f4a5b6c7d8e9</update_guid>
    <update_guid_history/>
    <update_set display_value=""/>
    <view/>
  </sys_update_xml>

</unload>
