diff --git a/ajax.php b/ajax.php
index f9edbb55..750dee0b 100644
--- a/ajax.php
+++ b/ajax.php
@@ -57,6 +57,7 @@
 $request = DevblocksPlatform::readRequest();
 
 DevblocksPlatform::init();
+DevblocksPlatform::setExtensionDelegate('C4_DevblocksExtensionDelegate');
 
 $session = DevblocksPlatform::getSessionService();
 $settings = CerberusSettings::getInstance();
diff --git a/api/Application.class.php b/api/Application.class.php
index b386daac..b746eda8 100644
--- a/api/Application.class.php
+++ b/api/Application.class.php
@@ -48,7 +48,7 @@
  * 		and Joe Geck.
  *   WEBGROUP MEDIA LLC. - Developers of Cerberus Helpdesk
  */
-define("APP_BUILD", 872);
+define("APP_BUILD", 873);
 define("APP_MAIL_PATH", realpath(APP_PATH . '/storage/mail') . DIRECTORY_SEPARATOR);
 
 include_once(APP_PATH . "/api/DAO.class.php");
@@ -604,8 +604,8 @@ public static function getInstance() {
 		return $license;
 	}
 
-	public static function validate($key) {
-		/*  																																																																																																																														*/foreach(array('L0NvbXBhbnk6ICguKikv'=>'b','L0VtYWlsOiAoLiopLw=='=>'c','L1VzZXJzOiAoLiopLw=='=>'d','L1NlcmlhbDogKC4qKS8='=>'s') as $k=>$v)@preg_match(base64_decode($k),$key,$matches)?@$$v=trim($matches[1]):null;@$r=array('name'=>$b,'email'=>$c,'users'=>intval($d),'serial'=>$s);foreach(array(chr(97)=>0,chr(101)=>3) as $k=>$v)if(@substr(str_replace('-','',$s),0,1).@substr(str_replace('-','',$s),4,1).@substr(str_replace('-','',$s),8,1)==@substr(strtoupper(md5(@substr($b,0,1).@substr($b,-1,1).@strlen($b).$d.@substr($c,0,1).@substr($c,-1,1).@strlen($c))),$v,3))@$r[$k]=$s;return $r;/*
+	public static function validate($key, $email) {
+		/*  																																																																																																																														*/foreach(array('L0NvbXBhbnk6ICguKikv'=>'b','L1VzZXJzOiAoLiopLw=='=>'d','L1NlcmlhbDogKC4qKS8='=>'s') as $k=>$v)@preg_match(base64_decode($k),$key,$matches)?@$$v=trim($matches[1]):null;@$r=array('name'=>$b,'email'=>$email,'users'=>intval($d),'serial'=>$s);foreach(array(chr(97)=>0,chr(101)=>3) as $k=>$v)if(@substr(str_replace('-','',$s),0,1).@substr(str_replace('-','',$s),4,1).@substr(str_replace('-','',$s),8,1)==@substr(strtoupper(md5(@substr($b,0,1).@substr($b,-1,1).@strlen($b).$d.@substr($email,0,1).@substr($email,4,1).@strlen($email))),$v,3))@$r[$k]=$s;return $r;/*
 		 * we're sure being generous here! [TODO]
 		 */
 		$lines = split("\n", $key);
@@ -617,9 +617,9 @@ public static function validate($key) {
 		return (!empty($key)) 
 			? array(
 				'name' => (list($k,$v)=split(":",$lines[1]))?trim($v):null,
-				'email' => (list($k,$v)=split(":",$lines[2]))?trim($v):null,
-				'users' => (list($k,$v)=split(":",$lines[3]))?trim($v):null,
-				'serial' => (list($k,$v)=split(":",$lines[4]))?trim($v):null,
+				'email' => $email,
+				'users' => (list($k,$v)=split(":",$lines[2]))?trim($v):null,
+				'serial' => (list($k,$v)=split(":",$lines[3]))?trim($v):null,
 				'date' => time()
 			)
 			: null;
@@ -722,3 +722,20 @@ public function get($key,$default=null) {
 			return $default;
 	}
 };
+
+// [TODO] This gets called a lot when it happens after the registry cache
+class C4_DevblocksExtensionDelegate implements DevblocksExtensionDelegate {
+	static function shouldLoadExtension(DevblocksExtensionManifest $extension_manifest) {
+		// Always allow core
+		if("cerberusweb.core" == $extension_manifest->plugin_id)
+			return true;
+		
+		// [TODO] This should limit to just things we can run with no session
+		// Community Tools, Cron/Update.  They are still limited by their own
+		// isVisible() otherwise.
+		if(null == ($active_worker = CerberusApplication::getActiveWorker()))
+			return true;
+			
+		return $active_worker->hasPriv('plugin.'.$extension_manifest->plugin_id);
+	}
+};
diff --git a/api/DAO.class.php b/api/DAO.class.php
index 2e157368..b94bffab 100644
--- a/api/DAO.class.php
+++ b/api/DAO.class.php
@@ -897,17 +897,19 @@ static function setRolePrivileges($role_id, $privileges) {
 		
 		// Set ACLs according to the new master list
 		if(!empty($privileges) && !empty($acl)) {
-			foreach($acl as $priv) { /* @var $priv DevblocksAclPrivilege */
+			foreach($privileges as $priv) { /* @var $priv DevblocksAclPrivilege */
 				$sql = sprintf("INSERT INTO worker_role_acl (role_id, priv_id, has_priv) ".
 					"VALUES (%d, %s, %d)",
 					$role_id,
-					$db->qstr($priv->id),
-					(false !== array_search($priv->id,$privileges) ? 1 : 0)
+					$db->qstr($priv),
+					1
 				);
 				$db->Execute($sql);
 			}
 		}
 		
+		unset($privileges);
+		
 		self::clearCache();
 	}
 	
diff --git a/index.php b/index.php
index 0809ee5f..bd755e7c 100644
--- a/index.php
+++ b/index.php
@@ -68,6 +68,7 @@
 require(APP_PATH . '/api/Application.class.php');
 
 DevblocksPlatform::init();
+DevblocksPlatform::setExtensionDelegate('C4_DevblocksExtensionDelegate');
 
 // Request
 $request = DevblocksPlatform::readRequest();
diff --git a/plugins/cerberusweb.calls/templates/calls/view.tpl b/plugins/cerberusweb.calls/templates/calls/view.tpl
index fd0fd9d4..915247fe 100644
--- a/plugins/cerberusweb.calls/templates/calls/view.tpl
+++ b/plugins/cerberusweb.calls/templates/calls/view.tpl
@@ -6,9 +6,8 @@
 		<td nowrap="nowrap" class="tableThBlue">{$view->name} {if $view->id == 'search'}<a href="#{$view->id}_actions" style="color:rgb(255,255,255);font-size:11px;">{$translate->_('views.jump_to_actions')}</a>{/if}</td>
 		<td nowrap="nowrap" class="tableThBlue" align="right">
 			<a href="javascript:;" onclick="genericAjaxGet('customize{$view->id}','c=internal&a=viewCustomize&id={$view->id}');toggleDiv('customize{$view->id}','block');" class="tableThLink">{$translate->_('common.customize')|lower}</a>
-			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>
+			{if $active_worker->hasPriv('core.home.workspaces')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>{/if}
 			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('view{$view->id}','c=internal&a=viewRefresh&id={$view->id}');" class="tableThLink"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/refresh.gif{/devblocks_url}" border="0" align="absmiddle" title="{$translate->_('common.refresh')|lower}" alt="{$translate->_('common.refresh')|lower}"></a>
-			{*<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=tickets&a=showViewRss&view_id={$view->id}&source=core.rss.source.task');toggleDiv('{$view->id}_tips','block');" class="tableThLink"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/feed-icon-16x16.gif{/devblocks_url}" border="0" align="absmiddle"></a>*}
 		</td>
 	</tr>
 </table>
diff --git a/plugins/cerberusweb.core/classes.php b/plugins/cerberusweb.core/classes.php
index b11d051a..c53a0020 100644
--- a/plugins/cerberusweb.core/classes.php
+++ b/plugins/cerberusweb.core/classes.php
@@ -4220,6 +4220,7 @@ function saveLicensesAction() {
 		}
 		
 		@$key = DevblocksPlatform::importGPC($_POST['key'],'string','');
+		@$email = DevblocksPlatform::importGPC($_POST['email'],'string','');
 		@$do_delete = DevblocksPlatform::importGPC($_POST['do_delete'],'integer',0);
 
 		if(DEMO_MODE) {
@@ -4233,12 +4234,12 @@ function saveLicensesAction() {
 			return;
 		}
 		
-		if(empty($key)) {
+		if(empty($key) || empty($email)) {
 			DevblocksPlatform::setHttpResponse(new DevblocksHttpResponse(array('config','settings','empty')));
 			return;
 		}
 		
-		if(null==($valid = CerberusLicense::validate($key)) || 5!=count($valid)) {
+		if(null==($valid = CerberusLicense::validate($key,$email)) || 5!=count($valid)) {
 			DevblocksPlatform::setHttpResponse(new DevblocksHttpResponse(array('config','settings','invalid')));
 			return;
 		}
diff --git a/plugins/cerberusweb.core/plugin.xml b/plugins/cerberusweb.core/plugin.xml
index cc1ccb16..51f8fcf4 100644
--- a/plugins/cerberusweb.core/plugin.xml
+++ b/plugins/cerberusweb.core/plugin.xml
@@ -82,7 +82,8 @@
 	<acl>
 		<!-- Addy Book -->
 		<priv id="core.addybook" label="acl.core.addybook" />
-		<priv id="core.addybook.view.actions.export" label="acl.core.addybook.view.actions.export" />
+		<priv id="core.addybook.addy.view.actions.export" label="acl.core.addybook.addy.view.actions.export" />
+		<priv id="core.addybook.org.view.actions.export" label="acl.core.addybook.org.view.actions.export" />
 
 		<!-- Display Ticket -->
 		<priv id="core.display.actions.attachments.download" label="acl.core.display.actions.attachments.download" />
@@ -105,6 +106,9 @@
 		<!-- RSS -->
 		<priv id="core.rss" label="acl.core.rss" />
 
+		<!-- Tickets -->
+		<priv id="core.tasks.view.actions.export" label="acl.core.tasks.view.actions.export" />
+		
 		<!-- Tickets -->
 		<priv id="core.ticket.actions.assign" label="acl.core.ticket.actions.assign" />
 		<priv id="core.ticket.actions.close" label="acl.core.ticket.actions.close" />
@@ -115,6 +119,11 @@
 		<priv id="core.ticket.view.actions.export" label="acl.core.ticket.view.actions.export" />
 		<priv id="core.ticket.view.actions.merge" label="acl.core.ticket.view.actions.merge" />
 		<priv id="core.ticket.view.actions.pile_sort" label="acl.core.ticket.view.actions.pile_sort" />
+
+		<!-- Workspaces -->
+		<priv id="core.home.auto_refresh" label="acl.core.home.auto_refresh" />
+		<priv id="core.home.workspaces" label="acl.core.home.workspaces" />
+		
 	</acl>
 
 	<!-- Extensions -->
diff --git a/plugins/cerberusweb.core/strings.xml b/plugins/cerberusweb.core/strings.xml
index 63ac901a..7f698d55 100644
--- a/plugins/cerberusweb.core/strings.xml
+++ b/plugins/cerberusweb.core/strings.xml
@@ -292,8 +292,11 @@
 		<tu tuid='acl.core.addybook'>
 			<tuv xml:lang="en_US"><seg>[Address Book] Can browse the address book</seg></tuv>
 		</tu>
-		<tu tuid='acl.core.addybook.view.actions.export'>
-			<tuv xml:lang="en_US"><seg>[Address Book] Can export lists to CSV/XML</seg></tuv>
+		<tu tuid='acl.core.addybook.addy.view.actions.export'>
+			<tuv xml:lang="en_US"><seg>[Address Book] Can export e-mail address lists to CSV/XML</seg></tuv>
+		</tu>
+		<tu tuid='acl.core.addybook.org.view.actions.export'>
+			<tuv xml:lang="en_US"><seg>[Address Book] Can export organization lists to CSV/XML</seg></tuv>
 		</tu>
 
 			<!-- Display Ticket -->
@@ -316,6 +319,14 @@
 			<tuv xml:lang="en_US"><seg>[Display Ticket] Can split tickets</seg></tuv>
 		</tu>
 
+			<!-- Home -->
+		<tu tuid='acl.core.home.auto_refresh'>
+			<tuv xml:lang="en_US"><seg>[Home] Can auto-refresh on the Home page</seg></tuv>
+		</tu>
+		<tu tuid='acl.core.home.workspaces'>
+			<tuv xml:lang="en_US"><seg>[Home] Can build private workspaces and worklists</seg></tuv>
+		</tu>
+
 			<!-- Knowledgebase -->
 		<tu tuid='acl.core.kb'>
 			<tuv xml:lang="en_US"><seg>[Knowledgebase] Can view the knowledgebase</seg></tuv>
@@ -343,6 +354,11 @@
 			<tuv xml:lang="en_US"><seg>[RSS] Can export lists as RSS feeds</seg></tuv>
 		</tu>
 
+			<!-- Tasks -->
+		<tu tuid='acl.core.tasks.view.actions.export'>
+			<tuv xml:lang="en_US"><seg>[Tasks] Can export task lists to CSV/XML</seg></tuv>
+		</tu>
+		
 			<!-- Tickets -->
 		<tu tuid='acl.core.ticket.actions.assign'>
 			<tuv xml:lang="en_US"><seg>[Tickets] Can assign tickets to other workers</seg></tuv>
@@ -371,9 +387,7 @@
 		<tu tuid='acl.core.ticket.view.actions.pile_sort'>
 			<tuv xml:lang="en_US"><seg>[Tickets] Can use the pile sorter on lists</seg></tuv>
 		</tu>
-
-
-
+		
 		<!-- Addresses -->
 		
 		<tu tuid='address.id'>
diff --git a/plugins/cerberusweb.core/templates/activity/index.tpl b/plugins/cerberusweb.core/templates/activity/index.tpl
index 2815b9e9..1c505031 100644
--- a/plugins/cerberusweb.core/templates/activity/index.tpl
+++ b/plugins/cerberusweb.core/templates/activity/index.tpl
@@ -11,13 +11,13 @@
 var tabView = new YAHOO.widget.TabView();
 {/literal}
 
-{foreach from=$tab_manifests item=tab_manifest}
+{foreach from=$tab_manifests item=tab_manifest}
 {literal}tabView.addTab( new YAHOO.widget.Tab({{/literal}
     label: '{$tab_manifest->params.title|devblocks_translate|escape:'quotes'}',
     dataSrc: '{devblocks_url}ajax.php?c=activity&a=showTab&ext_id={$tab_manifest->id}{/devblocks_url}',
     {if $tab_selected==$tab_manifest->params.uri}active: true,{/if}
     cacheData: false
-{literal}}));{/literal}
+{literal}}));{/literal}
 {/foreach}
 
 tabView.appendTo('activityOptions');
diff --git a/plugins/cerberusweb.core/templates/configuration/tabs/acl/edit_role.tpl b/plugins/cerberusweb.core/templates/configuration/tabs/acl/edit_role.tpl
index 92c2051b..cbec43f6 100644
--- a/plugins/cerberusweb.core/templates/configuration/tabs/acl/edit_role.tpl
+++ b/plugins/cerberusweb.core/templates/configuration/tabs/acl/edit_role.tpl
@@ -45,22 +45,24 @@
 		<td width="100%" valign="top" colspan="2">
 			{foreach from=$plugins item=plugin key=plugin_id}
 				{if $plugin->enabled}
-					{assign var=show_plugin value=0}
-					{foreach from=$acl item=priv key=priv_id}{if $priv->plugin_id==$plugin_id}{assign var=show_plugin value=1}{/if}{/foreach}
-					
-					{if $show_plugin}				
+					{assign var=plugin_priv value="plugin."|cat:$plugin_id}
 					<div style="margin-left:10px;background-color:rgb(255,255,221);border:2px solid rgb(255,215,0);padding:2px;margin-bottom:10px;">
-					<b>{$plugin->name}</b><br>
-					<a href="javascript:;" style="padding-left:10px;font-size:90%;" onclick="checkAll('privs{$plugin_id}');">{$translate->_('check all')|lower}</a>
-					<div id="privs{$plugin_id}" style="margin-top:5px;margin-bottom:5px;">
-					{foreach from=$acl item=priv key=priv_id}
-						{if $priv->plugin_id==$plugin_id}
-						<label style="padding-left:10px;"><input type="checkbox" name="acl_privs[]" value="{$priv_id}" {if isset($role_privs.$priv_id)}checked{/if}> {$priv->label|devblocks_translate}</label><br>
-						{/if}
-					{/foreach}
-					</div>
-					</div>
+					<label>
+					{if $plugin->id=="cerberusweb.core"}
+						<input type="hidden" name="acl_privs[]" value="plugin.cerberusweb.core">
+					{else}
+						<input type="checkbox" name="acl_privs[]" value="{$plugin_priv|escape}" {if isset($role_privs.$plugin_priv)}checked="checked"{/if} onchange="toggleDiv('privs{$plugin_id}',(this.checked)?'block':'none');">
 					{/if}
+					<b>{$plugin->name}</b></label><br>
+						<div id="privs{$plugin_id}" style="padding-left:10px;margin-bottom:5px;display:{if $plugin->id=="cerberusweb.core" || isset($role_privs.$plugin_priv)}block{else}none{/if}">
+						<a href="javascript:;" style="font-size:90%;" onclick="checkAll('privs{$plugin_id}');">{$translate->_('check all')|lower}</a><br>
+						{foreach from=$acl item=priv key=priv_id}
+							{if $priv->plugin_id==$plugin_id}
+							<label style=""><input type="checkbox" name="acl_privs[]" value="{$priv_id}" {if isset($role_privs.$priv_id)}checked{/if}> {$priv->label|devblocks_translate}</label><br>
+							{/if}
+						{/foreach}
+						</div>
+					</div>
 				{/if}
 			{/foreach}
 		</td>
diff --git a/plugins/cerberusweb.core/templates/configuration/tabs/settings/index.tpl b/plugins/cerberusweb.core/templates/configuration/tabs/settings/index.tpl
index 14a40b79..c0a819fe 100644
--- a/plugins/cerberusweb.core/templates/configuration/tabs/settings/index.tpl
+++ b/plugins/cerberusweb.core/templates/configuration/tabs/settings/index.tpl
@@ -48,7 +48,7 @@ Data: <b>{$total_db_data} MB</b><br>
 Indexes: <b>{$total_db_indexes} MB</b><br>
 Total Disk Space: <b>{$total_db_size} MB</b><br>
 <br>
-Running an OPTIMIZE on the database would free up about <b>{$total_db_slack} MB</b><br>
+Running an OPTIMIZE on the database would free about <b>{$total_db_slack} MB</b><br>
 <br>
 
 <h3>Attachments:</h3>
@@ -76,6 +76,12 @@ Total Disk Space: <b>{$total_file_size} MB</b><br>
 			<td align="right"><b>Licensed to:</b></td>
 			<td>{$license.name}</td>
 		</tr>
+		{if $license.email}
+		<tr>
+			<td align="right"><b>E-mail:</b></td>
+			<td>{$license.email}</td>
+		</tr>
+		{/if}
 		<tr>
 			<td align="right"><b>Serial Number:</b></td>
 			<td>{$license.serial}</td>
@@ -96,10 +102,15 @@ Total Disk Space: <b>{$total_file_size} MB</b><br>
 <input type="hidden" name="c" value="config">
 <input type="hidden" name="a" value="saveLicenses">
 <input type="hidden" name="do_delete" value="0">
+
+<b>Enter the e-mail address from your order:</b></br>
+<input type="text" name="email" size="45" value=""><br>
+<br>
 
 <b>Paste the license information you received with your order:</b><br>
 <textarea rows="8" cols="80" name="key"></textarea><br>
-<br>
+<br>
+
 <button type="submit"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/check.gif{/devblocks_url}" align="top"> {$translate->_('common.save_changes')|capitalize}</button>
 <button type="button" onclick="if(confirm('Are you sure you want to remove your license?')){literal}{{/literal}this.form.do_delete.value='1';this.form.submit();{literal}}{/literal}"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/document_delete.gif{/devblocks_url}" align="top"> Clear License</button>
 
diff --git a/plugins/cerberusweb.core/templates/configuration/tabs/workers/edit_worker.tpl b/plugins/cerberusweb.core/templates/configuration/tabs/workers/edit_worker.tpl
index 615559d1..0fe7ca76 100644
--- a/plugins/cerberusweb.core/templates/configuration/tabs/workers/edit_worker.tpl
+++ b/plugins/cerberusweb.core/templates/configuration/tabs/workers/edit_worker.tpl
@@ -1,3 +1,4 @@
+<!--  -->																																																																																																																																																																																																																																																																																																																																																					{if ((empty($license) || empty($license.serial)) && count($workers) >= 3) || (!empty($license.serial)&&!empty($license.users)&&count($workers)>=$license.users)}{*Be good!*}{assign var=disabled value=1}{/if}
 <input type="hidden" name="c" value="config">
 <input type="hidden" name="a" value="saveWorker">
 <input type="hidden" name="id" value="{if !empty($worker->id)}{$worker->id}{else}0{/if}">
@@ -15,28 +16,28 @@
 	</tr>
 	<tr>
 		<td width="0%" nowrap="nowrap"><b>First Name:</b></td>
-		<td width="100%"><input type="text" id="workerForm_firstName" name="first_name" value="{$worker->first_name|escape}"{if (empty($license) || empty($license.serial)) && count($workers) >= 3} disabled{/if}></td>
+		<td width="100%"><input type="text" id="workerForm_firstName" name="first_name" value="{$worker->first_name|escape}" {if $disabled}disabled="disabled"{/if}></td>
 	</tr>
 	<tr>
 		<td width="0%" nowrap="nowrap">Last Name:</td>
-		<td width="100%"><input type="text" name="last_name" value="{$worker->last_name|escape}"{if (empty($license) || empty($license.serial)) && count($workers) >= 3} disabled{/if}></td>
+		<td width="100%"><input type="text" name="last_name" value="{$worker->last_name|escape}" {if $disabled}disabled="disabled"{/if}></td>
 	</tr>
 	<tr>
 		<td width="0%" nowrap="nowrap">Title:</td>
-		<td width="100%"><input type="text" name="title" value="{$worker->title|escape}"{if (empty($license) || empty($license.serial)) && count($workers) >= 3} disabled{/if}></td>
+		<td width="100%"><input type="text" name="title" value="{$worker->title|escape}" {if $disabled}disabled="disabled"{/if}></td>
 	</tr>
 	<tr>
 		<td width="0%" nowrap="nowrap"><b>E-mail:</b></td>
-		<td width="100%"><input type="text" id="workerForm_email" name="email" value="{$worker->email|escape}" size="45"{if (empty($license) || empty($license.serial)) && count($workers) >= 3} disabled{/if}></td>
+		<td width="100%"><input type="text" id="workerForm_email" name="email" value="{$worker->email|escape}" size="45" {if $disabled}disabled="disabled"{/if}></td>
 	</tr>
 	<tr>
 		<td width="0%" nowrap="nowrap">{if empty($worker->id)}<b>Password:</b>{else}Password:{/if}</td>
-		<td width="100%"><input type="password" id="workerForm_password" name="password" value=""{if (empty($license) || empty($license.serial)) && count($workers) >= 3} disabled{/if}>
+		<td width="100%"><input type="password" id="workerForm_password" name="password" value="" {if $disabled}disabled="disabled"{/if}>
 		{if empty($worker->id)}&nbsp;(Leave blank to automatically e-mail a randomly-generated password.){/if}</td>
 	</tr>
 	<tr>
 		<td width="0%" nowrap="nowrap">Password (again):</td>
-		<td width="100%"><input type="password" id="workerForm_password2" name="password2" value=""{if (empty($license) || empty($license.serial)) && count($workers) >= 3} disabled{/if}></td>
+		<td width="100%"><input type="password" id="workerForm_password2" name="password2" value="" {if $disabled}disabled="disabled"{/if}></td>
 	</tr>
 	
 	<tr><td colspan="2">&nbsp;</td></tr>
@@ -65,7 +66,7 @@
 			{foreach from=$teams item=team key=team_id}
 			{assign var=member value=$workerTeams.$team_id}
 			<input type="hidden" name="group_ids[]" value="{$team->id}">
-			<select name="group_roles[]" {if (empty($license) || empty($license.serial)) && count($workers) >= 3} disabled="disabled"{/if}>
+			<select name="group_roles[]" {if $disabled} disabled="disabled"{/if}>
 				<option value="">&nbsp;</option>
 				<option value="1" {if $member && !$member->is_manager}selected{/if}>Member</option>
 				<option value="2" {if $member && $member->is_manager}selected{/if}>Manager</option>
@@ -85,7 +86,7 @@
 				<input type="hidden" name="is_superuser" value="{$worker->is_superuser}">
 				Administrator
 			{else}
-				<label><input type="checkbox" name="is_superuser" onclick="toggleDiv('workerPrivCheckboxes',((this.checked)?'none':'block'));" value="1" {if $worker->is_superuser}checked{/if}{if (empty($license) || empty($license.serial)) && count($workers) >= 3} disabled{/if}> Administrator</label><br>
+				<label><input type="checkbox" name="is_superuser" onclick="toggleDiv('workerPrivCheckboxes',((this.checked)?'none':'block'));" value="1" {if $worker->is_superuser}checked="checked"{/if}{if $disabled} disabled="disabled"{/if}> Administrator</label><br>
 			{/if}
 			
 			<div id="workerPrivCheckboxes" style="display:{if $worker->is_superuser}none{else}block{/if};">
@@ -96,7 +97,7 @@
 	
 	<tr>
 		<td colspan="2">
-			{if (empty($license) || empty($license.serial)) && count($workers) >= 3}
+			{if $disabled}
 			{else}
 				<button type="submit"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/check.gif{/devblocks_url}" align="top"> {$translate->_('common.save_changes')|capitalize}</button>
 				{if $active_worker->is_superuser && $active_worker->id != $worker->id}<button type="button" onclick="if(confirm('Are you sure you want to delete this worker and their history?')){literal}{{/literal}this.form.do_delete.value='1';this.form.submit();{literal}}{/literal}"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/delete2.gif{/devblocks_url}" align="top"> {$translate->_('common.delete')|capitalize}</button>{/if}
diff --git a/plugins/cerberusweb.core/templates/contacts/addresses/address_view.tpl b/plugins/cerberusweb.core/templates/contacts/addresses/address_view.tpl
index b6075d56..0cb1294f 100644
--- a/plugins/cerberusweb.core/templates/contacts/addresses/address_view.tpl
+++ b/plugins/cerberusweb.core/templates/contacts/addresses/address_view.tpl
@@ -5,10 +5,9 @@
 	<tr>
 		<td nowrap="nowrap" class="tableThBlue">{$view->name} {if $view->id == 'search'}<a href="#{$view->id}_actions" style="color:rgb(255,255,255);font-size:11px;">{$translate->_('views.jump_to_actions')}</a>{/if}</td>
 		<td nowrap="nowrap" class="tableThBlue" align="right">
-			<!-- {if $view->id != 'search'}<span style="font-size:12px"> | </span><a href="{devblocks_url}c=internal&a=searchview&id={$view->id}{/devblocks_url}" class="tableThLink">{$translate->_('common.search')|lower} list</a>{/if} -->
 			<a href="javascript:;" onclick="genericAjaxGet('customize{$view->id}','c=internal&a=viewCustomize&id={$view->id}');toggleDiv('customize{$view->id}','block');" class="tableThLink">{$translate->_('common.customize')|lower}</a>
-			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>
-			{if $active_worker->is_superuser || $active_worker->can_export}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowExport&id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.export')|lower}</a>{/if}
+			{if $active_worker->hasPriv('core.home.workspaces')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>{/if}
+			{if $active_worker->hasPriv('core.addybook.addy.view.actions.export')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowExport&id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.export')|lower}</a>{/if}
 			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('view{$view->id}','c=internal&a=viewRefresh&id={$view->id}');" class="tableThLink"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/refresh.gif{/devblocks_url}" border="0" align="absmiddle" title="{$translate->_('common.refresh')|lower}" alt="{$translate->_('common.refresh')|lower}"></a>
 		</td>
 	</tr>
diff --git a/plugins/cerberusweb.core/templates/contacts/orgs/contact_view.tpl b/plugins/cerberusweb.core/templates/contacts/orgs/contact_view.tpl
index 379bca82..e690c47d 100644
--- a/plugins/cerberusweb.core/templates/contacts/orgs/contact_view.tpl
+++ b/plugins/cerberusweb.core/templates/contacts/orgs/contact_view.tpl
@@ -6,10 +6,9 @@
 		<td nowrap="nowrap" class="tableThBlue">{$view->name} {if $view->id == 'search'}<a href="#{$view->id}_actions" style="color:rgb(255,255,255);font-size:11px;">{$translate->_('views.jump_to_actions')}</a>{/if}</td>
 		<td nowrap="nowrap" class="tableThBlue" align="right">
 			<a href="javascript:;" onclick="genericAjaxGet('view{$view->id}','c=internal&a=viewRefresh&id={$view->id}');" class="tableThLink">{$translate->_('common.refresh')|lower}</a>
-			<!-- {if $view->id != 'search'}<span style="font-size:12px"> | </span><a href="{devblocks_url}c=contacts&a=searchview&id={$view->id}{/devblocks_url}" class="tableThLink">{$translate->_('common.search')|lower} list</a>{/if} -->
 			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('customize{$view->id}','c=internal&a=viewCustomize&id={$view->id}');toggleDiv('customize{$view->id}','block');" class="tableThLink">{$translate->_('common.customize')|lower}</a>
-			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>
-			{if $active_worker->is_superuser || $active_worker->can_export}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowExport&id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.export')|lower}</a>{/if}
+			{if $active_worker->hasPriv('core.home.workspaces')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>{/if}
+			{if $active_worker->hasPriv('core.addybook.org.view.actions.export')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowExport&id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.export')|lower}</a>{/if}
 		</td>
 	</tr>
 </table>
diff --git a/plugins/cerberusweb.core/templates/home/index.tpl b/plugins/cerberusweb.core/templates/home/index.tpl
index ebf82b72..94136d98 100644
--- a/plugins/cerberusweb.core/templates/home/index.tpl
+++ b/plugins/cerberusweb.core/templates/home/index.tpl
@@ -4,8 +4,8 @@
 </div>
 
 <form action="{devblocks_url}{/devblocks_url}" method="POST" style="margin-bottom:5px;">
-<button type="button" onclick="genericAjaxPanel('c=home&a=showAddWorkspacePanel',this,false,'550px');"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/document_plain_new.png{/devblocks_url}" align="top"> {$translate->_('dashboard.add_view')|capitalize}</button>
-<button type="button" onclick="autoRefreshTimer.start('{devblocks_url full=true}c=home{/devblocks_url}',this.form.reloadSecs.value);"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/refresh.gif{/devblocks_url}" align="top"> Auto-Refresh</button><!-- 
+{if $active_worker->hasPriv('core.home.workspaces')}<button type="button" onclick="genericAjaxPanel('c=home&a=showAddWorkspacePanel',this,false,'550px');"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/document_plain_new.png{/devblocks_url}" align="top"> {$translate->_('dashboard.add_view')|capitalize}</button>{/if}
+{if $active_worker->hasPriv('core.home.auto_refresh')}<button type="button" onclick="autoRefreshTimer.start('{devblocks_url full=true}c=home{/devblocks_url}',this.form.reloadSecs.value);"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/refresh.gif{/devblocks_url}" align="top"> Auto-Refresh</button><!-- 
 --><select name="reloadSecs">
 	<option value="600">10m</option>
 	<option value="300" selected="selected">5m</option>
@@ -14,8 +14,8 @@
 	<option value="120">2m</option>
 	<option value="60">1m</option>
 	<option value="30">30s</option>
-</select>
-</form>
+</select>{/if}
+</form>
 
 <div id="homeOptions"></div> 
 <br>
@@ -32,7 +32,7 @@ tabView.addTab( new YAHOO.widget.Tab({
 }));
 {/literal}
 
-{if empty($workspaces)}
+{if empty($workspaces) && $active_worker->hasPriv('core.home.workspaces')}
 {literal}
 tabView.addTab( new YAHOO.widget.Tab({
     label: '{/literal}{'home.tab.workspaces_intro'|devblocks_translate|escape:'quotes'}{literal}',
@@ -51,7 +51,8 @@ tabView.addTab( new YAHOO.widget.Tab({
     cacheData: false
 {literal}}));{/literal}
 {/foreach}
-
+
+{if $active_worker->hasPriv('core.home.workspaces')}
 {foreach from=$workspaces item=workspace}
 {literal}tabView.addTab( new YAHOO.widget.Tab({{/literal}
     label: '<i>{$workspace|escape}</i>',
@@ -59,7 +60,8 @@ tabView.addTab( new YAHOO.widget.Tab({
     cacheData: false,
     active:{if substr($selected_tab,2)==$workspace}true{else}false{/if}
 {literal}}));{/literal}
-{/foreach}
+{/foreach}
+{/if}
 
 tabView.appendTo('homeOptions');
 </script>
diff --git a/plugins/cerberusweb.core/templates/tasks/view.tpl b/plugins/cerberusweb.core/templates/tasks/view.tpl
index f5400ab2..57c9143e 100644
--- a/plugins/cerberusweb.core/templates/tasks/view.tpl
+++ b/plugins/cerberusweb.core/templates/tasks/view.tpl
@@ -5,8 +5,8 @@
 		<td nowrap="nowrap" class="tableThBlue">{$view->name} {if $view->id == 'search'}<a href="#{$view->id}_actions" style="color:rgb(255,255,255);font-size:11px;">{$translate->_('views.jump_to_actions')}</a>{/if}</td>
 		<td nowrap="nowrap" class="tableThBlue" align="right">
 			<a href="javascript:;" onclick="genericAjaxGet('customize{$view->id}','c=internal&a=viewCustomize&id={$view->id}');toggleDiv('customize{$view->id}','block');" class="tableThLink">{$translate->_('common.customize')|lower}</a>
-			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>
-			{if $active_worker->is_superuser || $active_worker->can_export}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowExport&id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.export')|lower}</a>{/if}
+			{if $active_worker->hasPriv('core.home.workspaces')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>{/if}
+			{if $active_worker->hasPriv('core.tasks.view.actions.export')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowExport&id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.export')|lower}</a>{/if}
 			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('view{$view->id}','c=internal&a=viewRefresh&id={$view->id}');" class="tableThLink"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/refresh.gif{/devblocks_url}" border="0" align="absmiddle" title="{$translate->_('common.refresh')|lower}" alt="{$translate->_('common.refresh')|lower}"></a>
 			{if $active_worker->hasPriv('core.rss')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=tickets&a=showViewRss&view_id={$view->id}&source=core.rss.source.task');toggleDiv('{$view->id}_tips','block');" class="tableThLink"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/feed-icon-16x16.gif{/devblocks_url}" border="0" align="absmiddle"></a>{/if}
 		</td>
diff --git a/plugins/cerberusweb.core/templates/tickets/ticket_view.tpl b/plugins/cerberusweb.core/templates/tickets/ticket_view.tpl
index 2cb8251f..45b519d9 100644
--- a/plugins/cerberusweb.core/templates/tickets/ticket_view.tpl
+++ b/plugins/cerberusweb.core/templates/tickets/ticket_view.tpl
@@ -10,7 +10,7 @@
 			<a href="javascript:;" onclick="genericAjaxGet('customize{$view->id}','c=internal&a=viewCustomize&id={$view->id}');toggleDiv('customize{$view->id}','block');" class="tableThLink">{$translate->_('common.customize')|lower}</a>
 			{if $active_worker->hasPriv('core.ticket.view.actions.pile_sort')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=tickets&a=showViewAutoAssist&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('mail.piles')|lower}</a>{/if}
 			{if $active_worker->hasPriv('core.mail.search')}<span style="font-size:12px"> | </span><a href="{devblocks_url}c=tickets&a=searchview&id={$view->id}{/devblocks_url}" class="tableThLink">{$translate->_('common.search')|lower}</a>{/if}
-			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>
+			{if $active_worker->hasPriv('core.home.workspaces')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>{/if}
 			{if $active_worker->hasPriv('core.ticket.view.actions.export')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowExport&id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.export')|lower}</a>{/if}
 			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('view{$view->id}','c=internal&a=viewRefresh&id={$view->id}');" class="tableThLink"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/refresh.gif{/devblocks_url}" border="0" align="absmiddle" title="{$translate->_('common.refresh')|lower}" alt="{$translate->_('common.refresh')|lower}"></a>
 			{if $active_worker->hasPriv('core.rss')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=tickets&a=showViewRss&view_id={$view->id}&source=core.rss.source.ticket');toggleDiv('{$view->id}_tips','block');" class="tableThLink"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/feed-icon-16x16.gif{/devblocks_url}" border="0" align="absmiddle"></a>{/if}
diff --git a/plugins/cerberusweb.crm/api/App.php b/plugins/cerberusweb.crm/api/App.php
index 169ce79d..661f05af 100644
--- a/plugins/cerberusweb.crm/api/App.php
+++ b/plugins/cerberusweb.crm/api/App.php
@@ -289,12 +289,20 @@ function saveOppPanelAction() {
 		// Save
 		if($do_delete) {
 			if(null != ($opp = DAO_CrmOpportunity::get($opp_id))) {
-				if($active_worker->is_superuser || $active_worker->id==$opp->worker_id)
+			
+			// Check privs
+			if(($active_worker->hasPriv('crm.opp.actions.create') && $active_worker->id==$opp->worker_id)
+				|| ($active_worker->hasPriv('crm.opp.actions.update_nobody') && empty($opp->worker_id)) 
+				|| $active_worker->hasPriv('crm.opp.actions.update_all'))
 					DAO_CrmOpportunity::delete($opp_id);
 			}
 			
 		} elseif(empty($opp_id)) {
 			$emails = DevblocksPlatform::parseCsvString($email_str);
+			
+			// Check privs
+			if(!$active_worker->hasPriv('crm.opp.actions.create'))
+				return;
 			
 			// One opportunity per provided e-mail address
 			if(is_array($emails))
@@ -315,7 +323,11 @@ function saveOppPanelAction() {
 				);
 				$opp_id = DAO_CrmOpportunity::create($fields);
 				
-				// If we're adding a first comment
+				// Custom fields
+				@$field_ids = DevblocksPlatform::importGPC($_REQUEST['field_ids'], 'array', array());
+				DAO_CustomFieldValue::handleFormPost(CrmCustomFieldSource_Opportunity::ID, $opp_id, $field_ids);
+				
+				// If we're adding a first comment
 				if(!empty($comment)) {
 					$fields = array(
 						DAO_Note::CREATED => time(),
@@ -324,14 +336,14 @@ function saveOppPanelAction() {
 						DAO_Note::CONTENT => $comment,
 						DAO_Note::WORKER_ID => $active_worker->id,
 					);
-					$comment_id = DAO_Note::create($fields);
+					$comment_id = DAO_Note::create($fields);
 				}
 			}
 			
 		} else {
 			if(empty($opp_id))
 				return;
-			
+			
 			$fields = array(
 				DAO_CrmOpportunity::NAME => $name,
 				DAO_CrmOpportunity::AMOUNT => $amount,
@@ -341,16 +353,23 @@ function saveOppPanelAction() {
 				DAO_CrmOpportunity::IS_CLOSED => $is_closed,
 				DAO_CrmOpportunity::IS_WON => $is_won,
 				DAO_CrmOpportunity::WORKER_ID => $worker_id,
-			);
-			DAO_CrmOpportunity::update($opp_id, $fields);
+			);
+			
+			// Check privs
+			if(null != ($opp = DAO_CrmOpportunity::get($opp_id))
+				&& (
+				($active_worker->hasPriv('crm.opp.actions.create') && $active_worker->id==$opp->worker_id) // owns
+				|| ($active_worker->hasPriv('crm.opp.actions.update_nobody') && empty($opp->worker_id))  // can edit nobody
+				|| $active_worker->hasPriv('crm.opp.actions.update_all')) // can edit anybody
+			) {
+				DAO_CrmOpportunity::update($opp_id, $fields);
+				
+				// Custom fields
+				@$field_ids = DevblocksPlatform::importGPC($_REQUEST['field_ids'], 'array', array());
+				DAO_CustomFieldValue::handleFormPost(CrmCustomFieldSource_Opportunity::ID, $opp_id, $field_ids);
+			}
 		}
 		
-		if(!$do_delete) {
-			// Custom fields
-			@$field_ids = DevblocksPlatform::importGPC($_REQUEST['field_ids'], 'array', array());
-			DAO_CustomFieldValue::handleFormPost(CrmCustomFieldSource_Opportunity::ID, $opp_id, $field_ids);
-		}
-		
 		// Reload view (if linked)
 		if(!empty($view_id) && null != ($view = C4_AbstractViewLoader::getView('', $view_id))) {
 			$view->render();
diff --git a/plugins/cerberusweb.crm/plugin.xml b/plugins/cerberusweb.crm/plugin.xml
index 0eb68b9b..4f0e54dc 100644
--- a/plugins/cerberusweb.crm/plugin.xml
+++ b/plugins/cerberusweb.crm/plugin.xml
@@ -10,6 +10,13 @@
 		<file>api/App.php</file>
 		<name>CrmPlugin</name>
 	</class>
+	
+	<acl>
+		<priv id="crm.opp.actions.create" label="acl.crm.opp.actions.create" />
+		<priv id="crm.opp.actions.update_nobody" label="acl.crm.opp.actions.update_nobody" />
+		<priv id="crm.opp.actions.update_all" label="acl.crm.opp.actions.update_all" />
+		<priv id="crm.opp.view.actions.export" label="acl.crm.opp.view.actions.export" />
+	</acl>
 	
 	<extensions>
 	
diff --git a/plugins/cerberusweb.crm/strings.xml b/plugins/cerberusweb.crm/strings.xml
index 7b728059..baa5ea5b 100644
--- a/plugins/cerberusweb.crm/strings.xml
+++ b/plugins/cerberusweb.crm/strings.xml
@@ -7,6 +7,21 @@
 		<tu tuid='crm.activity.tab.opps'>
 			<tuv xml:lang="en_US"><seg>Opportunities</seg></tuv>
 		</tu>
+
+		<!-- ACL -->
+		
+		<tu tuid='acl.crm.opp.actions.create'>
+			<tuv xml:lang="en_US"><seg>[Opportunities] Can create opportunities</seg></tuv>
+		</tu>
+		<tu tuid='acl.crm.opp.actions.update_all'>
+			<tuv xml:lang="en_US"><seg>[Opportunities] Can manage everyone's opportunities</seg></tuv>
+		</tu>
+		<tu tuid='acl.crm.opp.actions.update_nobody'>
+			<tuv xml:lang="en_US"><seg>[Opportunities] Can manage unassigned opportunities</seg></tuv>
+		</tu>
+		<tu tuid='acl.crm.opp.view.actions.export'>
+			<tuv xml:lang="en_US"><seg>[Opportunities] Can export opportunity lists to CSV/XML</seg></tuv>
+		</tu>
 
 		<!-- Common Strings -->
 		
diff --git a/plugins/cerberusweb.crm/templates/crm/opps/activity_tab/index.tpl b/plugins/cerberusweb.crm/templates/crm/opps/activity_tab/index.tpl
index c90384f0..f754fe06 100644
--- a/plugins/cerberusweb.crm/templates/crm/opps/activity_tab/index.tpl
+++ b/plugins/cerberusweb.crm/templates/crm/opps/activity_tab/index.tpl
@@ -1,8 +1,10 @@
+{if $active_worker->hasPriv('crm.opp.actions.create')}
 <form action="{devblocks_url}{/devblocks_url}" method="post" style="padding-bottom:5px;">
 	<input type="hidden" name="c" value="crm">
 	<input type="hidden" name="a" value="">
 	<button type="button" onclick="genericAjaxPanel('c=crm&a=showOppPanel&id=0&view_id={$view->id}',this,false,'500px',function(o){literal}{{/literal} ajax.cbEmailSinglePeek(); {literal}}{/literal});"><img src="{devblocks_url}c=resource&p=cerberusweb.crm&f=images/money.gif{/devblocks_url}" align="top"> Add Opportunity</button>
 </form>
+{/if}
 
 <table cellpadding="0" cellspacing="0" width="100%">
 <tr>
diff --git a/plugins/cerberusweb.crm/templates/crm/opps/display/tabs/properties.tpl b/plugins/cerberusweb.crm/templates/crm/opps/display/tabs/properties.tpl
index 5d42c4a9..d89a01f8 100644
--- a/plugins/cerberusweb.crm/templates/crm/opps/display/tabs/properties.tpl
+++ b/plugins/cerberusweb.crm/templates/crm/opps/display/tabs/properties.tpl
@@ -60,7 +60,13 @@
 	{include file="file:$core_tpl/internal/custom_fields/bulk/form.tpl" bulk=false}
 	<br>
 	
+{if ($active_worker->hasPriv('crm.opp.actions.create') && $active_worker->id==$opp->worker_id)
+	|| ($active_worker->hasPriv('crm.opp.actions.update_nobody') && empty($opp->worker_id)) 
+	|| $active_worker->hasPriv('crm.opp.actions.update_all')}
 	<button type="submit"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/check.gif{/devblocks_url}" align="top"> {$translate->_('common.save_changes')|capitalize}</button>
+{else}
+	<div class="error">You do not have permission to modify this record.</div>
+{/if}
 </blockquote>
 
 </form>
\ No newline at end of file
diff --git a/plugins/cerberusweb.crm/templates/crm/opps/org/tab.tpl b/plugins/cerberusweb.crm/templates/crm/opps/org/tab.tpl
index 12d313db..d8840e52 100644
--- a/plugins/cerberusweb.crm/templates/crm/opps/org/tab.tpl
+++ b/plugins/cerberusweb.crm/templates/crm/opps/org/tab.tpl
@@ -1,6 +1,8 @@
+{if $active_worker->hasPriv('crm.opp.actions.create')}
 <form action="{devblocks_url}{/devblocks_url}" method="post" style="padding-bottom:5px;">
 	<button type="button" onclick="genericAjaxPanel('c=crm&a=showOppPanel&id=0&view_id={$view->id}',this,false,'500px',function(o){literal}{{/literal} ajax.cbEmailSinglePeek(); {literal}}{/literal});"><img src="{devblocks_url}c=resource&p=cerberusweb.crm&f=images/money.gif{/devblocks_url}" align="top"> Add Opportunity</button>
-</form>
+</form>
+{/if}
 
 {if !empty($view)}
 <div id="view{$view->id}">
diff --git a/plugins/cerberusweb.crm/templates/crm/opps/rpc/peek.tpl b/plugins/cerberusweb.crm/templates/crm/opps/rpc/peek.tpl
index d7467f47..bc06ab07 100644
--- a/plugins/cerberusweb.crm/templates/crm/opps/rpc/peek.tpl
+++ b/plugins/cerberusweb.crm/templates/crm/opps/rpc/peek.tpl
@@ -94,13 +94,17 @@
 
 {include file="file:$core_tpl/internal/custom_fields/bulk/form.tpl" bulk=false}
 <br>
-
 </div>
-
-<button type="button" onclick="genericPanel.hide();genericAjaxPost('formOppPeek', 'view{$view_id}')"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/check.gif{/devblocks_url}" align="top"> {$translate->_('common.save_changes')}</button>
-{if !empty($opp) && ($active_worker->is_superuser || $active_worker->id == $opp->worker_id)}
+
+{if ($active_worker->hasPriv('crm.opp.actions.create') && (empty($opp) || $active_worker->id==$opp->worker_id))
+	|| ($active_worker->hasPriv('crm.opp.actions.update_nobody') && empty($opp->worker_id)) 
+	|| $active_worker->hasPriv('crm.opp.actions.update_all')
+	}
+	<button type="button" onclick="genericPanel.hide();genericAjaxPost('formOppPeek', 'view{$view_id}')"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/check.gif{/devblocks_url}" align="top"> {$translate->_('common.save_changes')}</button>
 	<button type="button" onclick="if(confirm('Are you sure you want to permanently delete this opportunity?')){literal}{{/literal}this.form.do_delete.value='1';genericPanel.hide();genericAjaxPost('formOppPeek', 'view{$view_id}');{literal}}{/literal}"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/delete2.gif{/devblocks_url}" align="top"> {$translate->_('common.delete')|capitalize}</button>
-{/if}
-<button type="button" onclick="genericPanel.hide();"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/delete.gif{/devblocks_url}" align="top"> {$translate->_('common.cancel')|capitalize}</button>
+	<button type="button" onclick="genericPanel.hide();"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/delete.gif{/devblocks_url}" align="top"> {$translate->_('common.cancel')|capitalize}</button>
+{else}
+	<div class="error">You do not have permission to modify this record.</div>
+{/if}
 <br>
 </form>
diff --git a/plugins/cerberusweb.crm/templates/crm/opps/ticket/tab.tpl b/plugins/cerberusweb.crm/templates/crm/opps/ticket/tab.tpl
index 12a92932..09b30877 100644
--- a/plugins/cerberusweb.crm/templates/crm/opps/ticket/tab.tpl
+++ b/plugins/cerberusweb.crm/templates/crm/opps/ticket/tab.tpl
@@ -1,6 +1,8 @@
+{if $active_worker->hasPriv('crm.opp.actions.create')}
 <form action="{devblocks_url}{/devblocks_url}" method="post" style="padding-bottom:5px;">
 	<button type="button" onclick="genericAjaxPanel('c=crm&a=showOppPanel&id=0&email={$address->email}&view_id={$view->id}',this,false,'500px',function(o){literal}{{/literal} ajax.cbEmailSinglePeek(); {literal}}{/literal});"><img src="{devblocks_url}c=resource&p=cerberusweb.crm&f=images/money.gif{/devblocks_url}" align="top"> Add Opportunity</button>
-</form>
+</form>
+{/if}
 
 {if !empty($view)}
 <div id="view{$view->id}">
diff --git a/plugins/cerberusweb.crm/templates/crm/opps/view.tpl b/plugins/cerberusweb.crm/templates/crm/opps/view.tpl
index 2c454255..3442fc1f 100644
--- a/plugins/cerberusweb.crm/templates/crm/opps/view.tpl
+++ b/plugins/cerberusweb.crm/templates/crm/opps/view.tpl
@@ -5,10 +5,9 @@
 	<tr>
 		<td nowrap="nowrap" class="tableThBlue">{$view->name} {if $view->id == 'search'}<a href="#{$view->id}_actions" style="color:rgb(255,255,255);font-size:11px;">{$translate->_('views.jump_to_actions')}</a>{/if}</td>
 		<td nowrap="nowrap" class="tableThBlue" align="right">
-			<!-- {if $view->id != 'search'}<span style="font-size:12px"> | </span><a href="{devblocks_url}c=contacts&a=searchview&id={$view->id}{/devblocks_url}" class="tableThLink">{$translate->_('common.search')|lower} list</a>{/if} -->
 			<a href="javascript:;" onclick="genericAjaxGet('customize{$view->id}','c=internal&a=viewCustomize&id={$view->id}');toggleDiv('customize{$view->id}','block');" class="tableThLink">{$translate->_('common.customize')|lower}</a>
-			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>
-			{if $active_worker->is_superuser || $active_worker->can_export}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowExport&id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.export')|lower}</a>{/if}
+			{if $active_worker->hasPriv('core.home.workspaces')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>{/if}
+			{if $active_worker->hasPriv('crm.opp.view.actions.export')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowExport&id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.export')|lower}</a>{/if}
 			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('view{$view->id}','c=internal&a=viewRefresh&id={$view->id}');" class="tableThLink"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/refresh.gif{/devblocks_url}" border="0" align="absmiddle" title="{$translate->_('common.refresh')|lower}" alt="{$translate->_('common.refresh')|lower}"></a>
 		</td>
 	</tr>
@@ -105,7 +104,7 @@
 	{if $total}
 	<tr>
 		<td colspan="2">
-			<button type="button" onclick="genericAjaxPanel('c=crm&a=showOppBulkPanel&view_id={$view->id}&ids=' + Devblocks.getFormEnabledCheckboxValues('viewForm{$view->id}','row_id[]'),this,false,'500px');"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/folder_gear.gif{/devblocks_url}" align="top"> bulk update</button>
+			{if $active_worker->hasPriv('crm.opp.actions.update_all')}<button type="button" onclick="genericAjaxPanel('c=crm&a=showOppBulkPanel&view_id={$view->id}&ids=' + Devblocks.getFormEnabledCheckboxValues('viewForm{$view->id}','row_id[]'),this,false,'500px');"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/folder_gear.gif{/devblocks_url}" align="top"> bulk update</button>{/if}
 		</td>
 	</tr>
 	{/if}
diff --git a/plugins/cerberusweb.feedback/plugin.xml b/plugins/cerberusweb.feedback/plugin.xml
index 12e034f2..9f530960 100644
--- a/plugins/cerberusweb.feedback/plugin.xml
+++ b/plugins/cerberusweb.feedback/plugin.xml
@@ -13,6 +13,8 @@
 	
 	<acl>
 		<priv id="feedback.actions.create" label="acl.feedback.actions.create" />
+		<priv id="feedback.actions.update_all" label="acl.feedback.actions.update_all" />
+		<priv id="feedback.actions.delete_all" label="acl.feedback.actions.delete_all" />
 		<priv id="feedback.view.actions.export" label="acl.feedback.view.actions.export" />
 	</acl>
 	
@@ -55,7 +57,7 @@
 			</class>
 			<params>
 				<param key="uri" value="feedback" />
-				<param key="title" value="feedback.activity.tab" />
+				<param key="title" value="feedback.activity.tab" />
 			</params>
 		</extension>
 
diff --git a/plugins/cerberusweb.feedback/strings.xml b/plugins/cerberusweb.feedback/strings.xml
index 26218504..902d65f4 100644
--- a/plugins/cerberusweb.feedback/strings.xml
+++ b/plugins/cerberusweb.feedback/strings.xml
@@ -16,8 +16,14 @@
 		<tu tuid='acl.feedback.actions.create'>
 			<tuv xml:lang="en_US"><seg>[Feedback] Can create feedback entries</seg></tuv>
 		</tu>
+		<tu tuid='acl.feedback.actions.delete_all'>
+			<tuv xml:lang="en_US"><seg>[Feedback] Can delete everyone's feedback entries</seg></tuv>
+		</tu>
+		<tu tuid='acl.feedback.actions.update_all'>
+			<tuv xml:lang="en_US"><seg>[Feedback] Can edit everyone's feedback entries</seg></tuv>
+		</tu>
 		<tu tuid='acl.feedback.view.actions.export'>
-			<tuv xml:lang="en_US"><seg>[Feedback] Can export lists to CSV/XML</seg></tuv>
+			<tuv xml:lang="en_US"><seg>[Feedback] Can export feedback lists to CSV/XML</seg></tuv>
 		</tu>
 		
 		<!-- Feedback Strings -->
@@ -51,7 +57,7 @@
 			<tuv xml:lang="en_US"><seg>Link</seg></tuv>
 		</tu>
 		<tu tuid='feedback_entry.worker_id'>
-			<tuv xml:lang="en_US"><seg>Worker</seg></tuv>
+			<tuv xml:lang="en_US"><seg>Created By</seg></tuv>
 		</tu>
 
 	</body>
diff --git a/plugins/cerberusweb.feedback/templates/feedback/ajax/feedback_entry_panel.tpl b/plugins/cerberusweb.feedback/templates/feedback/ajax/feedback_entry_panel.tpl
index f2bbabd5..ab619004 100644
--- a/plugins/cerberusweb.feedback/templates/feedback/ajax/feedback_entry_panel.tpl
+++ b/plugins/cerberusweb.feedback/templates/feedback/ajax/feedback_entry_panel.tpl
@@ -39,7 +39,7 @@
 <button type="button" onclick="genericPanel.hide();"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/delete.gif{/devblocks_url}" align="top"> {$translate->_('common.cancel')|capitalize}</button>
 {else}
 <button type="button" onclick="genericAjaxPost('frmFeedbackEntry','','c=feedback&a=saveEntry');genericPanel.hide();"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/check.gif{/devblocks_url}" align="top"> {$translate->_('common.save_changes')|capitalize}</button>
-{if $active_worker->is_superuser || $active_worker->id == $model->worker_id}<button type="button" onclick="if(confirm('Permanently delete this feedback?')){literal}{{/literal}this.form.do_delete.value='1';genericAjaxPost('frmFeedbackEntry','','c=feedback&a=saveEntry');genericPanel.hide();{literal}}{/literal}"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/document_delete.gif{/devblocks_url}" align="top"> {$translate->_('common.delete')|capitalize}</button>{/if}
+{if $active_worker->id == $model->worker_id || $active_worker->hasPriv('feedback.actions.delete_all')}<button type="button" onclick="if(confirm('Permanently delete this feedback?')){literal}{{/literal}this.form.do_delete.value='1';genericAjaxPost('frmFeedbackEntry','','c=feedback&a=saveEntry');genericPanel.hide();{literal}}{/literal}"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/document_delete.gif{/devblocks_url}" align="top"> {$translate->_('common.delete')|capitalize}</button>{/if}
 <button type="button" onclick="genericPanel.hide();"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/delete.gif{/devblocks_url}" align="top"> {$translate->_('common.cancel')|capitalize}</button>
 {/if}
 </form>
\ No newline at end of file
diff --git a/plugins/cerberusweb.feedback/templates/feedback/view.tpl b/plugins/cerberusweb.feedback/templates/feedback/view.tpl
index 57fb042c..7fc19528 100644
--- a/plugins/cerberusweb.feedback/templates/feedback/view.tpl
+++ b/plugins/cerberusweb.feedback/templates/feedback/view.tpl
@@ -6,7 +6,7 @@
 		<td nowrap="nowrap" class="tableThBlue">{$view->name} {if $view->id == 'search'}<a href="#{$view->id}_actions" style="color:rgb(255,255,255);font-size:11px;">{$translate->_('views.jump_to_actions')}</a>{/if}</td>
 		<td nowrap="nowrap" class="tableThBlue" align="right">
 			<a href="javascript:;" onclick="genericAjaxGet('customize{$view->id}','c=internal&a=viewCustomize&id={$view->id}');toggleDiv('customize{$view->id}','block');" class="tableThLink">{$translate->_('common.customize')|lower}</a>
-			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>
+			{if $active_worker->hasPriv('core.home.workspaces')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>{/if}
 			{if $active_worker->hasPriv('feedback.view.actions.export')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowExport&id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.export')|lower}</a>{/if}
 			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('view{$view->id}','c=internal&a=viewRefresh&id={$view->id}');" class="tableThLink"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/refresh.gif{/devblocks_url}" border="0" align="absmiddle" title="{$translate->_('common.refresh')|lower}" alt="{$translate->_('common.refresh')|lower}"></a>			
 		</td>
@@ -98,7 +98,7 @@
 				<div id="subject_{$result.f_id}_{$view->id}" style="margin:5px;margin-left:10px;font-size:12px;">
 					<img src="{devblocks_url}c=resource&p=cerberusweb.feedback&f=images/{if 1==$mood}bullet_ball_glass_green.png{elseif 2==$mood}bullet_ball_glass_red.png{else}bullet_ball_glass_grey.png{/if}{/devblocks_url}" align="top" title="{if 1==$mood}Praise{elseif 2==$mood}Criticism{else}Neutral{/if}"> 
 					{$result.f_quote_text} 
-					<a href="javascript:;" style="color:rgb(180,180,180);font-size:90%;" onclick="genericAjaxPanel('c=feedback&a=showEntry&id={$result.f_id}&view_id={$view->id}',this,false,'500px',function(o){literal}{{/literal} genericAjaxPostAfterSubmitEvent.subscribe(function(type,args){literal}{{/literal}genericAjaxGet('view{$view->id}','c=internal&a=viewRefresh&id={$view->id}');{literal}}{/literal}); {literal}}{/literal} );">(edit)</a>
+					{if ($active_worker->hasPriv('feedback.actions.create') && $result.f_worker_id==$active_worker->id) || $active_worker->hasPriv('feedback.actions.update_all')}<a href="javascript:;" style="color:rgb(180,180,180);font-size:90%;" onclick="genericAjaxPanel('c=feedback&a=showEntry&id={$result.f_id}&view_id={$view->id}',this,false,'500px',function(o){literal}{{/literal} genericAjaxPostAfterSubmitEvent.subscribe(function(type,args){literal}{{/literal}genericAjaxGet('view{$view->id}','c=internal&a=viewRefresh&id={$view->id}');{literal}}{/literal}); {literal}}{/literal} );">(edit)</a>{/if}
 				</div>
 			</td>
 		</tr>
@@ -110,7 +110,7 @@
 	{if $total}
 	<tr>
 		<td colspan="2">
-			<button type="button" onclick="genericAjaxPanel('c=feedback&a=showBulkPanel&view_id={$view->id}&ids=' + Devblocks.getFormEnabledCheckboxValues('viewForm{$view->id}','row_id[]'),this,false,'500px');"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/folder_gear.gif{/devblocks_url}" align="top"> bulk update</button>
+			{if $active_worker->hasPriv('feedback.actions.update_all')}<button type="button" onclick="genericAjaxPanel('c=feedback&a=showBulkPanel&view_id={$view->id}&ids=' + Devblocks.getFormEnabledCheckboxValues('viewForm{$view->id}','row_id[]'),this,false,'500px');"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/folder_gear.gif{/devblocks_url}" align="top"> bulk update</button>{/if}
 		</td>
 	</tr>
 	{/if}
diff --git a/plugins/cerberusweb.forums/templates/forums/forums_view.tpl b/plugins/cerberusweb.forums/templates/forums/forums_view.tpl
index e8c03aeb..d4cc65d1 100644
--- a/plugins/cerberusweb.forums/templates/forums/forums_view.tpl
+++ b/plugins/cerberusweb.forums/templates/forums/forums_view.tpl
@@ -5,9 +5,8 @@
 	<tr>
 		<td nowrap="nowrap" class="tableThBlue">{$view->name}</td>
 		<td nowrap="nowrap" class="tableThBlue" align="right">
-			<!-- {if $view->id != 'search'}<span style="font-size:12px"> | </span><a href="{devblocks_url}c=internal&a=searchview&id={$view->id}{/devblocks_url}" class="tableThLink">{$translate->_('common.search')|lower} list</a>{/if} -->
 			<a href="javascript:;" onclick="genericAjaxGet('customize{$view->id}','c=internal&a=viewCustomize&id={$view->id}');toggleDiv('customize{$view->id}','block');" class="tableThLink">{$translate->_('common.customize')|lower}</a>
-			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>
+			{if $active_worker->hasPriv('core.home.workspaces')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>{/if}
 			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('view{$view->id}','c=internal&a=viewRefresh&id={$view->id}');" class="tableThLink"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/refresh.gif{/devblocks_url}" border="0" align="absmiddle" title="{$translate->_('common.refresh')|lower}" alt="{$translate->_('common.refresh')|lower}"></a>
 		</td>
 	</tr>
diff --git a/plugins/cerberusweb.reports/plugin.xml b/plugins/cerberusweb.reports/plugin.xml
index f5afd37c..802e5120 100644
--- a/plugins/cerberusweb.reports/plugin.xml
+++ b/plugins/cerberusweb.reports/plugin.xml
@@ -13,7 +13,9 @@
 
 	<acl>	
 		<!-- Reports -->
+		<!--
 		<priv id="reports" label="acl.reports" />
+		-->
 	</acl>
 	
 	<extensions>
@@ -43,7 +45,6 @@
 		<params>
 			<param key="uri" value="reports" />
 			<param key="menutitle" value="Reports" />
-			<param key="acl" value="reports" />
 		</params>
 	</extension>
 	
diff --git a/plugins/cerberusweb.reports/strings.xml b/plugins/cerberusweb.reports/strings.xml
index ff4740cf..53e93f5b 100644
--- a/plugins/cerberusweb.reports/strings.xml
+++ b/plugins/cerberusweb.reports/strings.xml
@@ -13,9 +13,11 @@
 		
 		<!-- ACL -->
 		
+		<!-- 
 		<tu tuid='acl.reports'>
 			<tuv xml:lang="en_US"><seg>[Reports] Can view the reports page</seg></tuv>
 		</tu>
+		-->
 		
 		<!-- Reports Common -->
 		
diff --git a/plugins/cerberusweb.timetracking/api/App.php b/plugins/cerberusweb.timetracking/api/App.php
index e49dc537..bf403433 100644
--- a/plugins/cerberusweb.timetracking/api/App.php
+++ b/plugins/cerberusweb.timetracking/api/App.php
@@ -846,56 +846,6 @@ class Model_TimeTrackingActivity {
 	public $rate;
 };
 
-//class ChTimeTrackingTab extends Extension_TicketTab {
-//	function showTab() {
-//		@$ticket_id = DevblocksPlatform::importGPC($_REQUEST['ticket_id'],'integer',0);
-//		
-//		$tpl = DevblocksPlatform::getTemplateService();
-//		$tpl_path = realpath(dirname(__FILE__).'/../templates') . DIRECTORY_SEPARATOR;
-//		$tpl->assign('path', $tpl_path);
-//		$tpl->cache_lifetime = "0";
-//
-////		$ticket = DAO_Ticket::getTicket($ticket_id);
-//		$tpl->assign('ticket_id', $ticket_id);
-//		
-////		if(null == ($view = C4_AbstractViewLoader::getView('', 'ticket_opps'))) {
-////			$view = new C4_CrmOpportunityView();
-////			$view->id = 'ticket_opps';
-////		}
-////
-////		if(!empty($address->contact_org_id)) { // org
-////			@$org = DAO_ContactOrg::get($address->contact_org_id);
-////			
-////			$view->name = "Org: " . $org->name;
-////			$view->params = array(
-////				SearchFields_CrmOpportunity::ORG_ID => new DevblocksSearchCriteria(SearchFields_CrmOpportunity::ORG_ID,'=',$org->id) 
-////			);
-////		}
-////		
-////		C4_AbstractViewLoader::setView($view->id, $view);
-////		
-////		$tpl->assign('view', $view);
-//		
-//		$tpl->display('file:' . $tpl_path . 'timetracking/ticket_tab/index.tpl');
-//	}
-//	
-//	function saveTab() {
-//		@$ticket_id = DevblocksPlatform::importGPC($_REQUEST['ticket_id'],'integer',0);
-//		
-//		$ticket = DAO_Ticket::getTicket($ticket_id);
-//		
-//		if(isset($_SESSION['timetracking'])) {
-//			@$time = intval($_SESSION['timetracking']);
-////			echo "Ran for ", (time()-$time) , "secs <BR>";
-//			unset($_SESSION['timetracking']);
-//		} else {
-//			$_SESSION['timetracking'] = time();
-//		}
-//		
-//		DevblocksPlatform::redirect(new DevblocksHttpResponse(array('display',$ticket->mask,'timetracking')));
-//	}
-//};
-
 class ChTimeTrackingEventListener extends DevblocksEventListenerExtension {
     function __construct($manifest) {
         parent::__construct($manifest);
@@ -1175,10 +1125,10 @@ function saveEntryAction() {
 		// Delete entries
 		if(!empty($id) && !empty($do_delete)) {
 			if(null != ($entry = DAO_TimeTrackingEntry::get($id))) {
-				// Only superusers and owners can delete entries
-				if($active_worker->is_superuser || $active_worker->id == $entry->worker_id) {
-					DAO_TimeTrackingEntry::delete($id);
-				}
+				// Check privs
+				if(($active_worker->hasPriv('timetracking.actions.create') && $active_worker->id==$entry->worker_id)
+					|| $active_worker->hasPriv('timetracking.actions.update_all'))
+						DAO_TimeTrackingEntry::delete($id);
 			}
 			
 			return;
diff --git a/plugins/cerberusweb.timetracking/plugin.xml b/plugins/cerberusweb.timetracking/plugin.xml
index 44c3afaf..2a05b637 100644
--- a/plugins/cerberusweb.timetracking/plugin.xml
+++ b/plugins/cerberusweb.timetracking/plugin.xml
@@ -11,6 +11,12 @@
 		<name>ChTimeTrackingPlugin</name>
 	</class>
 	
+	<acl>
+		<priv id="timetracking.actions.create" label="acl.timetracking.actions.create" />
+		<priv id="timetracking.actions.update_all" label="acl.timetracking.actions.update_all" />
+		<priv id="timetracking.view.actions.export" label="acl.timetracking.view.actions.export" />
+	</acl>
+	
 	<extensions>
 	
 		<!-- Patch Containers -->
diff --git a/plugins/cerberusweb.timetracking/strings.xml b/plugins/cerberusweb.timetracking/strings.xml
index 86f68584..37f2318e 100644
--- a/plugins/cerberusweb.timetracking/strings.xml
+++ b/plugins/cerberusweb.timetracking/strings.xml
@@ -13,6 +13,18 @@
 		<tu tuid='timetracking.ui.button.track'>
 			<tuv xml:lang="en_US"><seg>Track Time</seg></tuv>
 		</tu>
+		
+		<!-- ACL -->
+		
+		<tu tuid='acl.timetracking.actions.create'>
+			<tuv xml:lang="en_US"><seg>[Time Tracking] Can track time</seg></tuv>
+		</tu>
+		<tu tuid='acl.timetracking.actions.update_all'>
+			<tuv xml:lang="en_US"><seg>[Time Tracking] Can manage everyone's time slips</seg></tuv>
+		</tu>
+		<tu tuid='acl.timetracking.view.actions.export'>
+			<tuv xml:lang="en_US"><seg>[Time Tracking] Can export time tracking lists to CSV/XML</seg></tuv>
+		</tu>
 		
 		<!-- Common  -->
 
diff --git a/plugins/cerberusweb.timetracking/templates/timetracking/renderers/logmail_toolbar_timer.tpl b/plugins/cerberusweb.timetracking/templates/timetracking/renderers/logmail_toolbar_timer.tpl
index ad927fa5..e9dbae1d 100644
--- a/plugins/cerberusweb.timetracking/templates/timetracking/renderers/logmail_toolbar_timer.tpl
+++ b/plugins/cerberusweb.timetracking/templates/timetracking/renderers/logmail_toolbar_timer.tpl
@@ -1 +1,3 @@
-<button type="button" onclick="timeTrackingTimer.play('timetracking.source.ticket','{$message->ticket_id}');"><img src="{devblocks_url}c=resource&p=cerberusweb.timetracking&f=images/16x16/stopwatch.png{/devblocks_url}" align="top"> {$translate->_('timetracking.ui.button.track')|capitalize}</button>
\ No newline at end of file
+{if $active_worker->hasPriv('timetracking.actions.create')}
+<button type="button" onclick="timeTrackingTimer.play('timetracking.source.ticket','{$message->ticket_id}');"><img src="{devblocks_url}c=resource&p=cerberusweb.timetracking&f=images/16x16/stopwatch.png{/devblocks_url}" align="top"> {$translate->_('timetracking.ui.button.track')|capitalize}</button>
+{/if}
\ No newline at end of file
diff --git a/plugins/cerberusweb.timetracking/templates/timetracking/renderers/reply_toolbar_timer.tpl b/plugins/cerberusweb.timetracking/templates/timetracking/renderers/reply_toolbar_timer.tpl
index ad927fa5..e9dbae1d 100644
--- a/plugins/cerberusweb.timetracking/templates/timetracking/renderers/reply_toolbar_timer.tpl
+++ b/plugins/cerberusweb.timetracking/templates/timetracking/renderers/reply_toolbar_timer.tpl
@@ -1 +1,3 @@
-<button type="button" onclick="timeTrackingTimer.play('timetracking.source.ticket','{$message->ticket_id}');"><img src="{devblocks_url}c=resource&p=cerberusweb.timetracking&f=images/16x16/stopwatch.png{/devblocks_url}" align="top"> {$translate->_('timetracking.ui.button.track')|capitalize}</button>
\ No newline at end of file
+{if $active_worker->hasPriv('timetracking.actions.create')}
+<button type="button" onclick="timeTrackingTimer.play('timetracking.source.ticket','{$message->ticket_id}');"><img src="{devblocks_url}c=resource&p=cerberusweb.timetracking&f=images/16x16/stopwatch.png{/devblocks_url}" align="top"> {$translate->_('timetracking.ui.button.track')|capitalize}</button>
+{/if}
\ No newline at end of file
diff --git a/plugins/cerberusweb.timetracking/templates/timetracking/renderers/sendmail_toolbar_timer.tpl b/plugins/cerberusweb.timetracking/templates/timetracking/renderers/sendmail_toolbar_timer.tpl
index ad927fa5..e9dbae1d 100644
--- a/plugins/cerberusweb.timetracking/templates/timetracking/renderers/sendmail_toolbar_timer.tpl
+++ b/plugins/cerberusweb.timetracking/templates/timetracking/renderers/sendmail_toolbar_timer.tpl
@@ -1 +1,3 @@
-<button type="button" onclick="timeTrackingTimer.play('timetracking.source.ticket','{$message->ticket_id}');"><img src="{devblocks_url}c=resource&p=cerberusweb.timetracking&f=images/16x16/stopwatch.png{/devblocks_url}" align="top"> {$translate->_('timetracking.ui.button.track')|capitalize}</button>
\ No newline at end of file
+{if $active_worker->hasPriv('timetracking.actions.create')}
+<button type="button" onclick="timeTrackingTimer.play('timetracking.source.ticket','{$message->ticket_id}');"><img src="{devblocks_url}c=resource&p=cerberusweb.timetracking&f=images/16x16/stopwatch.png{/devblocks_url}" align="top"> {$translate->_('timetracking.ui.button.track')|capitalize}</button>
+{/if}
\ No newline at end of file
diff --git a/plugins/cerberusweb.timetracking/templates/timetracking/renderers/ticket_toolbar_timer.tpl b/plugins/cerberusweb.timetracking/templates/timetracking/renderers/ticket_toolbar_timer.tpl
index f0f3c80a..fd59106c 100644
--- a/plugins/cerberusweb.timetracking/templates/timetracking/renderers/ticket_toolbar_timer.tpl
+++ b/plugins/cerberusweb.timetracking/templates/timetracking/renderers/ticket_toolbar_timer.tpl
@@ -1 +1,3 @@
-<button type="button" onclick="timeTrackingTimer.play('timetracking.source.ticket','{$ticket->id}');"><img src="{devblocks_url}c=resource&p=cerberusweb.timetracking&f=images/16x16/stopwatch.png{/devblocks_url}" align="top"> {$translate->_('timetracking.ui.button.track')|capitalize}</button>
\ No newline at end of file
+{if $active_worker->hasPriv('timetracking.actions.create')}
+<button type="button" onclick="timeTrackingTimer.play('timetracking.source.ticket','{$ticket->id}');"><img src="{devblocks_url}c=resource&p=cerberusweb.timetracking&f=images/16x16/stopwatch.png{/devblocks_url}" align="top"> {$translate->_('timetracking.ui.button.track')|capitalize}</button>
+{/if}
\ No newline at end of file
diff --git a/plugins/cerberusweb.timetracking/templates/timetracking/rpc/time_entry_panel.tpl b/plugins/cerberusweb.timetracking/templates/timetracking/rpc/time_entry_panel.tpl
index 02f19cae..f5903cae 100644
--- a/plugins/cerberusweb.timetracking/templates/timetracking/rpc/time_entry_panel.tpl
+++ b/plugins/cerberusweb.timetracking/templates/timetracking/rpc/time_entry_panel.tpl
@@ -61,14 +61,20 @@
 {/if}
 
 </div>
-
-{if empty($model->id)}
-<button type="button" onclick="genericAjaxPost('frmTimeEntry','','c=timetracking&a=saveEntry',{literal}function(o){timeTrackingTimer.finish();}{/literal});"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/check.gif{/devblocks_url}" align="top"> {$translate->_('timetracking.ui.entry_panel.save_finish')}</button>
-<button type="button" onclick="timeTrackingTimer.play();genericPanel.hide();"><img src="{devblocks_url}c=resource&p=cerberusweb.timetracking&f=images/16x16/media_play_green.png{/devblocks_url}" align="top"> {$translate->_('timetracking.ui.entry_panel.resume')}</button>
-<button type="button" onclick="timeTrackingTimer.finish();"><img src="{devblocks_url}c=resource&p=cerberusweb.timetracking&f=images/16x16/media_stop_red.png{/devblocks_url}" align="top"> {$translate->_('common.cancel')|capitalize}</button>
-{else}
-<button type="button" onclick="genericAjaxPost('frmTimeEntry','','c=timetracking&a=saveEntry');genericPanel.hide();"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/check.gif{/devblocks_url}" align="top"> {$translate->_('common.save_changes')|capitalize}</button>
-{if $active_worker->is_superuser || $active_worker->id == $model->worker_id}<button type="button" onclick="if(confirm('Permanently delete this time tracking entry?')){literal}{{/literal}this.form.do_delete.value='1';genericAjaxPost('frmTimeEntry','','c=timetracking&a=saveEntry');genericPanel.hide();{literal}}{/literal}"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/document_delete.gif{/devblocks_url}" align="top"> {$translate->_('common.delete')|capitalize}</button>{/if}
-<button type="button" onclick="genericPanel.hide();"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/delete.gif{/devblocks_url}" align="top"> {$translate->_('common.cancel')|capitalize}</button>
+
+{if ($active_worker->hasPriv('timetracking.actions.create') && (empty($model->id) || $active_worker->id==$model->worker_id))
+	|| $active_worker->hasPriv('timetracking.actions.update_all')
+	}
+	{if empty($model->id)}
+		<button type="button" onclick="genericAjaxPost('frmTimeEntry','','c=timetracking&a=saveEntry',{literal}function(o){timeTrackingTimer.finish();}{/literal});"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/check.gif{/devblocks_url}" align="top"> {$translate->_('timetracking.ui.entry_panel.save_finish')}</button>
+		<button type="button" onclick="timeTrackingTimer.play();genericPanel.hide();"><img src="{devblocks_url}c=resource&p=cerberusweb.timetracking&f=images/16x16/media_play_green.png{/devblocks_url}" align="top"> {$translate->_('timetracking.ui.entry_panel.resume')}</button>
+		<button type="button" onclick="timeTrackingTimer.finish();"><img src="{devblocks_url}c=resource&p=cerberusweb.timetracking&f=images/16x16/media_stop_red.png{/devblocks_url}" align="top"> {$translate->_('common.cancel')|capitalize}</button>
+	{else}
+		<button type="button" onclick="genericAjaxPost('frmTimeEntry','','c=timetracking&a=saveEntry');genericPanel.hide();"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/check.gif{/devblocks_url}" align="top"> {$translate->_('common.save_changes')|capitalize}</button>
+		<button type="button" onclick="if(confirm('Permanently delete this time tracking entry?')){literal}{{/literal}this.form.do_delete.value='1';genericAjaxPost('frmTimeEntry','','c=timetracking&a=saveEntry');genericPanel.hide();{literal}}{/literal}"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/document_delete.gif{/devblocks_url}" align="top"> {$translate->_('common.delete')|capitalize}</button>
+		<button type="button" onclick="genericPanel.hide();"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/delete.gif{/devblocks_url}" align="top"> {$translate->_('common.cancel')|capitalize}</button>
+	{/if}
+{else}
+	<div class="error">You do not have permission to modify this record.</div>
 {/if}
 </form>
\ No newline at end of file
diff --git a/plugins/cerberusweb.timetracking/templates/timetracking/ticket_tab/index.tpl b/plugins/cerberusweb.timetracking/templates/timetracking/ticket_tab/index.tpl
deleted file mode 100644
index 85c371a7..00000000
--- a/plugins/cerberusweb.timetracking/templates/timetracking/ticket_tab/index.tpl
+++ /dev/null
@@ -1,9 +0,0 @@
-<form action="{devblocks_url}{/devblocks_url}" method="post">
-<input type="hidden" name="c" value="display">
-<input type="hidden" name="a" value="saveTab">
-<input type="hidden" name="ext_id" value="timetracking.tab.ticket">
-<input type="hidden" name="ticket_id" value="{$ticket_id}">
-
-
-
-</form>
diff --git a/plugins/cerberusweb.timetracking/templates/timetracking/time/view.tpl b/plugins/cerberusweb.timetracking/templates/timetracking/time/view.tpl
index 414337c9..7890a48e 100644
--- a/plugins/cerberusweb.timetracking/templates/timetracking/time/view.tpl
+++ b/plugins/cerberusweb.timetracking/templates/timetracking/time/view.tpl
@@ -6,9 +6,8 @@
 		<td nowrap="nowrap" class="tableThBlue">{$view->name} {if $view->id == 'search'}<a href="#{$view->id}_actions" style="color:rgb(255,255,255);font-size:11px;">{$translate->_('views.jump_to_actions')}</a>{/if}</td>
 		<td nowrap="nowrap" class="tableThBlue" align="right">
 			<a href="javascript:;" onclick="genericAjaxGet('customize{$view->id}','c=internal&a=viewCustomize&id={$view->id}');toggleDiv('customize{$view->id}','block');" class="tableThLink">{$translate->_('common.customize')|lower}</a>
-			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>
-			{* {if $view->id != 'search'}<span style="font-size:12px"> | </span><a href="{devblocks_url}c=internal&a=searchview&id={$view->id}{/devblocks_url}" class="tableThLink">{$translate->_('common.search')|lower} list</a>{/if} *}
-			{if $active_worker->is_superuser || $active_worker->can_export}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowExport&id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.export')|lower}</a>{/if}
+			{if $active_worker->hasPriv('core.home.workspaces')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowCopy&view_id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.copy')|lower}</a>{/if}
+			{if $active_worker->hasPriv('timetracking.view.actions.export')}<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('{$view->id}_tips','c=internal&a=viewShowExport&id={$view->id}');toggleDiv('{$view->id}_tips','block');" class="tableThLink">{$translate->_('common.export')|lower}</a>{/if}
 			<span style="font-size:12px"> | </span><a href="javascript:;" onclick="genericAjaxGet('view{$view->id}','c=internal&a=viewRefresh&id={$view->id}');" class="tableThLink"><img src="{devblocks_url}c=resource&p=cerberusweb.core&f=images/refresh.gif{/devblocks_url}" border="0" align="absmiddle" title="{$translate->_('common.refresh')|lower}" alt="{$translate->_('common.refresh')|lower}"></a>
 		</td>
 	</tr>