* slapos member user are not allowed anymore to create compute node
* no need to create a dedicated local_roles from compute node source_administration
  Only slapos manager will handle compute nodes
* duplicate test_default_scenario to happily break it
* drop friend/personal in new scenario test
* all members can allocation on all compute nodes
* give user security group based on function (to access some module) and project/function (to access documents)
* only a project computer manager can create compute nodes
* only project computer manager is assignor on compute node
* need a project assignment to create a compute node
* drop group security on Instance Tree
* drop group security from Software Instance
* project member only need Auditor role on it
* add customer project assignment
* remove source_administration interaction workflow on Compute Node and add follow_up instead
* Software Installation: move interaction workflow from destination_section to follow_up
* give role on Software Installation to Project Compute Node Manager
* shadow user do not need access to Compute Node anymore
* only project comp manager can create SOftware Installation
* project customer can create software instance
* project customer can create instance tree
* project people can only view the project module
* also check PAS plugins which are not supposed to be activated
* drop PAS shadow user plugins
* drop shadow access from compute node module
* drop shadow from compute node module
* drop shadow role from computer module
* drop shadow role from person* portal types
* drop shadow role on project module
* Revert "slapos_erp5: drop PAS shadow user plugins"
  Needed for accounting
* Revert "slapos_erp5: drop shadow role from person* portal types"
* drop Modification permissions if document uses an automated ledger
* source_administration is not used anymore on Compute Node
* drop transfer from another Project
* drop allocation_scope/open categories
* drop Item_getSecurityCategoryFromMovementDestinationSection
* drop Item_getSecurityCategoryFromMovementDestinationSection
* drop Item_getSecurityCategoryFromMovementDestinationProject
* drop Item_getSecurityCategoryFromMovementDestination
* drop SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestinationProject
* drop ERP5Type_getSecurityCategoryFromAssignmentDestinationClientOrganisation
* switch event/ticket roles to virtual master security
* drop Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection
* drop Event_getSecurityCategoryFromMovementFollowUpAggregateDestination
* delete Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject
* drop Item_getSecurityCategoryFromMovementAggregateDestinationProject
* drop Item_getSecurityCategoryFromMovementAggregateDestinationSection
* drop Item_getSecurityCategoryFromMovementAggregateDestination
* drop Item_getSecurityCategoryFromMovementAggregateComputeNodeDestinationSection
* drop SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestination
* drop Item_getSecurityCategoryFromMovementLineAggregateDestinationProject
* drop Item_getSecurityCategoryFromMovementLineAggregateDestination
* drop Item_getSecurityCategoryFromMovementLineAggregateComputeNodeDestinationSection
* provide access to Compute Node Manager on Upgrade Decision
* delivery/movement must use source_project instead of follow_up
* delivery/movement must use source_project instead of follow_up
* drop query module security
* drop Compute Partition roles
  It must be visible by all project members
* instance of the project can access compute nodes
* do not make Credit Card readable
* drop data set security
* only accountant can create/update Account
* add function local_role_group
* use function local_role_group on Account
* use function local_role_group on account
* only accountant can read/write accounting transactions.
  Ledger is used as write condition
* accounting period are only readable/writable by accountant
* accounting period are only readable/writable by accountant
* provide access on compute node to project customer/production
* give read access to project production
* provide access to production on software installation
* switch admin to production manager in tests
* no need for group/role in assignment. Use parent function too
* provide access to function/production on Instance Tree
* provide access to instance for function/production users
* provide access to function/production* on support request
* provide access to function/production on event module
* provide access to regularisation request to function/production
* drop roles for DMS portal types
  It does not seem used.
* provide read/write access to function/production to Computer Network
* provide access to function/is to System Event
* provide access to function/is on Assignment
* provide access to person module
* provide read only access to project/customer on software product
* provide readonly access to project/customer on software release
* test set server allocation_scope to open
* provide readonly access for project/customer on accounting module
* provide readonly access for project/customer on compute node module
* use source/destination_project on event/ticket/delivery
* security for Subscription Request
* production agent/manager can not create Software Instance
*  drop slap_add_compute_node page
* drop slap_project_list page
* drop  drop slap_transfer_compute_node (and project_view)
* drop slap_compute_node_view page